diff --git a/changelogs/fragments/avoid_ssh_retry_discolsures.yml b/changelogs/fragments/avoid_ssh_retry_discolsures.yml new file mode 100644 index 00000000000..7326046d764 --- /dev/null +++ b/changelogs/fragments/avoid_ssh_retry_discolsures.yml @@ -0,0 +1,2 @@ +bugfixes: + - now no log is being respected on retry and high verbosity. CVE-2018-16876 diff --git a/lib/ansible/plugins/connection/ssh.py b/lib/ansible/plugins/connection/ssh.py index dc26acb256f..a1305879eac 100644 --- a/lib/ansible/plugins/connection/ssh.py +++ b/lib/ansible/plugins/connection/ssh.py @@ -256,11 +256,14 @@ def _ssh_retry(func): try: try: return_tuple = func(self, *args, **kwargs) - display.vvv(return_tuple, host=self.host) + if self._play_context.no_log: + display.vvv('rc=%s, stdout & stderr censored due to no log' % return_tuple[0], host=self.host) + else: + display.vvv(return_tuple, host=self.host) # 0 = success # 1-254 = remote command return code - # 255 = failure from the ssh command itself - except (AnsibleControlPersistBrokenPipeError) as e: + # 255 could be a failure from the ssh command itself + except (AnsibleControlPersistBrokenPipeError): # Retry one more time because of the ControlPersist broken pipe (see #16731) display.vvv(u"RETRYING BECAUSE OF CONTROLPERSIST BROKEN PIPE") return_tuple = func(self, *args, **kwargs) @@ -268,7 +271,13 @@ def _ssh_retry(func): if return_tuple[0] != 255: break else: - raise AnsibleConnectionFailure("Failed to connect to the host via ssh: %s" % to_native(return_tuple[2])) + msg = "Failed to connect to the host via ssh: " + if self._play_context.no_log: + msg += '' + else: + msg += to_native(return_tuple[2]) + raise AnsibleConnectionFailure(msg) + except (AnsibleConnectionFailure, Exception) as e: if attempt == remaining_tries - 1: raise