diff --git a/changelogs/fragments/avoid_ssh_retry_discolsures.yml b/changelogs/fragments/avoid_ssh_retry_discolsures.yml new file mode 100644 index 00000000000..77acf6deecc --- /dev/null +++ b/changelogs/fragments/avoid_ssh_retry_discolsures.yml @@ -0,0 +1,2 @@ +bugfixes: + - Respect no_log on retry and high verbosity (CVE-2018-16876) diff --git a/lib/ansible/plugins/connection/ssh.py b/lib/ansible/plugins/connection/ssh.py index 67187386d56..213383a897c 100644 --- a/lib/ansible/plugins/connection/ssh.py +++ b/lib/ansible/plugins/connection/ssh.py @@ -335,11 +335,14 @@ def _ssh_retry(func): try: try: return_tuple = func(self, *args, **kwargs) - display.vvv(return_tuple, host=self.host) + if self._play_context.no_log: + display.vvv('rc=%s, stdout & stderr censored due to no log' % return_tuple[0], host=self.host) + else: + display.vvv(return_tuple, host=self.host) # 0 = success # 1-254 = remote command return code # 255 could be a failure from the ssh command itself - except (AnsibleControlPersistBrokenPipeError) as e: + except (AnsibleControlPersistBrokenPipeError): # Retry one more time because of the ControlPersist broken pipe (see #16731) cmd = args[0] if self._play_context.password and isinstance(cmd, list): @@ -357,8 +360,12 @@ def _ssh_retry(func): break if SSH_ERROR: - raise AnsibleConnectionFailure("Failed to connect to the host via ssh: %s" - % to_native(return_tuple[2])) + msg = "Failed to connect to the host via ssh: " + if self._play_context.no_log: + msg += '' + else: + msg += to_native(return_tuple[2]) + raise AnsibleConnectionFailure(msg) break