Bug 2583 - ssh-keyscan: fatal error in conread() when scanning ssh1 keys without ssh1 support
Summary: ssh-keyscan: fatal error in conread() when scanning ssh1 keys without ssh1 su...
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh-keyscan (show other bugs)
Version: 7.2p1
Hardware: amd64 Linux
: P5 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks: V_7_5
  Show dependency treegraph
 
Reported: 2016-06-09 06:01 AEST by Daniel Richard G.
Modified: 2018-04-06 12:26 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Richard G. 2016-06-09 06:01:04 AEST 
If I compile ssh-keyscan without support for ssh1 (per default), and then have it scan a large network for rsa1 keys, it fails with the following fatal error:

    conread: invalid status 3

The "3" corresponds to CS_KEYS, which is handled correctly in the function if WITH_SSH1 is #defined. It appears to be an oversight that CS_KEYS is treated as an "invalid status" when ssh1 support is absent (or that CS_KEYS even comes up as a status in the first place in that circumstance).

A build of ssh-keyscan without ssh1 support should either fail immediately if asked to scan for ssh1 keys (as presumably it can't process those keys anyway), or at least not error out spuriously like this.
Comment 1 Damien Miller 2017-01-06 14:44:04 AEDT 
Thanks, I've committed a fix that bans RSA1 keys where they are supposed to be banned:

[djm@haru ssh]$ ssh-keyscan -t rsa1 127.0.0.1 
Unknown key type "rsa1"
Comment 2 Damien Miller 2018-04-06 12:26:37 AEST 
Close all resolved bugs after release of OpenSSH 7.7.