Paramiko crashes with python3 when server sends debug messages.
It seems that util.safe_string() hasn't been updated to handle bytes in Python3.
In Transport._parse_debug() msg is extracted from m with m.get_string() which in Python3 returns bytes-sequence. This message is given to safe_string(), which expects that message can be iterated over. However in Python3 iterating over bytes-sequence returns int instead of bytes and it can't be added to string implicitly.
File "lib/python3.4/site-packages/paramiko/client.py", line 307, in connect
look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host)
File "lib/python3.4/site-packages/paramiko/client.py", line 433, in _auth
allowed_types = self._transport.auth_publickey(username, pkey)
File "lib/python3.4/site-packages/paramiko/transport.py", line 1232, in auth_publickey
File "lib/python3.4/site-packages/paramiko/auth_handler.py", line 197, in wait_for_response
File "lib/python3.4/site-packages/paramiko/transport.py", line 1601, in run
File "lib/python3.4/site-packages/paramiko/transport.py", line 2152, in _parse_debug
self._log(DEBUG, 'Debug msg: ' + util.safe_string(msg))
File "lib/python3.4/site-packages/paramiko/util.py", line 121, in safe_string
out += c
TypeError: Can't convert 'int' object to str implicitly
Can you confirm your Paramiko version? I recall we made a handful of changes in recent releases that might already account for this.
If you're recreating the issue on 1.15.1 (latest release), can you provide details on how to reproduce this so we can proceed with a fix? Thanks!
I tested with 1.15.1 and it still crashes. Easiest way to reproduce is by slightly modifying demo_server.py to sent a debug message and running against it.
Following client side code should reproduce the issue when run against linked modified demo_server.py
ssh = paramiko.SSHClient()
ssh.connect('localhost', port=2200, username='robey', password='foo')
shell = ssh.invoke_shell()
data = shell.recv(1024)
Thanks, can confirm reproduction of traceback (had to change the connect to 127.0.0.1 but that's a thing with Mac workstations re: IPv4 vs IPv6, iirc, and is orthogonal in any case.) Poking.
Heh this printing of debug messages is presently the only place safe_string is used and neither the calling or definition of safe_string have changed since 2004 apparently. Fun times.
Failing test proving #429
Changelog re #429
Improve byte/string interactions in debug logging.
Think I got it, can no longer reproduce after this fix is in, and added a test besides. Will appear in the next set of bugfix releases. Thanks!