1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 01:02:24 +00:00

Robustness fixes for KEXINIT handling and others. In particular, I've

created a self-mallocing variant of sprintf, to obviate any future
need for paranoid %.100s type stuff in format strings.

[originally from svn r2199]
This commit is contained in:
Simon Tatham 2002-11-07 19:49:03 +00:00
parent 7a85e73e57
commit 7c95ea19c8
11 changed files with 306 additions and 247 deletions

60
misc.c
View File

@ -1,6 +1,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <ctype.h>
#include <assert.h>
#include "putty.h"
@ -8,7 +9,7 @@
* String handling routines.
*/
char *dupstr(char *s)
char *dupstr(const char *s)
{
int len = strlen(s);
char *p = smalloc(len + 1);
@ -17,7 +18,7 @@ char *dupstr(char *s)
}
/* Allocate the concatenation of N strings. Terminate arg list with NULL. */
char *dupcat(char *s1, ...)
char *dupcat(const char *s1, ...)
{
int len;
char *p, *q, *sn;
@ -50,6 +51,56 @@ char *dupcat(char *s1, ...)
return p;
}
/*
* Do an sprintf(), but into a custom-allocated buffer.
*
* Irritatingly, we don't seem to be able to do this portably using
* vsnprintf(), because there appear to be issues with re-using the
* same va_list for two calls, and the excellent C99 va_copy is not
* yet widespread. Bah. Instead I'm going to do a horrid, horrid
* hack, in which I trawl the format string myself, work out the
* maximum length of each format component, and resize the buffer
* before printing it.
*/
char *dupprintf(const char *fmt, ...)
{
char *ret;
va_list ap;
va_start(ap, fmt);
ret = dupvprintf(fmt, ap);
va_end(ap);
return ret;
}
char *dupvprintf(const char *fmt, va_list ap)
{
char *buf;
int len, size;
buf = smalloc(512);
size = 512;
while (1) {
#ifdef _WINDOWS
#define vsnprintf _vsnprintf
#endif
len = vsnprintf(buf, size, fmt, ap);
if (len >= 0 && len < size) {
/* This is the C99-specified criterion for snprintf to have
* been completely successful. */
return buf;
} else if (len > 0) {
/* This is the C99 error condition: the returned length is
* the required buffer size not counting the NUL. */
size = len + 1;
} else {
/* This is the pre-C99 glibc error condition: <0 means the
* buffer wasn't big enough, so we enlarge it a bit and hope. */
size += 512;
}
buf = srealloc(buf, size);
}
}
/* ----------------------------------------------------------------------
* Base64 encoding routine. This is required in public-key writing
* but also in HTTP proxy handling, so it's centralised here.
@ -564,12 +615,13 @@ static void dputs(char *buf)
void dprintf(char *fmt, ...)
{
char buf[2048];
char *buf;
va_list ap;
va_start(ap, fmt);
vsprintf(buf, fmt, ap);
buf = dupvprintf(fmt, ap);
dputs(buf);
sfree(buf);
va_end(ap);
}

8
misc.h
View File

@ -3,6 +3,8 @@
#include "puttymem.h"
#include <stdarg.h> /* for va_list */
#ifndef FALSE
#define FALSE 0
#endif
@ -10,8 +12,10 @@
#define TRUE 1
#endif
char *dupstr(char *s);
char *dupcat(char *s1, ...);
char *dupstr(const char *s);
char *dupcat(const char *s1, ...);
char *dupprintf(const char *fmt, ...);
char *dupvprintf(const char *fmt, va_list ap);
void base64_encode_atom(unsigned char *data, int n, char *out);

View File

@ -65,13 +65,14 @@ static int initial_menuitems_count;
void modalfatalbox(char *fmt, ...)
{
va_list ap;
char stuff[200];
char *buf;
va_start(ap, fmt);
vsprintf(stuff, fmt, ap);
buf = dupvprintf(fmt, ap);
va_end(ap);
MessageBox(main_hwnd, stuff, "Pageant Fatal Error",
MessageBox(main_hwnd, buf, "Pageant Fatal Error",
MB_SYSTEMMODAL | MB_ICONERROR | MB_OK);
sfree(buf);
exit(1);
}
@ -1781,10 +1782,11 @@ void spawn_cmd(char *cmdline, char * args, int show)
{
if (ShellExecute(NULL, _T("open"), cmdline,
args, NULL, show) <= (HINSTANCE) 32) {
TCHAR sMsg[140];
sprintf(sMsg, _T("Failed to run \"%.100s\", Error: %d"), cmdline,
(int)GetLastError());
MessageBox(NULL, sMsg, APPNAME, MB_OK | MB_ICONEXCLAMATION);
char *msg;
msg = dupprintf("Failed to run \"%.100s\", Error: %d", cmdline,
(int)GetLastError());
MessageBox(NULL, msg, APPNAME, MB_OK | MB_ICONEXCLAMATION);
sfree(msg);
}
}

