nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-07 06:22:47 -05:00
Code Issues Projects Releases Wiki Activity

Rework handling of untrusted terminal data.

Browse Source 
Now there's a centralised routine in misc.c to do the sanitisation,
which copies data on to an outgoing bufchain. This allows me to remove
from_backend_untrusted() completely from the frontend API, simplifying
code in several places.

Two use cases for untrusted-terminal-data sanitisation were in the
terminal.c prompts handler, and in the collection of SSH-2 userauth
banners. Both of those were writing output to a bufchain anyway, so
it was very convenient to just replace a bufchain_add with
sanitise_term_data and then not have to worry about it again.

There was also a simplistic sanitiser in uxcons.c, which I've now
replaced with a call to the good one - and in wincons.c there was a
FIXME saying I ought to get round to that, which now I have!
This commit is contained in:
Simon Tatham
2018-09-19 18:22:36 +01:00
parent af8e526a7d
commit 63a14f26f7
13 changed files with 64 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ssh.c
View File

@ -1078,14 +1078,6 @@ static void c_write(Ssh ssh, const void *buf, int len)
from_backend(ssh->frontend, 1, buf, len);
}
static void c_write_untrusted(Ssh ssh, const void *buf, int len)
{
if (flags & FLAG_STDERR)
c_write_stderr(0, buf, len);
else
from_backend_untrusted(ssh->frontend, buf, len);
}
static void c_write_str(Ssh ssh, const char *buf)
{
c_write(ssh, buf, strlen(buf));
@ -7066,7 +7058,7 @@ static void ssh2_msg_userauth_banner(Ssh ssh, PktIn *pktin)
bufchain_size(&ssh->banner) <= 131072) {
ptrlen banner = get_string(pktin);
if (banner.len)
bufchain_add(&ssh->banner, banner.ptr, banner.len);
sanitise_term_data(&ssh->banner, banner.ptr, banner.len);
}
}
@ -7679,11 +7671,15 @@ static void do_ssh2_userauth(void *vctx)
* banner _anyway_, and moreover the printing of
* the banner will screw up processing on the
* output of (say) plink.)
*
* The banner data has been sanitised already by this
* point, so we can safely send it straight to the
* output channel.
*/
if (size && (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE))) {
char *banner = snewn(size, char);
bufchain_fetch(&ssh->banner, banner, size);
c_write_untrusted(ssh, banner, size);
c_write(ssh, banner, size);
sfree(banner);
}
bufchain_clear(&ssh->banner);