openssh bugs - Apr 2018 - [Bug 2855] New: Opening tun devices fails in OpenSSH v7.7

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

            Bug ID: 2855
           Summary: Opening tun devices fails in OpenSSH v7.7
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nschiess at adversec.com

I've experienced some strange behaviour in OpenSSH portable v7.7 (on
ArchLinux) when I tried to create a layer-3 VPN connection. Running ssh
with "-w 444:444" (or any other argument, even "any:any")
failed with
"Tunnel device open failed.". I traced this error back to the
following
check [1]:

"""
if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
        goto failed;
"""

In my case this check is always true, resulting in the error message
mentioned above. The following strace output shows how ssh successfully
opens and configures the tun device, but ultimately goes to "failed":

"""
[pid  6229] write(2, "debug1: Requesting tun unit 444 "..., 43debug1:
Requesting tun unit 444 in mode 1
) = 43
[pid  6229] openat(AT_FDCWD, "/dev/net/tun", O_RDWR) = 3
[pid  6229] ioctl(3, TUNSETIFF, 0x7ffca40818b0) = 0
[pid  6229] write(2, "debug1: sys_tun_open: tun444 mod"..., 42debug1:
sys_tun_open: tun444 mode 1 fd 3
) = 42
[pid  6229] close(3)                    = 0
[pid  6229] write(2, "Tunnel device open failed.\r\n", 28Tunnel device
open failed.
"""

The write call after ioctl corresponds to the debug output here [2].
Where everything seems to be fine, but then it just closes the fd and
returns "an error". I don't see why the check in [1] should fail,
I
haven't run it in gdb yet. But maybe the issue is more obvious to you
guys?

Rolling back to 7.6 resolves the issue, seems like this has been
introduced in 7.7 (the files have also been renamed).

[1]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L188-L189
[2]
https://github.com/openssh/openssh-portable/blob/V_7_7/openbsd-compat/port-net.c#L186

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #3140|                            |ok?
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 3140
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3140&action=edit
fix strdup failure tests

I think this fixes the bug. Could you give it a try?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2852


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

--- Comment #2 from nschiess at adversec.com ---
The patch fixes the issue for me, thanks.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net
   Attachment #3140|ok?                         |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Fix is applied in master and on the V_7_7 branch.

commit cfb1d9bc76734681e3dea532a1504fcd466fbe91 (HEAD -> master,
origin/master, origin/HEAD)
Author: Damien Miller <djm at mindrot.org>
Date:   Fri Apr 13 13:38:06 2018 +1000

    Fix tunnel forwarding broken in 7.7p1

    bz2855, ok dtucker@

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |calimeroteknik at free.fr

--- Comment #4 from Jakub Jelen <jjelen at redhat.com> ---
*** Bug 2864 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2855

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
Close RESOLVED bugs with the release of openssh-8.0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.