13
proxy.c
View File

@ -459,13 +459,14 @@ int proxy_http_negotiate (Proxy_Socket p, int change)
* for this proxy method, it's just a simple HTTP
* request
*/
char buf[256], dest[64];
char *buf, dest[64];
sk_getaddr(p->remote_addr, dest, 64);
sprintf(buf, "CONNECT %s:%i HTTP/1.1\r\nHost: %s:%i\r\n",
dest, p->remote_port, dest, p->remote_port);
buf = dupprintf("CONNECT %s:%i HTTP/1.1\r\nHost: %s:%i\r\n",
dest, p->remote_port, dest, p->remote_port);
sk_write(p->sub_socket, buf, strlen(buf));
sfree(buf);
if (cfg.proxy_username[0] || cfg.proxy_password[0]) {
char buf[sizeof(cfg.proxy_username)+sizeof(cfg.proxy_password)];
@ -556,14 +557,14 @@ int proxy_http_negotiate (Proxy_Socket p, int change)
bufchain_consume(&p->pending_input_data, eol);
if (data[status] != '2') {
/* error */
char buf[1024];
char *buf;
data[eol] = '\0';
while (eol > status &&
(data[eol-1] == '\r' || data[eol-1] == '\n'))
data[--eol] = '\0';
sprintf(buf, "Proxy error: %.900s",
data+status);
buf = dupprintf("Proxy error: %s", data+status);
plug_closing(p->plug, buf, PROXY_ERROR_GENERAL, 0);
sfree(buf);
sfree(data);
return 1;
}

33
psftp.c
View File

@ -1448,40 +1448,43 @@ static int verbose = 0;
*/
void fatalbox(char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal:");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
fputs(str, stderr);
fputs(str2, stderr);
sfree(str2);
cleanup_exit(1);
}
void modalfatalbox(char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal:");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
fputs(str, stderr);
fputs(str2, stderr);
sfree(str2);
cleanup_exit(1);
}
void connection_fatal(void *frontend, char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal:");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
fputs(str, stderr);
fputs(str2, stderr);
sfree(str2);
cleanup_exit(1);
}

View File

@ -28,13 +28,14 @@ static char *cmdline_keyfile = NULL;
void modalfatalbox(char *fmt, ...)
{
va_list ap;
char stuff[200];
char *stuff;
va_start(ap, fmt);
vsprintf(stuff, fmt, ap);
stuff = dupvprintf(fmt, ap);
va_end(ap);
MessageBox(NULL, stuff, "PuTTYgen Fatal Error",
MB_SYSTEMMODAL | MB_ICONERROR | MB_OK);
sfree(stuff);
exit(1);
}
@ -364,10 +365,8 @@ static void setupbigedit1(HWND hwnd, int id, int idstatic, struct RSAKey *key)
dec1 = bignum_decimal(key->exponent);
dec2 = bignum_decimal(key->modulus);
buffer = smalloc(strlen(dec1) + strlen(dec2) +
strlen(key->comment) + 30);
sprintf(buffer, "%d %s %s %s",
bignum_bitcount(key->modulus), dec1, dec2, key->comment);
buffer = dupprintf("%d %s %s %s", bignum_bitcount(key->modulus),
dec1, dec2, key->comment);
SetDlgItemText(hwnd, id, buffer);
SetDlgItemText(hwnd, idstatic,
"&Public key for pasting into authorized_keys file:");
@ -1154,12 +1153,13 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
int ret;
FILE *fp = fopen(filename, "r");
if (fp) {
char buffer[FILENAME_MAX + 80];
char *buffer;
fclose(fp);
sprintf(buffer, "Overwrite existing file\n%.*s?",
FILENAME_MAX, filename);
buffer = dupprintf("Overwrite existing file\n%s?",
filename);
ret = MessageBox(hwnd, buffer, "PuTTYgen Warning",
MB_YESNO | MB_ICONWARNING);
sfree(buffer);
if (ret != IDYES)
break;
}
@ -1197,12 +1197,13 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
int ret;
FILE *fp = fopen(filename, "r");
if (fp) {
char buffer[FILENAME_MAX + 80];
char *buffer;
fclose(fp);
sprintf(buffer, "Overwrite existing file\n%.*s?",
FILENAME_MAX, filename);
buffer = dupprintf("Overwrite existing file\n%s?",
filename);
ret = MessageBox(hwnd, buffer, "PuTTYgen Warning",
MB_YESNO | MB_ICONWARNING);
sfree(buffer);
if (ret != IDYES)
break;
}

