We get ridiculous amounts of warnings about use of uninitialised data when we run OpenSSH through valgrind. We need to check if this is harmless, and hopefully find a way to silence it without a massive performance hit.
Retest after upgrade of OpenSSH and see if the problem remains. Re-evaluate priority if it's still an issue.
Still an issue even after upgrade.
From the OpenSSH 7.1 changelog: > * Fix a number of memory faults (double-free, free of uninitialised > memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz > Kocielski.
With 4.5.0rc1 it's better but still a lot of warnings: 4.4.0: [astrand@scilla ~]$ egrep '== [0-9A-Za-z]' .thinlinc/tlclient.log | grep " ssh" | wc 1105 11934 101197 4.5.0rc1: [astrand@scilla ~]$ egrep '== [0-9A-Za-z]' .thinlinc/tlclient.log | grep " ssh" | wc 953 10389 89382 Was running: valgrind --trace-children=yes --leak-check=full --suppressions=supp /opt/thinlinc/lib/tlclient/tlclient.bin dhcp-254-194 -u admin -p xxx
With thinlinc 4.9.0 I got 477 errors from valgrind that said: "Conditional jump or move depends on uninitialised value(s)" Added a suppression for this for bug 2723.
With thinlinc 4.9.0 I got 99 errors from valgrind that said: "Use of uninitialised value of size 8" Added a suppression for this for bug 2723.
With thinlinc 4.9.0 I got 6 errors from valgrind that said: "Syscall param write(buf) points to uninitialsied byte(s)" 4 errors that said: "Syscall param write(count) points to uninitialsied byte(s)" Added suppressions for these for bug 2723.
