Bug#228828: ssh: ssh-keyscan sometimes exits when it finds an ftp server
On Wed, Jan 21, 2004 at 12:13:19AM -0500, Matt Swift wrote:
> If you are scanning a list of IP addresses with ssh-keyscan and
> encounter an FTP server, ssh-keyscan quits and does not scan the
> remainder of the list. I think it should just continue on to the next
> host instead.
>
> Some people do apparently put an ftp server on port 22, perhaps to get
> around a firewall that blocks the usual ftp port.
>
> The problem does not occur every time an FTP server is encountered. I
> show some tests below with port 22 on three hosts on a LAN. Localhost
> is running Debian sshd and is the machine on which I'm running the
> tests below, Mercury is running sshd on Cygwin, and Vav is running a
> Microsoft FTP server. I could repeat similar tests with wu-ftpd on
> Debian and sshd on the other two hosts if it would help.
>
> Strobing those three hosts in a list, the problem occurs in one of the
> four orders in which the FTP server (vav) is not last. The results
> below are repeatable. I don't understand why ssh-keyscan is bails out
> on some sequences but not others.
I have a guess: when the remote end isn't an SSH server, it looks like
remote_major and remote_minor in congreet() just end up containing
whatever happens to be on the stack. Could you please try the following
patch (against 1:3.8p1-1, but that shouldn't matter)?
Index: ssh-keyscan.c
===================================================================
RCS file: /home/cjwatson/cvs/openssh/openssh/ssh-keyscan.c,v
retrieving revision 1.6
diff -p -u -r1.6 ssh-keyscan.c
--- ssh-keyscan.c 1 Mar 2004 02:25:32 -0000 1.6
+++ ssh-keyscan.c 7 Mar 2004 11:19:38 -0000
@@ -489,7 +489,7 @@ conrecycle(int s)
static void
congreet(int s)
{
- int remote_major, remote_minor, n = 0;
+ int remote_major = 0, remote_minor = 0, n = 0;
char buf[256], *cp;
char remote_version[sizeof buf];
size_t bufsiz;
Thanks,
--
Colin Watson [cjwatson@flatline.org.uk]
Reply to: