ensure ssh retry respects no log (#49569) (#49724)

* ensure ssh retry respects no log (#49569)


(cherry picked from commit ba4c2ebeac)

changelogs/fragments/avoid_ssh_retry_discolsures.yml

@@ -0,0 +1,2 @@
+bugfixes:
+    - Respect no_log on retry and high verbosity (CVE-2018-16876)

lib/ansible/plugins/connection/ssh.py

@@ -335,11 +335,14 @@ def _ssh_retry(func):
             try:
                 try:
                     return_tuple = func(self, *args, **kwargs)
-                    display.vvv(return_tuple, host=self.host)
+                    if self._play_context.no_log:
+                        display.vvv('rc=%s, stdout & stderr censored due to no log' % return_tuple[0], host=self.host)
+                    else:
+                        display.vvv(return_tuple, host=self.host)
                     # 0 = success
                     # 1-254 = remote command return code
                     # 255 could be a failure from the ssh command itself
-                except (AnsibleControlPersistBrokenPipeError) as e:
+                except (AnsibleControlPersistBrokenPipeError):
                     # Retry one more time because of the ControlPersist broken pipe (see #16731)
                     cmd = args[0]
                     if self._play_context.password and isinstance(cmd, list):
@@ -357,8 +360,12 @@ def _ssh_retry(func):
                             break
 
                     if SSH_ERROR:
-                        raise AnsibleConnectionFailure("Failed to connect to the host via ssh: %s"
+                        msg = "Failed to connect to the host via ssh: "
-                                                       % to_native(return_tuple[2]))
+                        if self._play_context.no_log:
+                            msg += '<error censored due to no log>'
+                        else:
+                            msg += to_native(return_tuple[2])
+                        raise AnsibleConnectionFailure(msg)
 
                 break