mirror of
https://git.tartarus.org/simon/putty.git
synced 2025-01-10 01:48:00 +00:00
Fix mishandling of refusal to compress in SSH-1.
I've just noticed that we call ssh1_bpp_start_compression even if the server responded to our compression request with SSH1_SMSG_FAILURE! Also, while I'm here, there's a potential race condition if the server were to send an unrelated message (such as SSH1_MSG_IGNORE) immediately after the SSH1_SMSG_SUCCESS that indicates compression being enabled - the BPP would try to decode the compressed IGNORE message before the SUCCESS got to the higher layer that would tell the BPP it should have enabled compression. Fixed that by changing the method by which we tell the BPP what's going on.
This commit is contained in:
parent
a19faa4527
commit
562cdd4df1
5
ssh.c
5
ssh.c
@ -3200,6 +3200,7 @@ static void do_ssh1_connection(void *vctx)
|
||||
pkt = ssh_bpp_new_pktout(ssh->bpp, SSH1_CMSG_REQUEST_COMPRESSION);
|
||||
put_uint32(pkt, 6); /* gzip compression level */
|
||||
ssh_pkt_write(ssh, pkt);
|
||||
ssh1_bpp_requested_compression(ssh->bpp);
|
||||
crMaybeWaitUntilV((pktin = pq_pop(&ssh->pq_ssh1_connection)) != NULL);
|
||||
if (pktin->type != SSH1_SMSG_SUCCESS
|
||||
&& pktin->type != SSH1_SMSG_FAILURE) {
|
||||
@ -3207,9 +3208,9 @@ static void do_ssh1_connection(void *vctx)
|
||||
crStopV;
|
||||
} else if (pktin->type == SSH1_SMSG_FAILURE) {
|
||||
c_write_str(ssh, "Server refused to compress\r\n");
|
||||
}
|
||||
} else {
|
||||
logevent("Started zlib (RFC1950) compression");
|
||||
ssh1_bpp_start_compression(ssh->bpp);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
23
ssh1bpp.c
23
ssh1bpp.c
@ -21,6 +21,7 @@ struct ssh1_bpp_state {
|
||||
|
||||
struct crcda_ctx *crcda_ctx;
|
||||
|
||||
int pending_compression_request;
|
||||
ssh_compressor *compctx;
|
||||
ssh_decompressor *decompctx;
|
||||
|
||||
@ -82,17 +83,13 @@ void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
||||
}
|
||||
}
|
||||
|
||||
void ssh1_bpp_start_compression(BinaryPacketProtocol *bpp)
|
||||
void ssh1_bpp_requested_compression(BinaryPacketProtocol *bpp)
|
||||
{
|
||||
struct ssh1_bpp_state *s;
|
||||
assert(bpp->vt == &ssh1_bpp_vtable);
|
||||
s = FROMFIELD(bpp, struct ssh1_bpp_state, bpp);
|
||||
|
||||
assert(!s->compctx);
|
||||
assert(!s->decompctx);
|
||||
|
||||
s->compctx = ssh_compressor_new(&ssh_zlib);
|
||||
s->decompctx = ssh_decompressor_new(&ssh_zlib);
|
||||
s->pending_compression_request = TRUE;
|
||||
}
|
||||
|
||||
static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
|
||||
@ -210,6 +207,20 @@ static void ssh1_bpp_handle_input(BinaryPacketProtocol *bpp)
|
||||
|
||||
if (type == SSH1_MSG_DISCONNECT)
|
||||
s->bpp.seen_disconnect = TRUE;
|
||||
|
||||
if (type == SSH1_SMSG_SUCCESS && s->pending_compression_request) {
|
||||
assert(!s->compctx);
|
||||
assert(!s->decompctx);
|
||||
|
||||
s->compctx = ssh_compressor_new(&ssh_zlib);
|
||||
s->decompctx = ssh_decompressor_new(&ssh_zlib);
|
||||
|
||||
s->pending_compression_request = FALSE;
|
||||
}
|
||||
|
||||
if (type == SSH1_SMSG_FAILURE && s->pending_compression_request) {
|
||||
s->pending_compression_request = FALSE;
|
||||
}
|
||||
}
|
||||
}
|
||||
crFinishV;
|
||||
|
6
sshbpp.h
6
sshbpp.h
@ -34,7 +34,11 @@ BinaryPacketProtocol *ssh1_bpp_new(void);
|
||||
void ssh1_bpp_new_cipher(BinaryPacketProtocol *bpp,
|
||||
const struct ssh1_cipheralg *cipher,
|
||||
const void *session_key);
|
||||
void ssh1_bpp_start_compression(BinaryPacketProtocol *bpp);
|
||||
/* requested_compression() notifies the SSH-1 BPP that we've just sent
|
||||
* a request to enable compression, which means that on receiving the
|
||||
* next SSH1_SMSG_SUCCESS or SSH1_SMSG_FAILURE message, it should set
|
||||
* up zlib compression if it was SUCCESS. */
|
||||
void ssh1_bpp_requested_compression(BinaryPacketProtocol *bpp);
|
||||
|
||||
/*
|
||||
* Structure that tracks how much data is sent and received, for
|
||||
|
Loading…
Reference in New Issue
Block a user