10
raw.c
View File

@ -90,9 +90,10 @@ static char *raw_init(void *frontend_handle, void **backend_handle,
* Try to find host.
*/
{
char buf[200];
sprintf(buf, "Looking up host \"%.170s\"", host);
char *buf;
buf = dupprintf("Looking up host \"%s\"", host);
logevent(raw->frontend, buf);
sfree(buf);
}
addr = sk_namelookup(host, realhost);
if ((err = sk_addr_error(addr)))
@ -105,10 +106,11 @@ static char *raw_init(void *frontend_handle, void **backend_handle,
* Open socket.
*/
{
char buf[200], addrbuf[100];
char *buf, addrbuf[100];
sk_getaddr(addr, addrbuf, 100);
sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
buf = dupprintf("Connecting to %s port %d", addrbuf, port);
logevent(raw->frontend, buf);
sfree(buf);
}
raw->s = new_connection(addr, *realhost, port, 0, 1, nodelay, (Plug) raw);
if ((err = sk_socket_error(raw->s)))

View File

@ -121,9 +121,10 @@ static char *rlogin_init(void *frontend_handle, void **backend_handle,
* Try to find host.
*/
{
char buf[200];
sprintf(buf, "Looking up host \"%.170s\"", host);
char *buf;
buf = dupprintf("Looking up host \"%s\"", host);
logevent(rlogin->frontend, buf);
sfree(buf);
}
addr = sk_namelookup(host, realhost);
if ((err = sk_addr_error(addr)))
@ -136,10 +137,11 @@ static char *rlogin_init(void *frontend_handle, void **backend_handle,
* Open socket.
*/
{
char buf[200], addrbuf[100];
char *buf, addrbuf[100];
sk_getaddr(addr, addrbuf, 100);
sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
buf = dupprintf("Connecting to %s port %d", addrbuf, port);
logevent(rlogin->frontend, buf);
sfree(buf);
}
rlogin->s = new_connection(addr, *realhost, port, 1, 0,
nodelay, (Plug) rlogin);

