nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00
Code Issues Projects Releases Wiki Activity
0cda34c6f8
putty-source/sshverstring.c

636 lines
21 KiB
C
Raw Normal View History

Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
/*
* Code to handle the initial SSH version string exchange.
*/
#include <assert.h>
#include <string.h>
#include <stdlib.h>
#include "putty.h"
#include "ssh.h"
#include "sshbpp.h"
#include "sshcr.h"
#define PREFIX_MAXLEN 64
struct ssh_verstring_state {
int crState;
Conf *conf;
ptrlen prefix_wanted;
char *our_protoversion;
struct ssh_version_receiver *receiver;
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
bool send_early;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
bool found_prefix;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
int major_protoversion;
int remote_bugs;
char prefix[PREFIX_MAXLEN];
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
char *impl_name;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
char *vstring;
Make lots of 'int' length fields into size_t. This is a general cleanup which has been overdue for some time: lots of length fields are now the machine word type rather than the (in practice) fixed 'int'.
2019-02-06 20:42:44 +00:00
size_t vslen, vstrsize;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
char *protoversion;
const char *softwareversion;
char *our_vstring;
int i;
BinaryPacketProtocol bpp;
};
static void ssh_verstring_free(BinaryPacketProtocol *bpp);
static void ssh_verstring_handle_input(BinaryPacketProtocol *bpp);
Give the BPP an input and output packet queue. Now, instead of writing each packet straight on to the raw output bufchain by calling the BPP's format_packet function, the higher protocol layers will put the packets on to a queue, which will automatically trigger a callback (using the new mechanism for embedding a callback in any packet queue) to make the BPP format its queue on to the raw-output bufchain. That in turn triggers a second callback which moves the data to the socket. This means in particular that the CBC ignore-message workaround can be moved into the new BPP routine to process the output queue, which is a good place for it because then it can easily arrange to only put an ignore message at the start of any sequence of packets that are being formatted as a single output blob.
2018-09-24 17:08:09 +00:00
static void ssh_verstring_handle_output(BinaryPacketProtocol *bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
static PktOut *ssh_verstring_new_pktout(int type);
Move SSH_MSG_DISCONNECT construction into the BPP. This is a convenient place for it because it abstracts away the difference in disconnect packet formats between SSH-1 and -2, so when I start restructuring, I'll be able to call it even from places that don't know which version of SSH they're running.
2018-09-24 17:14:33 +00:00
static void ssh_verstring_queue_disconnect(BinaryPacketProtocol *bpp,
const char *msg, int category);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
Add missing 'static' to BPP vtable definitions. Vtable objects only need to be globally visible throughout the code if they're used directly in some interchangeable way, e.g. by passing them to a constructor like cipher_new that's the same for all implementations of the vtable, or by directly looking up public data fields in the vtable itself. But the BPPs are never used like that: each BPP has its own constructor function with a different type signature, so the BPP types are not interchangeable in any way _before_ an instance of one has been constructed. Hence, their vtable objects don't need external linkage.
2018-09-23 08:30:37 +00:00
static const struct BinaryPacketProtocolVtable ssh_verstring_vtable = {
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
ssh_verstring_free,
ssh_verstring_handle_input,
Give the BPP an input and output packet queue. Now, instead of writing each packet straight on to the raw output bufchain by calling the BPP's format_packet function, the higher protocol layers will put the packets on to a queue, which will automatically trigger a callback (using the new mechanism for embedding a callback in any packet queue) to make the BPP format its queue on to the raw-output bufchain. That in turn triggers a second callback which moves the data to the socket. This means in particular that the CBC ignore-message workaround can be moved into the new BPP routine to process the output queue, which is a good place for it because then it can easily arrange to only put an ignore message at the start of any sequence of packets that are being formatted as a single output blob.
2018-09-24 17:08:09 +00:00
ssh_verstring_handle_output,
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
ssh_verstring_new_pktout,
Move SSH_MSG_DISCONNECT construction into the BPP. This is a convenient place for it because it abstracts away the difference in disconnect packet formats between SSH-1 and -2, so when I start restructuring, I'll be able to call it even from places that don't know which version of SSH they're running.
2018-09-24 17:14:33 +00:00
ssh_verstring_queue_disconnect,
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
};
static void ssh_detect_bugs(struct ssh_verstring_state *s);
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
static bool ssh_version_includes_v1(const char *ver);
static bool ssh_version_includes_v2(const char *ver);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
BinaryPacketProtocol *ssh_verstring_new(
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
Conf *conf, LogContext *logctx, bool bare_connection_mode,
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
const char *protoversion, struct ssh_version_receiver *rcv,
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
bool server_mode, const char *impl_name)
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
{
struct ssh_verstring_state *s = snew(struct ssh_verstring_state);
memset(s, 0, sizeof(struct ssh_verstring_state));
if (!bare_connection_mode) {
s->prefix_wanted = PTRLEN_LITERAL("SSH-");
} else {
/*
* Ordinary SSH begins with the banner "SSH-x.y-...". Here,
* we're going to be speaking just the ssh-connection
* subprotocol, extracted and given a trivial binary packet
* protocol, so we need a new banner.
*
* The new banner is like the ordinary SSH banner, but
* replaces the prefix 'SSH-' at the start with a new name. In
* proper SSH style (though of course this part of the proper
* SSH protocol _isn't_ subject to this kind of
* DNS-domain-based extension), we define the new name in our
* extension space.
*/
s->prefix_wanted = PTRLEN_LITERAL(
"SSHCONNECTION@putty.projects.tartarus.org-");
}
assert(s->prefix_wanted.len <= PREFIX_MAXLEN);
s->conf = conf_copy(conf);
Refactor the LogContext type. LogContext is now the owner of the logevent() function that back ends and so forth are constantly calling. Previously, logevent was owned by the Frontend, which would store the message into its list for the GUI Event Log dialog (or print it to standard error, or whatever) and then pass it _back_ to LogContext to write to the currently open log file. Now it's the other way round: LogContext gets the message from the back end first, writes it to its log file if it feels so inclined, and communicates it back to the front end. This means that lots of parts of the back end system no longer need to have a pointer to a full-on Frontend; the only thing they needed it for was logging, so now they just have a LogContext (which many of them had to have anyway, e.g. for logging SSH packets or session traffic). LogContext itself also doesn't get a full Frontend pointer any more: it now talks back to the front end via a little vtable of its own called LogPolicy, which contains the method that passes Event Log entries through, the old askappend() function that decides whether to truncate a pre-existing log file, and an emergency function for printing an especially prominent message if the log file can't be created. One minor nice effect of this is that console and GUI apps can implement that last function subtly differently, so that Unix console apps can write it with a plain \n instead of the \r\n (harmless but inelegant) that the old centralised implementation generated. One other consequence of this is that the LogContext has to be provided to backend_init() so that it's available to backends from the instant of creation, rather than being provided via a separate API call a couple of function calls later, because backends have typically started doing things that need logging (like making network connections) before the call to backend_provide_logctx. Fortunately, there's no case in the whole code base where we don't already have logctx by the time we make a backend (so I don't actually remember why I ever delayed providing one). So that shortens the backend API by one function, which is always nice. While I'm tidying up, I've also moved the printf-style logeventf() and the handy logevent_and_free() into logging.c, instead of having copies of them scattered around other places. This has also let me remove some stub functions from a couple of outlying applications like Pageant. Finally, I've removed the pointless "_tag" at the end of LogContext's official struct name.
