openssh bugs - Oct 2006 - [Bug 1246] Protocol version identification errors don't log the sender IP anymore, always UNKNOWN

http://bugzilla.mindrot.org/show_bug.cgi?id=1246

           Summary: Protocol version identification errors don't log the
                    sender IP anymore, always UNKNOWN
           Product: Portable OpenSSH
           Version: 4.4p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: jan.iven at cern.ch


Errors on the initial protocol message do not log the IP of the sender
anymore. I.e. doing
$ echo "GOOD MORNING" >/dev/tcp/somehost.somedomain/22
results in
sshd[28192]: Bad protocol version identification 'GOOD MORNING' from
UNKNOWN

This appears to be due to the fact that sock_in gets closed before
get_remote_ipaddr() has a chance to find out who is at the remote end.
Apparently, this worked somehow at least in openssh-3.6p1, perhaps the
IP caching was different then.

Since the process will exit immediately afterwards anyway, maybe there
is no need to close these two sockets? They don't get closed on other
codepaths with similar functionality (e.g after the "scanned from ..
Don't panic."-piece).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1246





------- Comment #1 from jan.iven at cern.ch  2006-10-24 01:41 -------
Created an attachment (id=1201)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1201&action=view)
minimal patch




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1246





------- Comment #2 from dtucker at zip.com.au  2006-10-24 08:19 -------
(From update of attachment 1201)
While the diff looks reasonable to I can't see this behaviour with
4.4p1 (that area of code was somewhat restructured).

Can you reproduce with 4.4p1?  




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1246


jan.iven at cern.ch changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Version|4.4p1                       |4.3p2
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




------- Comment #3 from jan.iven at cern.ch  2006-10-24 18:42 -------
Appears indeed to have been fixed in 4.4. Sorry for not checking
earlier..
Jan




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.