89
scp.c
View File

@ -160,13 +160,15 @@ static void tell_str(FILE * stream, char *str)
static void tell_user(FILE * stream, char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
vsprintf(str, fmt, ap);
str = dupvprintf(fmt, ap);
va_end(ap);
strcat(str, "\n");
tell_str(stream, str);
str2 = dupcat(str, "\n", NULL);
sfree(str);
tell_str(stream, str2);
sfree(str2);
}
static void gui_update_stats(char *name, unsigned long size,
@ -216,14 +218,15 @@ static void gui_update_stats(char *name, unsigned long size,
*/
void fatalbox(char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal: ");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
tell_str(stderr, str);
tell_str(stderr, str2);
sfree(str2);
errs++;
if (gui_mode) {
@ -239,14 +242,15 @@ void fatalbox(char *fmt, ...)
}
void modalfatalbox(char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal: ");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
tell_str(stderr, str);
tell_str(stderr, str2);
sfree(str2);
errs++;
if (gui_mode) {
@ -262,14 +266,15 @@ void modalfatalbox(char *fmt, ...)
}
void connection_fatal(void *frontend, char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal: ");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
str2 = dupcat("Fatal: ", str, "\n", NULL);
sfree(str);
va_end(ap);
strcat(str, "\n");
tell_str(stderr, str);
tell_str(stderr, str2);
sfree(str2);
errs++;
if (gui_mode) {
@ -427,14 +432,15 @@ static void ssh_scp_init(void)
*/
static void bump(char *fmt, ...)
{
char str[0x100]; /* Make the size big enough */
char *str, *str2;
va_list ap;
va_start(ap, fmt);
strcpy(str, "Fatal: ");
vsprintf(str + strlen(str), fmt, ap);
str = dupvprintf(fmt, ap);
va_end(ap);
strcat(str, "\n");
tell_str(stderr, str);
str2 = dupcat(str, "\n", NULL);
sfree(str);
tell_str(stderr, str2);
sfree(str2);
errs++;
if (back != NULL && back->socket(backhandle) != NULL) {
@ -1503,16 +1509,17 @@ int scp_finish_filerecv(void)
*/
static void run_err(const char *fmt, ...)
{
char str[2048];
char *str, *str2;
va_list ap;
va_start(ap, fmt);
errs++;
strcpy(str, "scp: ");
vsprintf(str + strlen(str), fmt, ap);
strcat(str, "\n");
scp_send_errmsg(str);
tell_user(stderr, "%s", str);
str = dupvprintf(fmt, ap);
str2 = dupcat("scp: ", str, "\n", NULL);
sfree(str);
scp_send_errmsg(str2);
tell_user(stderr, "%s", str2);
va_end(ap);
sfree(str2);
}
/*
@ -1921,12 +1928,11 @@ static void toremote(int argc, char *argv[])
FindClose(fh);
}
cmd = smalloc(strlen(targ) + 100);
sprintf(cmd, "scp%s%s%s%s -t %s",
verbose ? " -v" : "",
recursive ? " -r" : "",
preserve ? " -p" : "",
targetshouldbedirectory ? " -d" : "", targ);
cmd = dupprintf("scp%s%s%s%s -t %s",
verbose ? " -v" : "",
recursive ? " -r" : "",
preserve ? " -p" : "",
targetshouldbedirectory ? " -d" : "", targ);
do_cmd(host, user, cmd);
sfree(cmd);
@ -2025,12 +2031,11 @@ static void tolocal(int argc, char *argv[])
user = NULL;
}
cmd = smalloc(strlen(src) + 100);
sprintf(cmd, "scp%s%s%s%s -f %s",
verbose ? " -v" : "",
recursive ? " -r" : "",
preserve ? " -p" : "",
targetshouldbedirectory ? " -d" : "", src);
cmd = dupprintf("scp%s%s%s%s -f %s",
verbose ? " -v" : "",
recursive ? " -r" : "",
preserve ? " -p" : "",
targetshouldbedirectory ? " -d" : "", src);
do_cmd(host, user, cmd);
sfree(cmd);