2018-10-10 18:26:18 +00:00
s->bpp.logctx = logctx;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
s->our_protoversion = dupstr(protoversion);
s->receiver = rcv;
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
s->impl_name = dupstr(impl_name);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
/*
* We send our version string early if we can. But if it includes
* SSH-1, we can't, because we have to take the other end into
* account too (see below).
Add an actual SSH server program. This server is NOT SECURE! If anyone is reading this commit message, DO NOT DEPLOY IT IN A HOSTILE-FACING ENVIRONMENT! Its purpose is to speak the server end of everything PuTTY speaks on the client side, so that I can test that I haven't broken PuTTY when I reorganise its code, even things like RSA key exchange or chained auth methods which it's hard to find a server that speaks at all. (For this reason, it's declared with [UT] in the Recipe file, so that it falls into the same category as programs like testbn, which won't be installed by 'make install'.) Working title is 'Uppity', partly for 'Universal PuTTY Protocol Interaction Test Yoke', but mostly because it looks quite like the word 'PuTTY' with part of it reversed. (Apparently 'test yoke' is a very rarely used term meaning something not altogether unlike 'test harness', which is a bit of a stretch, but it'll do.) It doesn't actually _support_ everything I want yet. At the moment, it's a proof of concept only. But it has most of the machinery present, and the parts it's missing - such as chained auth methods - should be easy enough to add because I've built in the required flexibility, in the form of an AuthPolicy object which can request them if it wants to. However, the current AuthPolicy object is entirely trivial, and will let in any user with the password "weasel". (Another way in which this is not a production-ready server is that it also has no interaction with the OS's authentication system. In particular, it will not only let in any user with the same password, but it won't even change uid - it will open shells and forwardings under whatever user id you started it up as.) Currently, the program can only speak the SSH protocol on its standard I/O channels (using the new FdSocket facility), so if you want it to listen on a network port, you'll have to run it from some kind of separate listening program similar to inetd. For my own tests, I'm not even doing that: I'm just having PuTTY spawn it as a local proxy process, which also conveniently eliminates the risk of anyone hostile connecting to it. The bulk of the actual code reorganisation is already done by previous commits, so this change is _mostly_ just dropping in a new set of server-specific source files alongside the client-specific ones I created recently. The remaining changes in the shared SSH code are numerous, but all minor: - a few extra parameters to BPP and PPL constructors (e.g. 'are you in server mode?'), and pass both sets of SSH-1 protocol flags from the login to the connection layer - in server mode, unconditionally send our version string _before_ waiting for the remote one - a new hook in the SSH-1 BPP to handle enabling compression in server mode, where the message exchange works the other way round - new code in the SSH-2 BPP to do _deferred_ compression the other way round (the non-deferred version is still nicely symmetric) - in the SSH-2 transport layer, some adjustments to do key derivation either way round (swapping round the identifying letters in the various hash preimages, and making sure to list the KEXINITs in the right order) - also in the SSH-2 transport layer, an if statement that controls whether we send SERVICE_REQUEST and wait for SERVICE_ACCEPT, or vice versa - new ConnectionLayer methods for opening outgoing channels for X and agent forwardings - new functions in portfwd.c to establish listening sockets suitable for remote-to-local port forwarding (i.e. not under the direction of a Conf the way it's done on the client side).
2018-10-20 21:09:54 +00:00
*
* In server mode, we do send early.
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
*/
Add an actual SSH server program. This server is NOT SECURE! If anyone is reading this commit message, DO NOT DEPLOY IT IN A HOSTILE-FACING ENVIRONMENT! Its purpose is to speak the server end of everything PuTTY speaks on the client side, so that I can test that I haven't broken PuTTY when I reorganise its code, even things like RSA key exchange or chained auth methods which it's hard to find a server that speaks at all. (For this reason, it's declared with [UT] in the Recipe file, so that it falls into the same category as programs like testbn, which won't be installed by 'make install'.) Working title is 'Uppity', partly for 'Universal PuTTY Protocol Interaction Test Yoke', but mostly because it looks quite like the word 'PuTTY' with part of it reversed. (Apparently 'test yoke' is a very rarely used term meaning something not altogether unlike 'test harness', which is a bit of a stretch, but it'll do.) It doesn't actually _support_ everything I want yet. At the moment, it's a proof of concept only. But it has most of the machinery present, and the parts it's missing - such as chained auth methods - should be easy enough to add because I've built in the required flexibility, in the form of an AuthPolicy object which can request them if it wants to. However, the current AuthPolicy object is entirely trivial, and will let in any user with the password "weasel". (Another way in which this is not a production-ready server is that it also has no interaction with the OS's authentication system. In particular, it will not only let in any user with the same password, but it won't even change uid - it will open shells and forwardings under whatever user id you started it up as.) Currently, the program can only speak the SSH protocol on its standard I/O channels (using the new FdSocket facility), so if you want it to listen on a network port, you'll have to run it from some kind of separate listening program similar to inetd. For my own tests, I'm not even doing that: I'm just having PuTTY spawn it as a local proxy process, which also conveniently eliminates the risk of anyone hostile connecting to it. The bulk of the actual code reorganisation is already done by previous commits, so this change is _mostly_ just dropping in a new set of server-specific source files alongside the client-specific ones I created recently. The remaining changes in the shared SSH code are numerous, but all minor: - a few extra parameters to BPP and PPL constructors (e.g. 'are you in server mode?'), and pass both sets of SSH-1 protocol flags from the login to the connection layer - in server mode, unconditionally send our version string _before_ waiting for the remote one - a new hook in the SSH-1 BPP to handle enabling compression in server mode, where the message exchange works the other way round - new code in the SSH-2 BPP to do _deferred_ compression the other way round (the non-deferred version is still nicely symmetric) - in the SSH-2 transport layer, some adjustments to do key derivation either way round (swapping round the identifying letters in the various hash preimages, and making sure to list the KEXINITs in the right order) - also in the SSH-2 transport layer, an if statement that controls whether we send SERVICE_REQUEST and wait for SERVICE_ACCEPT, or vice versa - new ConnectionLayer methods for opening outgoing channels for X and agent forwardings - new functions in portfwd.c to establish listening sockets suitable for remote-to-local port forwarding (i.e. not under the direction of a Conf the way it's done on the client side).
2018-10-20 21:09:54 +00:00
s->send_early = server_mode || !ssh_version_includes_v1(protoversion);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
s->bpp.vt = &ssh_verstring_vtable;
Give the BPP an input and output packet queue. Now, instead of writing each packet straight on to the raw output bufchain by calling the BPP's format_packet function, the higher protocol layers will put the packets on to a queue, which will automatically trigger a callback (using the new mechanism for embedding a callback in any packet queue) to make the BPP format its queue on to the raw-output bufchain. That in turn triggers a second callback which moves the data to the socket. This means in particular that the CBC ignore-message workaround can be moved into the new BPP routine to process the output queue, which is a good place for it because then it can easily arrange to only put an ignore message at the start of any sequence of packets that are being formatted as a single output blob.
