openssh bugs - Apr 2010 - [Bug 1750] New: Sftp hangs if stderr is used.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

           Summary: Sftp hangs if stderr is used.
           Product: Portable OpenSSH
           Version: 5.4p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jchadima at redhat.com


According to SSH File Transfer Protocol draft-ietf-secsh-filexfer-13
the usage of stderr may not harm the transfer. 
The chapter 3.1 says: 

"Data sent on stderr by the server SHOULD be considered free format 
debug or supplemental error information, and MAY be displayed to the
user." 

Actually any try to write to stderr causes immediate server hangup.

The test case is use bash as the login shell of the user and add line
echo "Hello" >&2
into ~/.bashrc

In the openssh with session.c before version 1.237 it works, later it
hangs.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> 2010-04-08 21:08:15
EST ---
When you say "session.c before version 1.237" do you mean that 1.237
is
affected? Also, are you using the version from portable OpenSSH CVS or
from OpenBSD CVS?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

jchadima at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jchadima at redhat.com

--- Comment #2 from jchadima at redhat.com 2010-04-08 22:20:06 EST ---
(In reply to comment #1)
> When you say "session.c before version 1.237" do you mean that
1.237 is
> affected?
yes all versions from 1.237 are affected, all older aren't



 Also, are you using the version from portable OpenSSH CVS
or
> from OpenBSD CVS?
portable openssh.

The problem is in this chunk of the patch:

@@ -507,6 +507,10 @@
*/
if (compat20) {
session_set_fds(s, inout[1], inout[1], s->is_subsystem ? -1 : err[1]);
+ /* close err[1] to not leak the socket if this inside a subsystem */
+ if (s->is_subsystem) {
+ close(err[1]);
+ }
} else {
server_loop(pid, inout[1], inout[1], err[1]);
/* server_loop has closed inout[1] and err[1]. */


and another one for pipes also.


the stderr is closed and any attempt to write to it causes the hang.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |1708

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #3 from Damien Miller <djm at mindrot.org> 2010-04-23 10:50:53
EST ---
Created an attachment (id=1840)
 --> (https://bugzilla.mindrot.org/attachment.cgi?id=1840)
session-subsys-stderr-devnull.diff

set stderr to /dev/null for subsystems

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #4 from Damien Miller <djm at mindrot.org> 2010-04-23 11:00:30
EST ---
This should fix it.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #5 from Damien Miller <djm at mindrot.org>  ---
patch applied - will be in 5.6. Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

jchadima at redhat.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |

--- Comment #6 from jchadima at redhat.com  ---
This solutions is not 100% correct because breaks the chroot
environment with internal-sftp. Typical setup:

subsystem sftp internal-sftp

match group sftponly
    chroot directory /home/%u
    x11forwarding no
    allowtcpforwarding no
    forcecommand internal-sftp

the /home/%u directories are root owned with some subdirs owned by an
user, but there should not be the copy of dev directory inside.

The patch wants to have at least /dev/null inside the chroot.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #7 from jchadima at redhat.com  ---
The possible sollution is to open /dev/null before chroot.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #8 from Damien Miller <djm at mindrot.org>  ---
Created attachment 1884
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1884
/home/djm/sshd-ignore-subsys-stderr.diff

Ignore stderr from subsystems in channels code (warning: completely
untested diff)

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #9 from jchadima at redhat.com  ---
Seems to be working for me, thx.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

--- Comment #10 from Damien Miller <djm at mindrot.org>  ---
Created attachment 1885
  --> https://bugzilla.mindrot.org/attachment.cgi?id=1885
/home/djm/sshd-ignore-subsys-stderr.diff

improved patch

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1885|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1884|0                           |1
        is obsolete|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1840|0                           |1
        is obsolete|                            |

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED

--- Comment #11 from Damien Miller <djm at mindrot.org>  ---
patch applied - will be in 5.6. Thanks.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mortals at seznam.cz

--- Comment #12 from Damien Miller <djm at mindrot.org>  ---
*** Bug 1755 has been marked as a duplicate of this bug. ***

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=1750

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #13 from Damien Miller <djm at mindrot.org> 2011-01-24
12:33:42 EST ---
Move resolved bugs to CLOSED after 5.7 release

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.