openssh unix dev - Feb 2011 - Possible ssh -D bug in 5.8p1 (on Gentoo Linux)

On Fri, Feb 04, 2011 at 12:26:08PM +1100, Damien Miller
wrote:
> OpenSSH 5.8 has just been released. It will be available from the
> mirrors listed at http://www.openssh.com/ shortly.
I seem to have found a bug in 5.8p1.

I work remotely, and use three SSH tunnels, two of the form ssh -L 
port:host:destport -f -N -q -l remoteuser remotehost, and one of the 
form ssh -D port -f -C -q -N -l remoteuser remotehost, the latter a web 
tunnel that I may access any of several web hosts through.  When I 
upgraded to OpenSSH 5.8p1 this morning, the ssh -D tunnel ceased to 
work; it would connect correctly, then stop responding within 30 seconds 
to a minute, and the ssh process would not die on a SIGTERM, requiring a 
SIGKILL.  When I backed out to 5.7p1 and restarted my tunnels again, the 
ssh -D tunnel worked again.  The two ssh -L tunnels continued to work 
normally.




-- 
  Phil Stracchino, CDK#2     DoD#299792458     ICBM: 43.5607, -71.355
  alaric at caerllewys.net   alaric at metrocast.net   phil at co.ordinate.org
         Renaissance Man, Unix ronin, Perl hacker, Free Stater
                 It's not the years, it's the mileage.

On Mon, 7 Feb 2011, Brother Railgun of Reason wrote:
> On Fri, Feb 04, 2011 at 12:26:08PM +1100, Damien Miller wrote:
> > OpenSSH 5.8 has just been released. It will be available from the
> > mirrors listed at http://www.openssh.com/ shortly.
> 
> I seem to have found a bug in 5.8p1.
> 
> I work remotely, and use three SSH tunnels, two of the form ssh -L 
> port:host:destport -f -N -q -l remoteuser remotehost, and one of the 
> form ssh -D port -f -C -q -N -l remoteuser remotehost, the latter a web 
> tunnel that I may access any of several web hosts through.  When I 
> upgraded to OpenSSH 5.8p1 this morning, the ssh -D tunnel ceased to 
> work; it would connect correctly, then stop responding within 30 seconds 
> to a minute, and the ssh process would not die on a SIGTERM, requiring a 
> SIGKILL.  When I backed out to 5.7p1 and restarted my tunnels again, the 
> ssh -D tunnel worked again.  The two ssh -L tunnels continued to work 
> normally.
That's pretty unlikely, because there was no channels or forwarding-
related code changed between 5.7 and 5.8. If you aren't using SELinux,
the substantive diff is literally one line in the key certification code.

-d