Regression in 6.5p1 when using -W option
Corinna Vinschen
vinschen at redhat.com
Thu Feb 20 19:47:31 EST 2014
Hi,
we got a report on the Cygwin mailing list showing that there's a
spurious error message when using the -W option. This didn't occur with
OpenSSH 6.4p1. Here's an example:
$ ssh machine1 -W machine2:22
getsockname failed: Bad file descriptor
SSH-2.0-OpenSSH_6.1
The error message is a result of getsockname being called with a
file descriptor -1. The call stack at the time looks like this:
Breakpoint 2, get_socket_address (sock=-1, remote=remote at entry=0,
flags=flags at entry=2) at /usr/src/debug/openssh-6.5p1-1/canohost.c:256
256 if (getsockname(sock, (struct sockaddr *)&addr, &addrlen)
(gdb) bt
#0 get_socket_address (sock=-1, remote=remote at entry=0, flags=flags at entry=2)
at /usr/src/debug/openssh-6.5p1-1/canohost.c:256
#1 0x0000000100432213 in get_local_ipaddr (sock=<optimized out>)
at /usr/src/debug/openssh-6.5p1-1/canohost.c:292
#2 0x0000000100418db5 in port_open_helper (c=c at entry=0x600074700,
rtype=rtype at entry=0x10045fe0d <log_facilities+301> "direct-tcpip")
at /usr/src/debug/openssh-6.5p1-1/channels.c:1388
#3 0x000000010041dc07 in channel_connect_stdio_fwd (
host_to_connect=0x600039800 "machine2", port_to_connect=22, in=in at entry=4,
out=5) at /usr/src/debug/openssh-6.5p1-1/channels.c:1269
#4 0x0000000100401566 in ssh_init_stdio_forwarding ()
at /usr/src/debug/openssh-6.5p1-1/ssh.c:1260
#5 0x0000000100454171 in ssh_session2 ()
at /usr/src/debug/openssh-6.5p1-1/ssh.c:1606
#6 main (ac=<optimized out>, av=<optimized out>)
at /usr/src/debug/openssh-6.5p1-1/ssh.c:1130
This is not Cygwin specific. To be really sure I tested this on Linux
and the message shows up, too, while it doesn't with 6.4p1. The problem
is still present in current portable CVS.
The reason is that port_open_helper calls get_local_ipaddr on c->socl
unconditionally in port_open_helper without checking the value of
c->sock first.
I didn't generate a patch because I'm not really sure what's the best
way to fix this issue. Hope that helps nevertheless.
Thanks,
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140220/732b080e/attachment-0001.bin>
More information about the openssh-unix-dev
mailing list