2018-09-24 17:08:09 +00:00
ssh_bpp_common_setup(&s->bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
return &s->bpp;
}
void ssh_verstring_free(BinaryPacketProtocol *bpp)
{
struct ssh_verstring_state *s =
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
container_of(bpp, struct ssh_verstring_state, bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
conf_free(s->conf);
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
sfree(s->impl_name);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
sfree(s->vstring);
sfree(s->protoversion);
sfree(s->our_vstring);
sfree(s->our_protoversion);
sfree(s);
}
static int ssh_versioncmp(const char *a, const char *b)
{
char *ae, *be;
unsigned long av, bv;
av = strtoul(a, &ae, 10);
bv = strtoul(b, &be, 10);
if (av != bv)
return (av < bv ? -1 : +1);
if (*ae == '.')
ae++;
if (*be == '.')
be++;
av = strtoul(ae, &ae, 10);
bv = strtoul(be, &be, 10);
if (av != bv)
return (av < bv ? -1 : +1);
return 0;
}
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
static bool ssh_version_includes_v1(const char *ver)
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
{
return ssh_versioncmp(ver, "2.0") < 0;
}
Convert a lot of 'int' variables to 'bool'. My normal habit these days, in new code, is to treat int and bool as _almost_ completely separate types. I'm still willing to use C's implicit test for zero on an integer (e.g. 'if (!blob.len)' is fine, no need to spell it out as blob.len != 0), but generally, if a variable is going to be conceptually a boolean, I like to declare it bool and assign to it using 'true' or 'false' rather than 0 or 1. PuTTY is an exception, because it predates the C99 bool, and I've stuck to its existing coding style even when adding new code to it. But it's been annoying me more and more, so now that I've decided C99 bool is an acceptable thing to require from our toolchain in the first place, here's a quite thorough trawl through the source doing 'boolification'. Many variables and function parameters are now typed as bool rather than int; many assignments of 0 or 1 to those variables are now spelled 'true' or 'false'. I managed this thorough conversion with the help of a custom clang plugin that I wrote to trawl the AST and apply heuristics to point out where things might want changing. So I've even managed to do a decent job on parts of the code I haven't looked at in years! To make the plugin's work easier, I pushed platform front ends generally in the direction of using standard 'bool' in preference to platform-specific boolean types like Windows BOOL or GTK's gboolean; I've left the platform booleans in places they _have_ to be for the platform APIs to work right, but variables only used by my own code have been converted wherever I found them. In a few places there are int values that look very like booleans in _most_ of the places they're used, but have a rarely-used third value, or a distinction between different nonzero values that most users don't care about. In these cases, I've _removed_ uses of 'true' and 'false' for the return values, to emphasise that there's something more subtle going on than a simple boolean answer: - the 'multisel' field in dialog.h's list box structure, for which the GTK front end in particular recognises a difference between 1 and 2 but nearly everything else treats as boolean - the 'urgent' parameter to plug_receive, where 1 vs 2 tells you something about the specific location of the urgent pointer, but most clients only care about 0 vs 'something nonzero' - the return value of wc_match, where -1 indicates a syntax error in the wildcard. - the return values from SSH-1 RSA-key loading functions, which use -1 for 'wrong passphrase' and 0 for all other failures (so any caller which already knows it's not loading an _encrypted private_ key can treat them as boolean) - term->esc_query, and the 'query' parameter in toggle_mode in terminal.c, which _usually_ hold 0 for ESC[123h or 1 for ESC[?123h, but can also hold -1 for some other intervening character that we don't support. In a few places there's an integer that I haven't turned into a bool even though it really _can_ only take values 0 or 1 (and, as above, tried to make the call sites consistent in not calling those values true and false), on the grounds that I thought it would make it more confusing to imply that the 0 value was in some sense 'negative' or bad and the 1 positive or good: - the return value of plug_accepting uses the POSIXish convention of 0=success and nonzero=error; I think if I made it bool then I'd also want to reverse its sense, and that's a job for a separate piece of work. - the 'screen' parameter to lineptr() in terminal.c, where 0 and 1 represent the default and alternate screens. There's no obvious reason why one of those should be considered 'true' or 'positive' or 'success' - they're just indices - so I've left it as int. ssh_scp_recv had particularly confusing semantics for its previous int return value: its call sites used '<= 0' to check for error, but it never actually returned a negative number, just 0 or 1. Now the function and its call sites agree that it's a bool. In a couple of places I've renamed variables called 'ret', because I don't like that name any more - it's unclear whether it means the return value (in preparation) for the _containing_ function or the return value received from a subroutine call, and occasionally I've accidentally used the same variable for both and introduced a bug. So where one of those got in my way, I've renamed it to 'toret' or 'retd' (the latter short for 'returned') in line with my usual modern practice, but I haven't done a thorough job of finding all of them. Finally, one amusing side effect of doing this is that I've had to separate quite a few chained assignments. It used to be perfectly fine to write 'a = b = c = TRUE' when a,b,c were int and TRUE was just a the 'true' defined by stdbool.h, that idiom provokes a warning from gcc: 'suggest parentheses around assignment used as truth value'!
2018-11-02 19:23:19 +00:00
static bool ssh_version_includes_v2(const char *ver)
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
{
return ssh_versioncmp(ver, "1.99") >= 0;
}
static void ssh_verstring_send(struct ssh_verstring_state *s)
{
Refactor the LogContext type. LogContext is now the owner of the logevent() function that back ends and so forth are constantly calling. Previously, logevent was owned by the Frontend, which would store the message into its list for the GUI Event Log dialog (or print it to standard error, or whatever) and then pass it _back_ to LogContext to write to the currently open log file. Now it's the other way round: LogContext gets the message from the back end first, writes it to its log file if it feels so inclined, and communicates it back to the front end. This means that lots of parts of the back end system no longer need to have a pointer to a full-on Frontend; the only thing they needed it for was logging, so now they just have a LogContext (which many of them had to have anyway, e.g. for logging SSH packets or session traffic). LogContext itself also doesn't get a full Frontend pointer any more: it now talks back to the front end via a little vtable of its own called LogPolicy, which contains the method that passes Event Log entries through, the old askappend() function that decides whether to truncate a pre-existing log file, and an emergency function for printing an especially prominent message if the log file can't be created. One minor nice effect of this is that console and GUI apps can implement that last function subtly differently, so that Unix console apps can write it with a plain \n instead of the \r\n (harmless but inelegant) that the old centralised implementation generated. One other consequence of this is that the LogContext has to be provided to backend_init() so that it's available to backends from the instant of creation, rather than being provided via a separate API call a couple of function calls later, because backends have typically started doing things that need logging (like making network connections) before the call to backend_provide_logctx. Fortunately, there's no case in the whole code base where we don't already have logctx by the time we make a backend (so I don't actually remember why I ever delayed providing one). So that shortens the backend API by one function, which is always nice. While I'm tidying up, I've also moved the printf-style logeventf() and the handy logevent_and_free() into logging.c, instead of having copies of them scattered around other places. This has also let me remove some stub functions from a couple of outlying applications like Pageant. Finally, I've removed the pointless "_tag" at the end of LogContext's official struct name.
2018-10-10 18:26:18 +00:00
BinaryPacketProtocol *bpp = &s->bpp; /* for bpp_logevent */
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
char *p;
int sv_pos;
/*
* Construct our outgoing version string.
*/
s->our_vstring = dupprintf(
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
"%.*s%s-%s%s",
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
(int)s->prefix_wanted.len, (const char *)s->prefix_wanted.ptr,
Server prep: pass "implementation name" to ssh_verstring_new. The word 'PuTTY' in the outgoing SSH version string has always represented the name of the *SSH implementation* as opposed to the name of the specific program containing it (for example, PSCP and PSFTP don't announce themselves with a different banner). But I think that a change from client to server merits a change in that implementation name, so I'm removing the prefix "PuTTY" from the constant string sshver[], and moving it to a parameter passed in separately to ssh_verstring_new, so that the upcoming server can pass in a different one.
