From 76a32c514c1f8be6f117f86f26aba93e13147086 Mon Sep 17 00:00:00 2001
From: Simon Tatham <anakin@pobox.com>
Date: Mon, 22 Oct 2018 20:34:17 +0100
Subject: [PATCH] Fix two bugs in SSH-1 TIS and CryptoCard auth.

Firstly, these protocols had a display heuristic - credited to OpenSSH
in the comments - in which, if the challenge string contained a
newline, it was supposed to be printed with "Response: " on the next
line, whereas if it didn't, it would be taken as a prompt in its own
right. In fact, I had got the sense of memchr backwards, so each
behaviour was applying in the opposite case.

Secondly, apparently I'd never before tested against a server that
offered _both_ those methods, because when I tried it against Uppity
just now, I found that the setup and challenge phases for both methods
ran in immediate succession before prompting the user, which confused
the server completely. This is exactly why I wanted to have a server
implementation of everything PuTTY is supposed to speak the client
side of!
---
 ssh1login.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ssh1login.c b/ssh1login.c
index 1d5b92b9..ae02b314 100644
--- a/ssh1login.c
+++ b/ssh1login.c
@@ -821,7 +821,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
                 s->cur_prompt->to_server = TRUE;
                 s->cur_prompt->name = dupstr("SSH TIS authentication");
                 /* Prompt heuristic comes from OpenSSH */
-                if (memchr(challenge.ptr, '\n', challenge.len)) {
+                if (!memchr(challenge.ptr, '\n', challenge.len)) {
                     instr_suf = dupstr("");
                     prompt = mkstr(challenge);
                 } else {
@@ -842,8 +842,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
                                 ssh1_pkt_type(pktin->type));
                 return;
             }
-        }
-        if (conf_get_int(s->conf, CONF_try_tis_auth) &&
+        } else if (conf_get_int(s->conf, CONF_try_tis_auth) &&
             (s->supported_auths_mask & (1 << SSH1_AUTH_CCARD)) &&
             !s->ccard_auth_refused) {
             s->pwpkt_type = SSH1_CMSG_AUTH_CCARD_RESPONSE;
@@ -871,7 +870,7 @@ static void ssh1_login_process_queue(PacketProtocolLayer *ppl)
                 s->cur_prompt->name = dupstr("SSH CryptoCard authentication");
                 s->cur_prompt->name_reqd = FALSE;
                 /* Prompt heuristic comes from OpenSSH */
-                if (memchr(challenge.ptr, '\n', challenge.len)) {
+                if (!memchr(challenge.ptr, '\n', challenge.len)) {
                     instr_suf = dupstr("");
                     prompt = mkstr(challenge);
                 } else {