Bug 2500 - ConnectionAttempts=0 causes ssh to output uninitialised data on stdout
Summary: ConnectionAttempts=0 causes ssh to output uninitialised data on stdout
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 7.1p1
Hardware: amd64 Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_2
  Show dependency treegraph
 
Reported: 2015-11-19 14:34 AEDT by D. V. Wiebe
Modified: 2018-04-06 12:26 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description D. V. Wiebe 2015-11-19 14:34:26 AEDT 
Using ssh with ConnectionAttempts set to zero results in the contents of uninitialised memory being sent to stdout.  For example:

$ ssh -o ConnectionAttempts=0 somehost
ssh: connect to host somehost port \200\335q\002\374\177: Success

Cause:

When ssh_connect_direct() is passed connection_attempts=0, the strport[] buffer is never initialised, since the whole attempt loop is skipped.  Its contents are later output in the error message after the skipped loop (sshconnect.c:485).
Comment 1 Damien Miller 2015-11-19 19:26:14 AEDT 
Fixed in https://anongit.mindrot.org/openssh.git/commit/?id=88b6fcdeb87a2fb76767854d9eb15006662dca57 - thanks. This will be released in OpenSSH 7.2
Comment 2 Damien Miller 2018-04-06 12:26:43 AEST 
Close all resolved bugs after release of OpenSSH 7.7.