openssh bugs - Mar 2017 - [Bug 2688] New: Long log messages to stderr missing newlines

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

            Bug ID: 2688
           Summary: Long log messages to stderr missing newlines
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: brian.dyson at cox.net

When logging to standard error (via -e) or to log file (via -E
<logfile>), long log messages do not end with a newline.

Problem occurs in log.c, line 456 in OpenSSH 7.4p1.

The snprintf() call attempts to copy fmtbuf and "\r\n" into msgbuf.
However, fmtbuf and msgbuf are the same size (MSGBUFSIZ, nominally 1024
bytes). When fmtbuf is completely filled (due to long log message),
then the snprintf() simply copies fmtbuf and ignores the "\r\n".

This was observed when testing certificate-based logins at LogLevel
DEBUG3.

For example, 3 logs messages appear on one line like this (with ...
replacing long OpenSSH certificate public key):

debug2: user_key_allowed: check options: 'ssh-rsa-cert-v01 at openssh.com
AAAA...debug2: user_key_allowed: advance: 'AAAA...debug2: key not found

Notice multiple debug2 messages all on the same line. Each log line
should with with a newline character.

Suggested Fix

Since the intent is to append "\r\n" to fmtbuf before writing to
stderr, maybe it would be better to make that intent clearer using
strlcat() rather than snprintf().

msgbuf[0] = '\0';
(void)strlcat(msgbuf, fmtbuf, sizeof msgbuf  - 2);
(void)strlcat(msgbuf, "\r\n", sizeof msgbuf );

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

brian.dyson at cox.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |brian.dyson at cox.net

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #2957|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2957
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2957&action=edit
include room for \r\n in sprintf

This is a slightly different fix, that sets an explicit length in the
snprintf call for the log line.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2957|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
             Blocks|                            |2647
         Resolution|---                         |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Patch applied. This will be in openssh-7.5, due soon.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

--- Comment #3 from brian.dyson at cox.net ---
Ah, yes. Much more elegant fix than my proposal. Thanks!

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2688

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.