2018-10-21 08:29:17 +00:00
s->our_protoversion, s->impl_name, sshver);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
sv_pos = s->prefix_wanted.len + strlen(s->our_protoversion) + 1;
/* Convert minus signs and spaces in the software version string
* into underscores. */
for (p = s->our_vstring + sv_pos; *p; p++) {
if (*p == '-' || *p == ' ')
*p = '_';
}
#ifdef FUZZING
/*
* Replace the first character of the string with an "I" if we're
* compiling this code for fuzzing - i.e. the protocol prefix
* becomes "ISH-" instead of "SSH-".
*
* This is irrelevant to any real client software (the only thing
* reading the output of PuTTY built for fuzzing is the fuzzer,
* which can adapt to whatever it sees anyway). But it's a safety
* precaution making it difficult to accidentally run such a
* version of PuTTY (which would be hugely insecure) against a
* live peer implementation.
*
* (So the replacement prefix "ISH" notionally stands for
* 'Insecure Shell', of course.)
*/
s->our_vstring[0] = 'I';
#endif
/*
* Now send that version string, plus trailing \r\n or just \n
* (the latter in SSH-1 mode).
*/
bufchain_add(s->bpp.out_raw, s->our_vstring, strlen(s->our_vstring));
if (ssh_version_includes_v2(s->our_protoversion))
bufchain_add(s->bpp.out_raw, "\015", 1);
bufchain_add(s->bpp.out_raw, "\012", 1);
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We claim version: %s", s->our_vstring);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
Macroise the cumbersome read idioms in the BPPs. Now the three 'proper' BPPs each have a BPP_READ() macro that wraps up the fiddly combination of crMaybeWaitUntilV and bufchainery they use to read a fixed-length amount of input data. The sshverstring 'BPP' doesn't read fixed-length data in quite the same way, but it has a similar BPP_WAITFOR macro. No functional change. Mostly this is just a cleanup to make the code more legible, but also, the new macros will be a good place to centralise anything else that needs doing on every read, such as EOF checking.
2018-09-24 13:23:52 +00:00
#define BPP_WAITFOR(minlen) do \
Stop BPPs from handling EOF before reading all data. The BPP_READ macros in all four BPP implementations (including sshverstring) had the same bug: if EOF had been seen on the network input but there was _also_ enough data in the input queue to satisfy the current request, they would jump straight to complaining about the EOF rather than processing the available data first. I spotted this while trying to pipe in test data from a disk file, but it could easily also lead to us failing to handle the final message in the connection, e.g. losing the error message sent by the remote in a DISCONNECT message.
2018-11-28 20:16:41 +00:00
{ \
bool success; \
crMaybeWaitUntilV( \
(success = (bufchain_size(s->bpp.in_raw) >= (minlen))) || \
s->bpp.input_eof); \
if (!success) \
goto eof; \
Macroise the cumbersome read idioms in the BPPs. Now the three 'proper' BPPs each have a BPP_READ() macro that wraps up the fiddly combination of crMaybeWaitUntilV and bufchainery they use to read a fixed-length amount of input data. The sshverstring 'BPP' doesn't read fixed-length data in quite the same way, but it has a similar BPP_WAITFOR macro. No functional change. Mostly this is just a cleanup to make the code more legible, but also, the new macros will be a good place to centralise anything else that needs doing on every read, such as EOF checking.
2018-09-24 13:23:52 +00:00
} while (0)
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
void ssh_verstring_handle_input(BinaryPacketProtocol *bpp)
{
struct ssh_verstring_state *s =
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
container_of(bpp, struct ssh_verstring_state, bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
crBegin(s->crState);
/*
* If we're sending our version string up front before seeing the
* other side's, then do it now.
*/
if (s->send_early)
ssh_verstring_send(s);
/*
* Search for a line beginning with the protocol name prefix in
* the input.
*/
s->i = 0;
while (1) {
/*
* Every time round this loop, we're at the start of a new
* line, so look for the prefix.
*/
Macroise the cumbersome read idioms in the BPPs. Now the three 'proper' BPPs each have a BPP_READ() macro that wraps up the fiddly combination of crMaybeWaitUntilV and bufchainery they use to read a fixed-length amount of input data. The sshverstring 'BPP' doesn't read fixed-length data in quite the same way, but it has a similar BPP_WAITFOR macro. No functional change. Mostly this is just a cleanup to make the code more legible, but also, the new macros will be a good place to centralise anything else that needs doing on every read, such as EOF checking.
2018-09-24 13:23:52 +00:00
BPP_WAITFOR(s->prefix_wanted.len);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
bufchain_fetch(s->bpp.in_raw, s->prefix, s->prefix_wanted.len);
if (!memcmp(s->prefix, s->prefix_wanted.ptr, s->prefix_wanted.len)) {
bufchain_consume(s->bpp.in_raw, s->prefix_wanted.len);
break;
}
/*
* If we didn't find it, consume data until we see a newline.
*/
while (1) {
Make lots of 'int' length fields into size_t. This is a general cleanup which has been overdue for some time: lots of length fields are now the machine word type rather than the (in practice) fixed 'int'.
2019-02-06 20:42:44 +00:00
size_t len;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
void *data;
char *nl;
Macroise the cumbersome read idioms in the BPPs. Now the three 'proper' BPPs each have a BPP_READ() macro that wraps up the fiddly combination of crMaybeWaitUntilV and bufchainery they use to read a fixed-length amount of input data. The sshverstring 'BPP' doesn't read fixed-length data in quite the same way, but it has a similar BPP_WAITFOR macro. No functional change. Mostly this is just a cleanup to make the code more legible, but also, the new macros will be a good place to centralise anything else that needs doing on every read, such as EOF checking.
2018-09-24 13:23:52 +00:00
/* Wait to receive at least 1 byte, but then consume more
* than that if it's there. */
BPP_WAITFOR(1);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
bufchain_prefix(s->bpp.in_raw, &data, &len);
if ((nl = memchr(data, '\012', len)) != NULL) {
bufchain_consume(s->bpp.in_raw, nl - (char *)data + 1);
break;
} else {
bufchain_consume(s->bpp.in_raw, len);
}
}
}
Adopt C99 <stdbool.h>'s true/false. This commit includes <stdbool.h> from defs.h and deletes my traditional definitions of TRUE and FALSE, but other than that, it's a 100% mechanical search-and-replace transforming all uses of TRUE and FALSE into the C99-standardised lowercase spellings. No actual types are changed in this commit; that will come next. This is just getting the noise out of the way, so that subsequent commits can have a higher proportion of signal.
2018-10-29 19:50:29 +00:00
s->found_prefix = true;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
/*
* Start a buffer to store the full greeting line.
*/
s->vstrsize = s->prefix_wanted.len + 16;
s->vstring = snewn(s->vstrsize, char);
memcpy(s->vstring, s->prefix_wanted.ptr, s->prefix_wanted.len);
s->vslen = s->prefix_wanted.len;
/*
* Now read the rest of the greeting line.
*/
s->i = 0;
do {
Make lots of 'int' length fields into size_t. This is a general cleanup which has been overdue for some time: lots of length fields are now the machine word type rather than the (in practice) fixed 'int'.
2019-02-06 20:42:44 +00:00
size_t len;
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
void *data;
char *nl;
Stop BPPs from handling EOF before reading all data. The BPP_READ macros in all four BPP implementations (including sshverstring) had the same bug: if EOF had been seen on the network input but there was _also_ enough data in the input queue to satisfy the current request, they would jump straight to complaining about the EOF rather than processing the available data first. I spotted this while trying to pipe in test data from a disk file, but it could easily also lead to us failing to handle the final message in the connection, e.g. losing the error message sent by the remote in a DISCONNECT message.
