openssh bugs - Nov 2018 - [Bug 2936] New: ssh tries to use empty $SSH_AUTH_SOCK

https://bugzilla.mindrot.org/show_bug.cgi?id=2936

            Bug ID: 2936
           Summary: ssh tries to use empty $SSH_AUTH_SOCK
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ossman at cendio.se

If you do this:
> $ SSH_AUTH_SOCK= ssh foo at bar
Then ssh will try to connect to an agent at address "\0\0\0\0....",
which is a perfectly legal abstract socket address on Linux.

This was discovered by the fact that irqbalance 1.5.0 happens to listen
to that address:

https://github.com/Irqbalance/irqbalance/issues/85

The end result is that ssh hangs as it tries to talk to irqbalance,
believing it is an SSH agent.


This is a very confusing behaviour and I would have expected an empty
$SSH_AUTH_SOCK to be treated the same as if it was not set at all.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2936

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
The following patch should take care of this:

diff --git a/authfd.c b/authfd.c
index ecdd869a..972f1b5f 100644
--- a/authfd.c
+++ b/authfd.c
@@ -94,7 +94,7 @@ ssh_get_authentication_socket(int *fdp)
                *fdp = -1;

        authsocket = getenv(SSH_AUTHSOCKET_ENV_NAME);
-       if (!authsocket)
+       if (!authsocket || authsocket[0] == '\0')
                return SSH_ERR_AGENT_NOT_PRESENT;

        memset(&sunaddr, 0, sizeof(sunaddr));

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2936

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
                 CC|                            |djm at mindrot.org
             Blocks|                            |2915
             Status|NEW                         |RESOLVED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Fix committed - this will be in OpenSSH 8.0


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2915
[Bug 2915] Tracking bug for 8.0 release
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2936

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2936

Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ahmedsayeed1982 at yahoo.com

--- Comment #4 from Ahmed Sayeed <ahmedsayeed1982 at yahoo.com> ---
amd64-linux-siginfo.c: Adjust include order to avoid gnulib error 
    http://www.compilatori.com/computers/latest-car-deals/
    On Fedora rawhide, after updating to glibc-2.33, I'm seeing the
    following build failure:
    http://www.acpirateradio.co.uk/travel/good/
      CXX    nat/amd64-linux-siginfo.o
    In file included from /usr/include/bits/sigstksz.h:24,
http://www.logoarts.co.uk/services/affordable-printer/ 
                     from /usr/include/signal.h:315,
                     from ../gnulib/import/signal.h:52,
http://www.slipstone.co.uk/property/hp-of-cars/ 
                     from
/ironwood1/sourceware-git/rawhide-gnulib/bld/../../worktree-gnulib/gdbserver/../gdb/nat/amd64-linux-siginfo.c:20:
http://embermanchester.uk/services/whatsapp-number-change/ 
    ../gnulib/import/unistd.h:663:3: error: #error "Please include
config.h first."
      663 |  #error "Please include config.h first."
http://connstr.net/property/mars-researches/ 
          |   ^~~~~

    glibc-2.33 has changed signal.h to now include <bits/sigstksz.h>
which,
    in turn, includes <unistd.h>.
http://joerg.li/technology/b-class-cars/ For a gdb build, this causes
the gnulib
    version of unistd.h to be pulled in first.  The build failure shown
    above happens because gnulib's config.h has not been included
before
    the include of <signal.h>.
http://www.jopspeech.com/health/nvidia-rtx-2060/

    The fix is simple - we just rearrange the order of the header file
    includes to make sure that gdbsupport/commondefs.h is included
before
    attempting to include signal.h.  Note that gdbsupport/commondefs.h
    includes <gnulib/config.h>.
http://www.wearelondonmade.com/health/check-ups/

    Build and regression tested on Fedora 33.  On Fedora rawhide, GDB
    builds again.
https://waytowhatsnext.com/shopping/xbox-release-date/

    gdb/ChangeLog:
glibc-2.33 has changed signal.h to now include <bits/sigstksz.h> which,
    in turn, includes <unistd.h>.
http://www.iu-bloomington.com/computers/invisible-with-vpn/ For a gdb
build, this causes the gnulib
    version of unistd.h to be pulled in first.  The build failure shown
    above happens because gnulib's
https://komiya-dental.com/crypto/new-coins/ config.h has not been
included before
    the include of <signal.h>.
http://www-look-4.com/tech/nvidia-and-samsung/

    The fix is simple - we just rearrange the order of the header file
https://www.webb-dev.co.uk/crypto/crypto-for-investing/
    includes to make sure that gdbsupport/commondefs.h is included
before
    attempting to include signal.h.  Note that gdbsupport/commondefs.h
    includes <gnulib/config.h>.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.