239
ssh.c
View File

@ -638,20 +638,29 @@ struct ssh_tag {
int (*s_rdpkt) (Ssh ssh, unsigned char **data, int *datalen);
};
#define logevent(s) { logevent(ssh->frontend, s); \
if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) \
{ fprintf(stderr, "%s\n", s); fflush(stderr); } }
#define logevent(s) do { \
logevent(ssh->frontend, s); \
if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) { \
fprintf(stderr, "%s\n", s); \
fflush(stderr); \
} \
} while (0)
/* logevent, only printf-formatted. */
void logeventf(Ssh ssh, char *fmt, ...)
{
va_list ap;
char stuff[200];
char *buf;
va_start(ap, fmt);
vsprintf(stuff, fmt, ap);
buf = dupvprintf(fmt, ap);
va_end(ap);
logevent(stuff);
logevent(buf);
if ((flags & FLAG_STDERR) && (flags & FLAG_VERBOSE)) {
fprintf(stderr, "%s\n", buf);
fflush(stderr);
}
sfree(buf);
}
#define bombout(msg) ( ssh->state = SSH_STATE_CLOSED, \
@ -1049,30 +1058,29 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
case SSH2_MSG_DISCONNECT:
{
/* log reason code in disconnect message */
char buf[256];
char *buf;
int nowlen;
int reason = GET_32BIT(ssh->pktin.data + 6);
unsigned msglen = GET_32BIT(ssh->pktin.data + 10);
unsigned nowlen;
if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
sprintf(buf, "Received disconnect message (%s)",
ssh2_disconnect_reasons[reason]);
buf = dupprintf("Received disconnect message (%s)",
ssh2_disconnect_reasons[reason]);
} else {
sprintf(buf, "Received disconnect message (unknown type %d)",
reason);
buf = dupprintf("Received disconnect message (unknown"
" type %d)", reason);
}
logevent(buf);
strcpy(buf, "Disconnection message text: ");
nowlen = strlen(buf);
if (msglen > sizeof(buf) - nowlen - 1)
msglen = sizeof(buf) - nowlen - 1;
memcpy(buf + nowlen, ssh->pktin.data + 14, msglen);
buf[nowlen + msglen] = '\0';
sfree(buf);
buf = dupprintf("Disconnection message text: %n%.*s",
msglen, &nowlen, ssh->pktin.data + 14);
logevent(buf);
bombout((ssh,"Server sent disconnect message\ntype %d (%s):\n\"%s\"",
reason,
(reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
ssh2_disconnect_reasons[reason] : "unknown",
buf+nowlen));
sfree(buf);
crReturn(0);
}
break;
@ -1612,11 +1620,15 @@ static int ssh2_pkt_getbool(Ssh ssh)
}
static void ssh2_pkt_getstring(Ssh ssh, char **p, int *length)
{
int len;
*p = NULL;
*length = 0;
if (ssh->pktin.length - ssh->pktin.savedpos < 4)
return;
*length = GET_32BIT(ssh->pktin.data + ssh->pktin.savedpos);
len = GET_32BIT(ssh->pktin.data + ssh->pktin.savedpos);
if (len < 0)
return;
*length = len;
ssh->pktin.savedpos += 4;
if (ssh->pktin.length - ssh->pktin.savedpos < *length)
return;
@ -2059,11 +2071,7 @@ static char *connect_to_host(Ssh ssh, char *host, int port,
/*
* Try to find host.
*/
{
char buf[200];
sprintf(buf, "Looking up host \"%.170s\"", host);
logevent(buf);
}
logeventf(ssh, "Looking up host \"%s\"", host);
addr = sk_namelookup(host, realhost);
if ((err = sk_addr_error(addr)))
return err;
@ -2072,10 +2080,9 @@ static char *connect_to_host(Ssh ssh, char *host, int port,
* Open socket.
*/
{
char buf[200], addrbuf[100];
char addrbuf[100];
sk_getaddr(addr, addrbuf, 100);
sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
logevent(buf);
logeventf(ssh, "Connecting to %s port %d", addrbuf, port);
}
ssh->fn = &fn_table;
ssh->s = new_connection(addr, *realhost, port, 0, 1, nodelay, (Plug) ssh);
@ -2396,11 +2403,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
&ssh_3des);
ssh->v1_cipher_ctx = ssh->cipher->make_context();
ssh->cipher->sesskey(ssh->v1_cipher_ctx, ssh->session_key);
{
char buf[256];
sprintf(buf, "Initialised %.200s encryption", ssh->cipher->text_name);
logevent(buf);
}
logeventf(ssh, "Initialised %s encryption", ssh->cipher->text_name);
ssh->crcda_ctx = crcda_make_context();
logevent("Installing CRC compensation attack detector");
@ -2664,8 +2667,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
char msgbuf[256];
if (flags & FLAG_VERBOSE)
c_write_str(ssh, "Trying public key authentication.\r\n");
sprintf(msgbuf, "Trying public key \"%.200s\"", cfg.keyfile);
logevent(msgbuf);
logeventf(ssh, "Trying public key \"%s\"", cfg.keyfile);
type = key_type(cfg.keyfile);
if (type != SSH_KEYTYPE_SSH1) {