2018-11-28 20:16:41 +00:00
BPP_WAITFOR(1);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
bufchain_prefix(s->bpp.in_raw, &data, &len);
if ((nl = memchr(data, '\012', len)) != NULL) {
len = nl - (char *)data + 1;
}
Make lots of 'int' length fields into size_t. This is a general cleanup which has been overdue for some time: lots of length fields are now the machine word type rather than the (in practice) fixed 'int'.
2019-02-06 20:42:44 +00:00
if (s->vslen >= s->vstrsize - 1 || len >= s->vstrsize - 1 - s->vslen) {
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
s->vstrsize = (s->vslen + len) * 5 / 4 + 32;
s->vstring = sresize(s->vstring, s->vstrsize, char);
}
memcpy(s->vstring + s->vslen, data, len);
s->vslen += len;
bufchain_consume(s->bpp.in_raw, len);
} while (s->vstring[s->vslen-1] != '\012');
/*
* Trim \r and \n from the version string, and replace them with
* a NUL terminator.
*/
while (s->vslen > 0 &&
(s->vstring[s->vslen-1] == '\r' ||
s->vstring[s->vslen-1] == '\n'))
s->vslen--;
s->vstring[s->vslen] = '\0';
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("Remote version: %s", s->vstring);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
/*
* Pick out the protocol version and software version. The former
* goes in a separately allocated string, so that s->vstring
* remains intact for later use in key exchange; the latter is the
* tail of s->vstring, so it doesn't need to be allocated.
*/
{
const char *pv_start = s->vstring + s->prefix_wanted.len;
int pv_len = strcspn(pv_start, "-");
s->protoversion = dupprintf("%.*s", pv_len, pv_start);
s->softwareversion = pv_start + pv_len;
if (*s->softwareversion) {
assert(*s->softwareversion == '-');
s->softwareversion++;
}
}
ssh_detect_bugs(s);
/*
* Figure out what actual SSH protocol version we're speaking.
*/
if (ssh_version_includes_v2(s->our_protoversion) &&
ssh_version_includes_v2(s->protoversion)) {
/*
* We're doing SSH-2.
*/
s->major_protoversion = 2;
} else if (ssh_version_includes_v1(s->our_protoversion) &&
ssh_version_includes_v1(s->protoversion)) {
/*
* We're doing SSH-1.
*/
s->major_protoversion = 1;
/*
* There are multiple minor versions of SSH-1, and the
* protocol does not specify that the minimum of client
* and server versions is used. So we must adjust our
* outgoing protocol version to be no higher than that of
* the other side.
*/
if (!s->send_early &&
ssh_versioncmp(s->our_protoversion, s->protoversion) > 0) {
sfree(s->our_protoversion);
s->our_protoversion = dupstr(s->protoversion);
}
} else {
/*
* Unable to agree on a major protocol version at all.
*/
if (!ssh_version_includes_v2(s->our_protoversion)) {
Move most of ssh.c out into separate source files. I've tried to separate out as many individually coherent changes from this work as I could into their own commits, but here's where I run out and have to commit the rest of this major refactoring as a big-bang change. Most of ssh.c is now no longer in ssh.c: all five of the main coroutines that handle layers of the SSH-1 and SSH-2 protocols now each have their own source file to live in, and a lot of the supporting functions have moved into the appropriate one of those too. The new abstraction is a vtable called 'PacketProtocolLayer', which has an input and output packet queue. Each layer's main coroutine is invoked from the method ssh_ppl_process_queue(), which is usually (though not exclusively) triggered automatically when things are pushed on the input queue. In SSH-2, the base layer is the transport protocol, and it contains a pair of subsidiary queues by which it passes some of its packets to the higher SSH-2 layers - first userauth and then connection, which are peers at the same level, with the former abdicating in favour of the latter at the appropriate moment. SSH-1 is simpler: the whole login phase of the protocol (crypto setup and authentication) is all in one module, and since SSH-1 has no repeat key exchange, that setup layer abdicates in favour of the connection phase when it's done. ssh.c itself is now about a tenth of its old size (which all by itself is cause for celebration!). Its main job is to set up all the layers, hook them up to each other and to the BPP, and to funnel data back and forth between that collection of modules and external things such as the network and the terminal. Once it's set up a collection of packet protocol layers, it communicates with them partly by calling methods of the base layer (and if that's ssh2transport then it will delegate some functionality to the corresponding methods of its higher layer), and partly by talking directly to the connection layer no matter where it is in the stack by means of the separate ConnectionLayer vtable which I introduced in commit 8001dd4cb, and to which I've now added quite a few extra methods replacing services that used to be internal function calls within ssh.c. (One effect of this is that the SSH-1 and SSH-2 channel storage is now no longer shared - there are distinct struct types ssh1_channel and ssh2_channel. That means a bit more code duplication, but on the plus side, a lot fewer confusing conditionals in the middle of half-shared functions, and less risk of a piece of SSH-1 escaping into SSH-2 or vice versa, which I remember has happened at least once in the past.) The bulk of this commit introduces the five new source files, their common header sshppl.h and some shared supporting routines in sshcommon.c, and rewrites nearly all of ssh.c itself. But it also includes a couple of other changes that I couldn't separate easily enough: Firstly, there's a new handling for socket EOF, in which ssh.c sets an 'input_eof' flag in the BPP, and that responds by checking a flag that tells it whether to report the EOF as an error or not. (This is the main reason for those new BPP_READ / BPP_WAITFOR macros - they can check the EOF flag every time the coroutine is resumed.) Secondly, the error reporting itself is changed around again. I'd expected to put some data fields in the public PacketProtocolLayer structure that it could set to report errors in the same way as the BPPs have been doing, but in the end, I decided propagating all those data fields around was a pain and that even the BPPs shouldn't have been doing it that way. So I've reverted to a system where everything calls back to functions in ssh.c itself to report any connection- ending condition. But there's a new family of those functions, categorising the possible such conditions by semantics, and each one has a different set of detailed effects (e.g. how rudely to close the network connection, what exit status should be passed back to the whole application, whether to send a disconnect message and/or display a GUI error box). I don't expect this to be immediately perfect: of course, the code has been through a big upheaval, new bugs are expected, and I haven't been able to do a full job of testing (e.g. I haven't tested every auth or kex method). But I've checked that it _basically_ works - both SSH protocols, all the different kinds of forwarding channel, more than one auth method, Windows and Linux, connection sharing - and I think it's now at the point where the easiest way to find further bugs is to let it out into the wild and see what users can spot.
