* ensure ssh retry respects no log (#49569)
(cherry picked from commit ba4c2ebeac
)
This commit is contained in:
parent
961382bf5e
commit
0954942dfd
2 changed files with 13 additions and 4 deletions
2
changelogs/fragments/avoid_ssh_retry_discolsures.yml
Normal file
2
changelogs/fragments/avoid_ssh_retry_discolsures.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- Respect no_log on retry and high verbosity (CVE-2018-16876)
|
|
@ -335,11 +335,14 @@ def _ssh_retry(func):
|
|||
try:
|
||||
try:
|
||||
return_tuple = func(self, *args, **kwargs)
|
||||
if self._play_context.no_log:
|
||||
display.vvv('rc=%s, stdout & stderr censored due to no log' % return_tuple[0], host=self.host)
|
||||
else:
|
||||
display.vvv(return_tuple, host=self.host)
|
||||
# 0 = success
|
||||
# 1-254 = remote command return code
|
||||
# 255 could be a failure from the ssh command itself
|
||||
except (AnsibleControlPersistBrokenPipeError) as e:
|
||||
except (AnsibleControlPersistBrokenPipeError):
|
||||
# Retry one more time because of the ControlPersist broken pipe (see #16731)
|
||||
cmd = args[0]
|
||||
if self._play_context.password and isinstance(cmd, list):
|
||||
|
@ -357,8 +360,12 @@ def _ssh_retry(func):
|
|||
break
|
||||
|
||||
if SSH_ERROR:
|
||||
raise AnsibleConnectionFailure("Failed to connect to the host via ssh: %s"
|
||||
% to_native(return_tuple[2]))
|
||||
msg = "Failed to connect to the host via ssh: "
|
||||
if self._play_context.no_log:
|
||||
msg += '<error censored due to no log>'
|
||||
else:
|
||||
msg += to_native(return_tuple[2])
|
||||
raise AnsibleConnectionFailure(msg)
|
||||
|
||||
break
|
||||
|
||||
|
|
Loading…
Reference in a new issue