sprintf(msgbuf, "Key is of wrong type (%s)",
@ -3070,7 +3072,6 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
int n;
int sport,dport,sserv,dserv;
char sports[256], dports[256], host[256];
char buf[1024];
ssh->rportfwds = newtree234(ssh_rportcmp_ssh1);
/* Add port forwardings. */
@ -3100,10 +3101,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
sprintf(buf,
"Service lookup failed for destination port \"%s\"",
dports);
logevent(buf);
logeventf(ssh, "Service lookup failed for"
" destination port \"%s\"", dports);
}
}
sport = atoi(sports);
@ -3112,43 +3111,38 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
sserv = 1;
sport = net_service_lookup(sports);
if (!sport) {
sprintf(buf,
"Service lookup failed for source port \"%s\"",
sports);
logevent(buf);
logeventf(ssh, "Service lookup failed for source"
" port \"%s\"", sports);
}
}
if (sport && dport) {
if (type == 'L') {
pfd_addforward(host, dport, sport, ssh);
sprintf(buf, "Local port %.*s%.*s%d%.*s forwarding to"
" %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
logevent(buf);
logeventf(ssh, "Local port %.*s%.*s%d%.*s forwarding to"
" %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
} else {
struct ssh_rportfwd *pf;
pf = smalloc(sizeof(*pf));
strcpy(pf->dhost, host);
pf->dport = dport;
if (add234(ssh->rportfwds, pf) != pf) {
sprintf(buf,
"Duplicate remote port forwarding to %s:%d",
host, dport);
logevent(buf);
logeventf(ssh,
"Duplicate remote port forwarding to %s:%d",
host, dport);
sfree(pf);
} else {
sprintf(buf, "Requesting remote port %.*s%.*s%d%.*s"
" forward to %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
logevent(buf);
logeventf(ssh, "Requesting remote port %.*s%.*s%d%.*s"
" forward to %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
send_packet(ssh, SSH1_CMSG_PORT_FORWARD_REQUEST,
PKT_INT, sport,
PKT_STR, host,
@ -3576,7 +3570,10 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
*/
static int in_commasep_string(char *needle, char *haystack, int haylen)
{
int needlen = strlen(needle);
int needlen;
if (!needle || !haystack) /* protect against null pointers */
return 0;
needlen = strlen(needle);
while (1) {
/*
* Is it at the start of the string?
@ -3811,7 +3808,8 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
if (!ispkt)
crWaitUntil(ispkt);
sha_string(&ssh->exhash, ssh->pktin.data + 5, ssh->pktin.length - 5);
if (ssh->pktin.length > 5)
sha_string(&ssh->exhash, ssh->pktin.data + 5, ssh->pktin.length - 5);
/*
* Now examine the other side's KEXINIT to see what we're up
@ -3872,7 +3870,8 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
}
}
if (!s->cscipher_tobe) {
bombout((ssh,"Couldn't agree a client-to-server cipher (available: %s)", str));
bombout((ssh,"Couldn't agree a client-to-server cipher (available: %s)",
str ? str : "(null)"));
crReturn(0);
}
@ -3897,7 +3896,8 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
}
}
if (!s->sccipher_tobe) {
bombout((ssh,"Couldn't agree a server-to-client cipher (available: %s)", str));
bombout((ssh,"Couldn't agree a server-to-client cipher (available: %s)",
str ? str : "(null)"));
crReturn(0);
}
@ -4118,26 +4118,16 @@ static int do_ssh2_transport(Ssh ssh, unsigned char *in, int inlen, int ispkt)
ssh2_mkkey(ssh,s->K,s->exchange_hash,ssh->v2_session_id,'F',keyspace);
ssh->scmac->setkey(ssh->sc_mac_ctx, keyspace);
}
{
char buf[256];
sprintf(buf, "Initialised %.200s client->server encryption",
ssh->cscipher->text_name);
logevent(buf);
sprintf(buf, "Initialised %.200s server->client encryption",
ssh->sccipher->text_name);
logevent(buf);
if (ssh->cscomp->text_name) {
sprintf(buf, "Initialised %.200s compression",
ssh->cscomp->text_name);
logevent(buf);
}
if (ssh->sccomp->text_name) {
sprintf(buf, "Initialised %.200s decompression",
ssh->sccomp->text_name);
logevent(buf);
}
}
logeventf(ssh, "Initialised %.200s client->server encryption",
ssh->cscipher->text_name);
logeventf(ssh, "Initialised %.200s server->client encryption",
ssh->sccipher->text_name);
if (ssh->cscomp->text_name)
logeventf(ssh, "Initialised %s compression",
ssh->cscomp->text_name);
if (ssh->sccomp->text_name)
logeventf(ssh, "Initialised %s decompression",
ssh->sccomp->text_name);
/*
* If this is the first key exchange phase, we must pass the