2018-09-24 17:28:16 +00:00
ssh_sw_abort(s->bpp.ssh,
"SSH protocol version 1 required by our "
"configuration but not provided by remote");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
} else {
Move most of ssh.c out into separate source files. I've tried to separate out as many individually coherent changes from this work as I could into their own commits, but here's where I run out and have to commit the rest of this major refactoring as a big-bang change. Most of ssh.c is now no longer in ssh.c: all five of the main coroutines that handle layers of the SSH-1 and SSH-2 protocols now each have their own source file to live in, and a lot of the supporting functions have moved into the appropriate one of those too. The new abstraction is a vtable called 'PacketProtocolLayer', which has an input and output packet queue. Each layer's main coroutine is invoked from the method ssh_ppl_process_queue(), which is usually (though not exclusively) triggered automatically when things are pushed on the input queue. In SSH-2, the base layer is the transport protocol, and it contains a pair of subsidiary queues by which it passes some of its packets to the higher SSH-2 layers - first userauth and then connection, which are peers at the same level, with the former abdicating in favour of the latter at the appropriate moment. SSH-1 is simpler: the whole login phase of the protocol (crypto setup and authentication) is all in one module, and since SSH-1 has no repeat key exchange, that setup layer abdicates in favour of the connection phase when it's done. ssh.c itself is now about a tenth of its old size (which all by itself is cause for celebration!). Its main job is to set up all the layers, hook them up to each other and to the BPP, and to funnel data back and forth between that collection of modules and external things such as the network and the terminal. Once it's set up a collection of packet protocol layers, it communicates with them partly by calling methods of the base layer (and if that's ssh2transport then it will delegate some functionality to the corresponding methods of its higher layer), and partly by talking directly to the connection layer no matter where it is in the stack by means of the separate ConnectionLayer vtable which I introduced in commit 8001dd4cb, and to which I've now added quite a few extra methods replacing services that used to be internal function calls within ssh.c. (One effect of this is that the SSH-1 and SSH-2 channel storage is now no longer shared - there are distinct struct types ssh1_channel and ssh2_channel. That means a bit more code duplication, but on the plus side, a lot fewer confusing conditionals in the middle of half-shared functions, and less risk of a piece of SSH-1 escaping into SSH-2 or vice versa, which I remember has happened at least once in the past.) The bulk of this commit introduces the five new source files, their common header sshppl.h and some shared supporting routines in sshcommon.c, and rewrites nearly all of ssh.c itself. But it also includes a couple of other changes that I couldn't separate easily enough: Firstly, there's a new handling for socket EOF, in which ssh.c sets an 'input_eof' flag in the BPP, and that responds by checking a flag that tells it whether to report the EOF as an error or not. (This is the main reason for those new BPP_READ / BPP_WAITFOR macros - they can check the EOF flag every time the coroutine is resumed.) Secondly, the error reporting itself is changed around again. I'd expected to put some data fields in the public PacketProtocolLayer structure that it could set to report errors in the same way as the BPPs have been doing, but in the end, I decided propagating all those data fields around was a pain and that even the BPPs shouldn't have been doing it that way. So I've reverted to a system where everything calls back to functions in ssh.c itself to report any connection- ending condition. But there's a new family of those functions, categorising the possible such conditions by semantics, and each one has a different set of detailed effects (e.g. how rudely to close the network connection, what exit status should be passed back to the whole application, whether to send a disconnect message and/or display a GUI error box). I don't expect this to be immediately perfect: of course, the code has been through a big upheaval, new bugs are expected, and I haven't been able to do a full job of testing (e.g. I haven't tested every auth or kex method). But I've checked that it _basically_ works - both SSH protocols, all the different kinds of forwarding channel, more than one auth method, Windows and Linux, connection sharing - and I think it's now at the point where the easiest way to find further bugs is to let it out into the wild and see what users can spot.
2018-09-24 17:28:16 +00:00
ssh_sw_abort(s->bpp.ssh,
"SSH protocol version 2 required by our "
"configuration but remote only provides "
"(old, insecure) SSH-1");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
crStopV;
}
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("Using SSH protocol version %d", s->major_protoversion);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
if (!s->send_early) {
/*
* If we didn't send our version string early, construct and
* send it now, because now we know what it is.
*/
ssh_verstring_send(s);
}
/*
* And we're done. Notify our receiver that we now know our
* protocol version. This will cause it to disconnect us from the
* input stream and ultimately free us, because our job is now
* done.
*/
s->receiver->got_ssh_version(s->receiver, s->major_protoversion);
Move most of ssh.c out into separate source files. I've tried to separate out as many individually coherent changes from this work as I could into their own commits, but here's where I run out and have to commit the rest of this major refactoring as a big-bang change. Most of ssh.c is now no longer in ssh.c: all five of the main coroutines that handle layers of the SSH-1 and SSH-2 protocols now each have their own source file to live in, and a lot of the supporting functions have moved into the appropriate one of those too. The new abstraction is a vtable called 'PacketProtocolLayer', which has an input and output packet queue. Each layer's main coroutine is invoked from the method ssh_ppl_process_queue(), which is usually (though not exclusively) triggered automatically when things are pushed on the input queue. In SSH-2, the base layer is the transport protocol, and it contains a pair of subsidiary queues by which it passes some of its packets to the higher SSH-2 layers - first userauth and then connection, which are peers at the same level, with the former abdicating in favour of the latter at the appropriate moment. SSH-1 is simpler: the whole login phase of the protocol (crypto setup and authentication) is all in one module, and since SSH-1 has no repeat key exchange, that setup layer abdicates in favour of the connection phase when it's done. ssh.c itself is now about a tenth of its old size (which all by itself is cause for celebration!). Its main job is to set up all the layers, hook them up to each other and to the BPP, and to funnel data back and forth between that collection of modules and external things such as the network and the terminal. Once it's set up a collection of packet protocol layers, it communicates with them partly by calling methods of the base layer (and if that's ssh2transport then it will delegate some functionality to the corresponding methods of its higher layer), and partly by talking directly to the connection layer no matter where it is in the stack by means of the separate ConnectionLayer vtable which I introduced in commit 8001dd4cb, and to which I've now added quite a few extra methods replacing services that used to be internal function calls within ssh.c. (One effect of this is that the SSH-1 and SSH-2 channel storage is now no longer shared - there are distinct struct types ssh1_channel and ssh2_channel. That means a bit more code duplication, but on the plus side, a lot fewer confusing conditionals in the middle of half-shared functions, and less risk of a piece of SSH-1 escaping into SSH-2 or vice versa, which I remember has happened at least once in the past.) The bulk of this commit introduces the five new source files, their common header sshppl.h and some shared supporting routines in sshcommon.c, and rewrites nearly all of ssh.c itself. But it also includes a couple of other changes that I couldn't separate easily enough: Firstly, there's a new handling for socket EOF, in which ssh.c sets an 'input_eof' flag in the BPP, and that responds by checking a flag that tells it whether to report the EOF as an error or not. (This is the main reason for those new BPP_READ / BPP_WAITFOR macros - they can check the EOF flag every time the coroutine is resumed.) Secondly, the error reporting itself is changed around again. I'd expected to put some data fields in the public PacketProtocolLayer structure that it could set to report errors in the same way as the BPPs have been doing, but in the end, I decided propagating all those data fields around was a pain and that even the BPPs shouldn't have been doing it that way. So I've reverted to a system where everything calls back to functions in ssh.c itself to report any connection- ending condition. But there's a new family of those functions, categorising the possible such conditions by semantics, and each one has a different set of detailed effects (e.g. how rudely to close the network connection, what exit status should be passed back to the whole application, whether to send a disconnect message and/or display a GUI error box). I don't expect this to be immediately perfect: of course, the code has been through a big upheaval, new bugs are expected, and I haven't been able to do a full job of testing (e.g. I haven't tested every auth or kex method). But I've checked that it _basically_ works - both SSH protocols, all the different kinds of forwarding channel, more than one auth method, Windows and Linux, connection sharing - and I think it's now at the point where the easiest way to find further bugs is to let it out into the wild and see what users can spot.
