Test Failure OpenSSH 7.1 P2 on HPE NSE for integrity

Darren Tucker dtucker at zip.com.au
Fri Feb 12 11:12:05 AEDT 2016


On Fri, Feb 12, 2016 at 9:25 AM, Randall S. Becker
<rsbecker at nexbridge.com> wrote:
> On February 10, 2016 10:23 AM, I wrote:
>> On February 9, 2016 9:30 PM, Darren Tucker wrote:
>> [...]
>> > This one looks odd.  The ssh session itself looks OK: it authenticates
>> > then sends a printf shell command (basically, just a way of
>> > guaranteeing a minimum amount of output being sent back:
>> >
>> > > debug1: Sending command: printf "%4096s" " "
>> >
>> > The session then closes OK but ssh exists with a -1 error code, which
>> > gets propagated back up the stack as a failure.
>> >
>> > > debug1: Exit status -1
>
> I put in a couple of debug statements in clientloop.c where exit_status is
> set. It looks like the initialization of exit_status = -1 is the only point
> where the value is modified.

Looking closer at the sshd log:

debug1: client_input_channel_req: channel 0 rtype exit-signal reply 0

The code for this is in session_exit_message() and looks like:

        if (WIFEXITED(status)) {
                channel_request_start(s->chanid, "exit-status", 0);
                packet_put_int(WEXITSTATUS(status));
                packet_send();
        } else if (WIFSIGNALED(status)) {
                channel_request_start(s->chanid, "exit-signal", 0);

so your printf is probably dying with a signal rather than exiting.
Which signal?  dunno, but my guess would be SIGPIPE.  Try adding
something like this to the top of session_exit_message():

        debug3("%s: status: %d", __func__, status);

> I'm trying to figure out how the while can exit
> without exit_status being modified. Can you shed some light on that?

if the server never sends an "exit-status" packet (as opposed to an
"exit-signal" packet, which it does send) then the exit-status code in
client_input_channel_req() will never get called and exit_status will
remain -1 since that's what it's initialized to.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list