bugzilla-daemon at bugzilla.mindrot.org
2018-Mar-06 08:24 UTC
[Bug 2837] New: ssh-agent closes listening socket on error in handle_socket_read()
https://bugzilla.mindrot.org/show_bug.cgi?id=2837 Bug ID: 2837 Summary: ssh-agent closes listening socket on error in handle_socket_read() Product: Portable OpenSSH Version: 7.6p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-agent Assignee: unassigned-bugs at mindrot.org Reporter: lukas.kuster at adnovum.ch Created attachment 3132 --> https://bugzilla.mindrot.org/attachment.cgi?id=3132&action=edit patch that removes close_socket() of listening socket. Hi all, The ssh-agent closes the listening socket if handle_socket_read() fails for any reason. This makes the agent process unusable if the getpeereid check fails. Older versions before 7.6p1 used to not close the listening socket. You can reproduce this bug by executing agent-getpeereid.sh test but instead of killing the agent process at the end, execute "ssh-add -l" again with a privileged user. You will notice that the connection will be refused because the listening socket was closed by the agent. On our AIX test server we had a more severe issue because of this bug. The ssh client tries to check if a ssh-agent is present by connecting to it and immediately closing the socket again. On the agent side, this can cause the call to getpeereid() to fail with the errormessage "Connection closed" causing the listening socket to be closed as well, making any future connections to the agent process impossible. Thanks -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:40 UTC
[Bug 2837] ssh-agent closes listening socket on error in handle_socket_read()
https://bugzilla.mindrot.org/show_bug.cgi?id=2837 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |djm at mindrot.org Blocks| |2852 --- Comment #1 from Damien Miller <djm at mindrot.org> --- oops - well spotted. I'll take a look. Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2852 [Bug 2852] Tracking bug for OpenSSH 7.8 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-13 03:45 UTC
[Bug 2837] ssh-agent closes listening socket on error in handle_socket_read()
https://bugzilla.mindrot.org/show_bug.cgi?id=2837 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #2 from Damien Miller <djm at mindrot.org> --- This has been committed on the master and V_7_7 branches. Thanks! commit 260ede2787fe80b18b8d5920455b4fb268519c7d Author: djm at openbsd.org <djm at openbsd.org> Date: Mon Apr 9 23:54:49 2018 +0000 upstream: don't kill ssh-agent's listening socket entriely if we fail to accept a connection; bz#2837, patch from Lukas Kuster OpenBSD-Commit-ID: 52413f5069179bebf30d38f524afe1a2133c738f -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Oct-19 06:17 UTC
[Bug 2837] ssh-agent closes listening socket on error in handle_socket_read()
https://bugzilla.mindrot.org/show_bug.cgi?id=2837 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #3 from Damien Miller <djm at mindrot.org> --- Close RESOLVED bugs with the release of openssh-8.0 -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.