2018-09-24 17:28:16 +00:00
return;
eof:
ssh_remote_error(s->bpp.ssh,
Server prep: reword messages to be client/server agnostic. Lots of user-facing messages that claim that the 'server' just did something or other unexpected will now need to be issued _by_ the server, when the client does the same unexpected thing. So I've reworded them all to talk about the 'remote side' instead of the 'server', and the SSH-2 key setup messages talk about initialising inbound and outbound crypto primitives rather than client->server and server->client.
2018-10-20 20:52:45 +00:00
"Remote side unexpectedly closed network connection");
Fix use-after-free on a network error. When any BPP calls ssh_remote_error or ssh_remote_eof, it triggers an immediate cleanup of the BPP itself - so on return from one of those functions we should avoid going straight to the crFinish macro, because that will write to s->crState, which no longer exists.
2018-09-28 10:26:26 +00:00
return; /* avoid touching s now it's been freed */
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
crFinishV;
}
static PktOut *ssh_verstring_new_pktout(int type)
{
Replace assert(false) with an unreachable() macro. Taking a leaf out of the LLVM code base: this macro still includes an assert(false) so that the message will show up in a typical build, but it follows it up with a call to a function explicitly marked as no- return. So this ought to do a better job of convincing compilers that once a code path hits this function it _really doesn't_ have to still faff about with making up a bogus return value or filling in a variable that 'might be used uninitialised' in the following code that won't be reached anyway. I've gone through the existing code looking for the assert(false) / assert(0) idiom and replaced all the ones I found with the new macro, which also meant I could remove a few pointless return statements and variable initialisations that I'd already had to put in to placate compiler front ends.
2019-01-03 08:12:19 +00:00
unreachable("Should never try to send packets during SSH version "
"string exchange");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
Give the BPP an input and output packet queue. Now, instead of writing each packet straight on to the raw output bufchain by calling the BPP's format_packet function, the higher protocol layers will put the packets on to a queue, which will automatically trigger a callback (using the new mechanism for embedding a callback in any packet queue) to make the BPP format its queue on to the raw-output bufchain. That in turn triggers a second callback which moves the data to the socket. This means in particular that the CBC ignore-message workaround can be moved into the new BPP routine to process the output queue, which is a good place for it because then it can easily arrange to only put an ignore message at the start of any sequence of packets that are being formatted as a single output blob.
2018-09-24 17:08:09 +00:00
static void ssh_verstring_handle_output(BinaryPacketProtocol *bpp)
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
{
Fix crash when disconnecting in verstring phase. If we disconnect because the two ends' SSH protocol versions don't match, ssh_initiate_connection_close triggers a call to the BPP's handle_output method, and sshverstring's one of those unconditionally fails an assertion on the basis that nobody should be trying to send SSH packets at that stage of the connection. In fact this call to handle_output is only precautionary, and it's unproblematic because there aren't any packets on the output queue. So the assertion is now conditional on there actually being an erroneous packet.
2018-10-07 19:37:30 +00:00
if (pq_peek(&bpp->out_pq)) {
Replace assert(false) with an unreachable() macro. Taking a leaf out of the LLVM code base: this macro still includes an assert(false) so that the message will show up in a typical build, but it follows it up with a call to a function explicitly marked as no- return. So this ought to do a better job of convincing compilers that once a code path hits this function it _really doesn't_ have to still faff about with making up a bogus return value or filling in a variable that 'might be used uninitialised' in the following code that won't be reached anyway. I've gone through the existing code looking for the assert(false) / assert(0) idiom and replaced all the ones I found with the new macro, which also meant I could remove a few pointless return statements and variable initialisations that I'd already had to put in to placate compiler front ends.
2019-01-03 08:12:19 +00:00
unreachable("Should never try to send packets during SSH version "
"string exchange");
Fix crash when disconnecting in verstring phase. If we disconnect because the two ends' SSH protocol versions don't match, ssh_initiate_connection_close triggers a call to the BPP's handle_output method, and sshverstring's one of those unconditionally fails an assertion on the basis that nobody should be trying to send SSH packets at that stage of the connection. In fact this call to handle_output is only precautionary, and it's unproblematic because there aren't any packets on the output queue. So the assertion is now conditional on there actually being an erroneous packet.
2018-10-07 19:37:30 +00:00
}
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
/*
* Examine the remote side's version string, and compare it against a
* list of known buggy implementations.
*/
static void ssh_detect_bugs(struct ssh_verstring_state *s)
{
Refactor the LogContext type. LogContext is now the owner of the logevent() function that back ends and so forth are constantly calling. Previously, logevent was owned by the Frontend, which would store the message into its list for the GUI Event Log dialog (or print it to standard error, or whatever) and then pass it _back_ to LogContext to write to the currently open log file. Now it's the other way round: LogContext gets the message from the back end first, writes it to its log file if it feels so inclined, and communicates it back to the front end. This means that lots of parts of the back end system no longer need to have a pointer to a full-on Frontend; the only thing they needed it for was logging, so now they just have a LogContext (which many of them had to have anyway, e.g. for logging SSH packets or session traffic). LogContext itself also doesn't get a full Frontend pointer any more: it now talks back to the front end via a little vtable of its own called LogPolicy, which contains the method that passes Event Log entries through, the old askappend() function that decides whether to truncate a pre-existing log file, and an emergency function for printing an especially prominent message if the log file can't be created. One minor nice effect of this is that console and GUI apps can implement that last function subtly differently, so that Unix console apps can write it with a plain \n instead of the \r\n (harmless but inelegant) that the old centralised implementation generated. One other consequence of this is that the LogContext has to be provided to backend_init() so that it's available to backends from the instant of creation, rather than being provided via a separate API call a couple of function calls later, because backends have typically started doing things that need logging (like making network connections) before the call to backend_provide_logctx. Fortunately, there's no case in the whole code base where we don't already have logctx by the time we make a backend (so I don't actually remember why I ever delayed providing one). So that shortens the backend API by one function, which is always nice. While I'm tidying up, I've also moved the printf-style logeventf() and the handy logevent_and_free() into logging.c, instead of having copies of them scattered around other places. This has also let me remove some stub functions from a couple of outlying applications like Pageant. Finally, I've removed the pointless "_tag" at the end of LogContext's official struct name.
2018-10-10 18:26:18 +00:00
BinaryPacketProtocol *bpp = &s->bpp; /* for bpp_logevent */
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
const char *imp = s->softwareversion;
s->remote_bugs = 0;
/*
* General notes on server version strings:
* - Not all servers reporting "Cisco-1.25" have all the bugs listed
* here -- in particular, we've heard of one that's perfectly happy
* with SSH1_MSG_IGNOREs -- but this string never seems to change,
* so we can't distinguish them.
*/
if (conf_get_int(s->conf, CONF_sshbug_ignore1) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_ignore1) == AUTO &&
(!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
!strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
!strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
!strcmp(imp, "OSU_1.4alpha3") || !strcmp(imp, "OSU_1.5alpha4")))) {
/*
* These versions don't support SSH1_MSG_IGNORE, so we have
* to use a different defence against password length
* sniffing.
*/
s->remote_bugs |= BUG_CHOKES_ON_SSH1_IGNORE;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-1 ignore bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_plainpw1) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_plainpw1) == AUTO &&
(!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
/*
* These versions need a plain password sent; they can't
* handle having a null and a random length of data after
* the password.
*/
s->remote_bugs |= BUG_NEEDS_SSH1_PLAIN_PASSWORD;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version needs a "
"plain SSH-1 password");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_rsa1) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_rsa1) == AUTO &&
(!strcmp(imp, "Cisco-1.25")))) {
/*
* These versions apparently have no clue whatever about
* RSA authentication and will panic and die if they see
* an AUTH_RSA message.