@ -4351,12 +4341,13 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
}
s->username[strcspn(s->username, "\n\r")] = '\0';
} else {
char stuff[200];
char *stuff;
strncpy(s->username, cfg.username, sizeof(s->username));
s->username[sizeof(s->username)-1] = '\0';
if ((flags & FLAG_VERBOSE) || (flags & FLAG_INTERACTIVE)) {
sprintf(stuff, "Using username \"%s\".\r\n", s->username);
stuff = dupprintf("Using username \"%s\".\r\n", s->username);
c_write_str(ssh, stuff);
sfree(stuff);
}
}
s->got_username = TRUE;
@ -4392,13 +4383,15 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
ssh2_userkey_loadpub(cfg.keyfile, NULL,
&s->publickey_bloblen);
} else {
char msgbuf[256];
char *msgbuf;
logeventf(ssh->frontend,
"Unable to use this key file (%s)",
key_type_to_str(keytype));
sprintf(msgbuf, "Unable to use key file \"%.150s\" (%s)\r\n",
cfg.keyfile, key_type_to_str(keytype));
msgbuf = dupprintf("Unable to use key file \"%.150s\""
" (%s)\r\n", cfg.keyfile,
key_type_to_str(keytype));
c_write_str(ssh, msgbuf);
sfree(msgbuf);
s->publickey_blob = NULL;
}
} else
@ -5112,7 +5105,6 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
int n;
int sport,dport,sserv,dserv;
char sports[256], dports[256], host[256];
char buf[1024];
ssh->rportfwds = newtree234(ssh_rportcmp_ssh2);
/* Add port forwardings. */
@ -5142,10 +5134,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
dserv = 1;
dport = net_service_lookup(dports);
if (!dport) {
sprintf(buf,
"Service lookup failed for destination port \"%s\"",
dports);
logevent(buf);
logeventf(ssh, "Service lookup failed for destination"
" port \"%s\"", dports);
}
}
sport = atoi(sports);
@ -5154,23 +5144,20 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
sserv = 1;
sport = net_service_lookup(sports);
if (!sport) {
sprintf(buf,
"Service lookup failed for source port \"%s\"",
sports);
logevent(buf);
logeventf(ssh, "Service lookup failed for source"
" port \"%s\"", sports);
}
}
if (sport && dport) {
if (type == 'L') {
pfd_addforward(host, dport, sport, ssh);
sprintf(buf, "Local port %.*s%.*s%d%.*s forwarding to"
" %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
logevent(buf);
logeventf(ssh, "Local port %.*s%.*s%d%.*s forwarding to"
" %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
} else {
struct ssh_rportfwd *pf;
pf = smalloc(sizeof(*pf));
@ -5178,20 +5165,17 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
pf->dport = dport;
pf->sport = sport;
if (add234(ssh->rportfwds, pf) != pf) {
sprintf(buf,
"Duplicate remote port forwarding to %s:%d",
host, dport);
logevent(buf);
logeventf(ssh, "Duplicate remote port forwarding"
" to %s:%d", host, dport);
sfree(pf);
} else {
sprintf(buf, "Requesting remote port %.*s%.*s%d%.*s"
" forward to %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
logevent(buf);
logeventf(ssh, "Requesting remote port %.*s%.*s%d%.*s"
" forward to %s:%.*s%.*s%d%.*s",
(int)(sserv ? strlen(sports) : 0), sports,
sserv, "(", sport, sserv, ")",
host,
(int)(dserv ? strlen(dports) : 0), dports,
dserv, "(", dport, dserv, ")");
ssh2_pkt_init(ssh, SSH2_MSG_GLOBAL_REQUEST);
ssh2_pkt_addstring(ssh, "tcpip-forward");
ssh2_pkt_addbool(ssh, 1);/* want reply */
@ -5728,13 +5712,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
} else {
char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost,
realpf->dport, c);
char buf[1024];
sprintf(buf, "Received remote port open request for %s:%d",
realpf->dhost, realpf->dport);
logevent(buf);
logeventf(ssh, "Received remote port open request"
" for %s:%d", realpf->dhost, realpf->dport);
if (e != NULL) {
sprintf(buf, "Port open failed: %s", e);
logevent(buf);
logeventf(ssh, "Port open failed: %s", e);
error = "Port open failed";
} else {
logevent("Forwarded port opened successfully");
@ -6092,10 +6073,8 @@ void ssh_send_port_open(void *channel, char *hostname, int port, char *org)
{
struct ssh_channel *c = (struct ssh_channel *)channel;
Ssh ssh = c->ssh;
char buf[1024];
sprintf(buf, "Opening forwarded connection to %.512s:%d", hostname, port);
logevent(buf);
logeventf(ssh, "Opening forwarded connection to %s:%d", hostname, port);
if (ssh->version == 1) {
send_packet(ssh, SSH1_MSG_PORT_OPEN,

