Upstream commit [1] changed logic of handling errors of DISPLAY variable and introduced undefined behaviour. When client requests X11 forwarding and does not have DISPLAY variable set, getenv returns NULL (ssh.c:1707), the program gets into client_x11_get_proto() function, where the variable is passed directly to logit function as it is (clientloop.c:321). This case is handled by current GCC and therefore not causing segfault but writing DISPLAY "(null)" invalid; disabling X11 forwarding It is not correct and should be fixed. Preferably by not going into this branch in ssh.c:1710, because there is already one check for NULL in previous condition. Originally reported as rhbz#1303260 [2]. [1] https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c [2] https://bugzilla.redhat.com/show_bug.cgi?id=1303260
Already fixed in commit 5658ef2501e785fbbdf5de2dc33b1ff7a4dca73a Author: millert@openbsd.org <millert@openbsd.org> Date: Mon Feb 1 21:18:17 2016 +0000 upstream commit Avoid ugly "DISPLAY "(null)" invalid; disabling X11 forwarding" message when DISPLAY is not set. This could also result in a crash on systems with a printf that doesn't handle NULL. OK djm@ Upstream-ID: 20ee0cfbda678a247264c20ed75362042b90b412
Close all resolved bugs after 7.3p1 release