*/
s->remote_bugs |= BUG_CHOKES_ON_RSA;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version can't handle SSH-1 "
"RSA authentication");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_hmac2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_hmac2) == AUTO &&
!wc_match("* VShell", imp) &&
(wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
wc_match("2.1 *", imp)))) {
/*
* These versions have the HMAC bug.
*/
s->remote_bugs |= BUG_SSH2_HMAC;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 HMAC bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_derivekey2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_derivekey2) == AUTO &&
!wc_match("* VShell", imp) &&
(wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
/*
* These versions have the key-derivation bug (failing to
* include the literal shared secret in the hashes that
* generate the keys).
*/
s->remote_bugs |= BUG_SSH2_DERIVEKEY;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 "
"key-derivation bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_rsapad2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_rsapad2) == AUTO &&
(wc_match("OpenSSH_2.[5-9]*", imp) ||
wc_match("OpenSSH_3.[0-2]*", imp) ||
wc_match("mod_sftp/0.[0-8]*", imp) ||
wc_match("mod_sftp/0.9.[0-8]", imp)))) {
/*
* These versions have the SSH-2 RSA padding bug.
*/
s->remote_bugs |= BUG_SSH2_RSA_PADDING;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 RSA padding bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_pksessid2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_pksessid2) == AUTO &&
wc_match("OpenSSH_2.[0-2]*", imp))) {
/*
* These versions have the SSH-2 session-ID bug in
* public-key authentication.
*/
s->remote_bugs |= BUG_SSH2_PK_SESSIONID;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 "
"public-key-session-ID bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_rekey2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_rekey2) == AUTO &&
(wc_match("DigiSSH_2.0", imp) ||
wc_match("OpenSSH_2.[0-4]*", imp) ||
wc_match("OpenSSH_2.5.[0-3]*", imp) ||
wc_match("Sun_SSH_1.0", imp) ||
wc_match("Sun_SSH_1.0.1", imp) ||
/* All versions <= 1.2.6 (they changed their format in 1.2.7) */
wc_match("WeOnlyDo-*", imp)))) {
/*
* These versions have the SSH-2 rekey bug.
*/
s->remote_bugs |= BUG_SSH2_REKEY;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 rekey bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_maxpkt2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_maxpkt2) == AUTO &&
(wc_match("1.36_sshlib GlobalSCAPE", imp) ||
wc_match("1.36 sshlib: GlobalScape", imp)))) {
/*
* This version ignores our makpkt and needs to be throttled.
*/
s->remote_bugs |= BUG_SSH2_MAXPKT;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version ignores SSH-2 "
"maximum packet size");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_ignore2) == FORCE_ON) {
/*
* Servers that don't support SSH2_MSG_IGNORE. Currently,
* none detected automatically.
*/
s->remote_bugs |= BUG_CHOKES_ON_SSH2_IGNORE;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 ignore bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_oldgex2) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_oldgex2) == AUTO &&
(wc_match("OpenSSH_2.[235]*", imp)))) {
/*
* These versions only support the original (pre-RFC4419)
* SSH-2 GEX request, and disconnect with a protocol error if
* we use the newer version.
*/
s->remote_bugs |= BUG_SSH2_OLDGEX;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has outdated SSH-2 GEX");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_winadj) == FORCE_ON) {
/*
* Servers that don't support our winadj request for one
* reason or another. Currently, none detected automatically.
*/
s->remote_bugs |= BUG_CHOKES_ON_WINADJ;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has winadj bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
if (conf_get_int(s->conf, CONF_sshbug_chanreq) == FORCE_ON ||
(conf_get_int(s->conf, CONF_sshbug_chanreq) == AUTO &&
(wc_match("OpenSSH_[2-5].*", imp) ||
wc_match("OpenSSH_6.[0-6]*", imp) ||
wc_match("dropbear_0.[2-4][0-9]*", imp) ||
wc_match("dropbear_0.5[01]*", imp)))) {
/*
* These versions have the SSH-2 channel request bug.
* OpenSSH 6.7 and above do not:
* https://bugzilla.mindrot.org/show_bug.cgi?id=1818
* dropbear_0.52 and above do not:
* https://secure.ucc.asn.au/hg/dropbear/rev/cd02449b709c
*/
s->remote_bugs |= BUG_SENDS_LATE_REQUEST_REPLY;
Start using C99 variadic macros. In the past, I've had a lot of macros which you call with double parentheses, along the lines of debug(("format string", params)), so that the inner parens protect the commas and permit the macro to treat the whole printf-style argument list as one macro argument. That's all very well, but it's a bit inconvenient (it doesn't leave you any way to implement such a macro by prepending another argument to the list), and now this code base's rules allow C99isms, I can switch all those macros to using a single pair of parens, using the C99 ability to say '...' in the parameter list of the #define and get at the corresponding suffix of the arguments as __VA_ARGS__. So I'm doing it. I've made the following printf-style macros variadic: bpp_logevent, ppl_logevent, ppl_printf and debug. While I'm here, I've also fixed up a collection of conditioned-out calls to debug() in the Windows front end which were clearly expecting a macro with a different calling syntax, because they had an integer parameter first. If I ever have a need to condition those back in, they should actually work now.
2018-12-08 20:32:31 +00:00
bpp_logevent("We believe remote version has SSH-2 "
"channel request bug");
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
}
}
const char *ssh_verstring_get_remote(BinaryPacketProtocol *bpp)
{
struct ssh_verstring_state *s =
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
container_of(bpp, struct ssh_verstring_state, bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
return s->vstring;
}
const char *ssh_verstring_get_local(BinaryPacketProtocol *bpp)
{
struct ssh_verstring_state *s =
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
container_of(bpp, struct ssh_verstring_state, bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
return s->our_vstring;
}
int ssh_verstring_get_bugs(BinaryPacketProtocol *bpp)
{
struct ssh_verstring_state *s =
Rename FROMFIELD to 'container_of'. Ian Jackson points out that the Linux kernel has a macro of this name with the same purpose, and suggests that it's a good idea to use the same name as they do, so that at least some people reading one code base might recognise it from the other. I never really thought very hard about what order FROMFIELD's parameters should go in, and therefore I'm pleasantly surprised to find that my order agrees with the kernel's, so I don't have to permute every call site as part of making this change :-)
2018-10-05 22:49:08 +00:00
container_of(bpp, struct ssh_verstring_state, bpp);
Move version string exchange out into a BPP. Getting it out of the overgrown ssh.c is worthwhile in itself! But there are other benefits of this reorganisation too. One is that I get to remove ssh->current_incoming_data_fn, because now _all_ incoming network data is handled by whatever the current BPP is. So now we only indirect through the BPP, not through some other preliminary function pointer _and_ the BPP. Another is that all _outgoing_ network data is now handled centrally, including our outgoing version string - which means that a hex dump of that string now shows up in the raw-data log file, from which it was previously conspicuous by its absence.
2018-09-19 16:37:00 +00:00
return s->remote_bugs;
}
Move SSH_MSG_DISCONNECT construction into the BPP. This is a convenient place for it because it abstracts away the difference in disconnect packet formats between SSH-1 and -2, so when I start restructuring, I'll be able to call it even from places that don't know which version of SSH they're running.
2018-09-24 17:14:33 +00:00
static void ssh_verstring_queue_disconnect(BinaryPacketProtocol *bpp,
const char *msg, int category)
{
/* No way to send disconnect messages at this stage of the protocol! */
}
Reference in New Issue Copy Permalink