Bug 2500

Summary: ConnectionAttempts=0 causes ssh to output uninitialised data on stdout
Product: Portable OpenSSH Reporter: D. V. Wiebe <dvw>
Component: sshAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: djm
Priority: P5    
Version: 7.1p1   
Hardware: amd64   
OS: Linux   
Bug Depends on:    
Bug Blocks: 2451    

Description D. V. Wiebe 2015-11-19 14:34:26 AEDT 
Using ssh with ConnectionAttempts set to zero results in the contents of uninitialised memory being sent to stdout.  For example:

$ ssh -o ConnectionAttempts=0 somehost
ssh: connect to host somehost port \200\335q\002\374\177: Success

Cause:

When ssh_connect_direct() is passed connection_attempts=0, the strport[] buffer is never initialised, since the whole attempt loop is skipped.  Its contents are later output in the error message after the skipped loop (sshconnect.c:485).
Comment 1 Damien Miller 2015-11-19 19:26:14 AEDT 
Fixed in https://anongit.mindrot.org/openssh.git/commit/?id=88b6fcdeb87a2fb76767854d9eb15006662dca57 - thanks. This will be released in OpenSSH 7.2
Comment 2 Damien Miller 2018-04-06 12:26:43 AEST 
Close all resolved bugs after release of OpenSSH 7.7.