View File

@ -225,17 +225,18 @@ static void c_write1(Telnet telnet, int c)
static void log_option(Telnet telnet, char *sender, int cmd, int option)
{
char buf[50];
char *buf;
/*
* The strange-looking "<?""?>" below is there to avoid a
* trigraph - a double question mark followed by > maps to a
* closing brace character!
*/
sprintf(buf, "%s:\t%s %s", sender,
(cmd == WILL ? "WILL" : cmd == WONT ? "WONT" :
cmd == DO ? "DO" : cmd == DONT ? "DONT" : "<?""?>"),
telopt(option));
buf = dupprintf("%s:\t%s %s", sender,
(cmd == WILL ? "WILL" : cmd == WONT ? "WONT" :
cmd == DO ? "DO" : cmd == DONT ? "DONT" : "<?""?>"),
telopt(option));
logevent(telnet->frontend, buf);
sfree(buf);
}
static void send_opt(Telnet telnet, int cmd, int option)
@ -372,7 +373,7 @@ static void process_subneg(Telnet telnet)
switch (telnet->sb_opt) {
case TELOPT_TSPEED:
if (telnet->sb_len == 1 && telnet->sb_buf[0] == TELQUAL_SEND) {
char logbuf[sizeof(cfg.termspeed) + 80];
char *logbuf;
b[0] = IAC;
b[1] = SB;
b[2] = TELOPT_TSPEED;
@ -383,14 +384,15 @@ static void process_subneg(Telnet telnet)
b[n + 1] = SE;
telnet->bufsize = sk_write(telnet->s, b, n + 2);
logevent(telnet->frontend, "server:\tSB TSPEED SEND");
sprintf(logbuf, "client:\tSB TSPEED IS %s", cfg.termspeed);
logbuf = dupprintf("client:\tSB TSPEED IS %s", cfg.termspeed);
logevent(telnet->frontend, logbuf);
sfree(logbuf);
} else
logevent(telnet->frontend, "server:\tSB TSPEED <something weird>");
break;
case TELOPT_TTYPE:
if (telnet->sb_len == 1 && telnet->sb_buf[0] == TELQUAL_SEND) {
char logbuf[sizeof(cfg.termtype) + 80];
char *logbuf;
b[0] = IAC;
b[1] = SB;
b[2] = TELOPT_TTYPE;
@ -405,8 +407,9 @@ static void process_subneg(Telnet telnet)
telnet->bufsize = sk_write(telnet->s, b, n + 6);
b[n + 4] = 0;
logevent(telnet->frontend, "server:\tSB TTYPE SEND");
sprintf(logbuf, "client:\tSB TTYPE IS %s", b + 4);
logbuf = dupprintf("client:\tSB TTYPE IS %s", b + 4);
logevent(telnet->frontend, logbuf);
sfree(logbuf);
} else
logevent(telnet->frontend, "server:\tSB TTYPE <something weird>\r\n");
break;
@ -415,10 +418,11 @@ static void process_subneg(Telnet telnet)
p = telnet->sb_buf;
q = p + telnet->sb_len;
if (p < q && *p == TELQUAL_SEND) {
char logbuf[50];
char *logbuf;
p++;
sprintf(logbuf, "server:\tSB %s SEND", telopt(telnet->sb_opt));
logbuf = dupprintf("server:\tSB %s SEND", telopt(telnet->sb_opt));
logevent(telnet->frontend, logbuf);
sfree(logbuf);
if (telnet->sb_opt == TELOPT_OLD_ENVIRON) {
if (cfg.rfc_environ) {
value = RFC_VALUE;
@ -479,9 +483,10 @@ static void process_subneg(Telnet telnet)
b[n++] = IAC;
b[n++] = SE;
telnet->bufsize = sk_write(telnet->s, b, n);
sprintf(logbuf, "client:\tSB %s IS %s", telopt(telnet->sb_opt),
n == 6 ? "<nothing>" : "<stuff>");
logbuf = dupprintf("client:\tSB %s IS %s", telopt(telnet->sb_opt),
n == 6 ? "<nothing>" : "<stuff>");
logevent(telnet->frontend, logbuf);
sfree(logbuf);
}
break;
}
@ -668,9 +673,10 @@ static char *telnet_init(void *frontend_handle, void **backend_handle,
* Try to find host.
*/
{
char buf[200];
sprintf(buf, "Looking up host \"%.170s\"", host);
char *buf;
buf = dupprintf("Looking up host \"%s\"", host);
logevent(telnet->frontend, buf);
sfree(buf);
}
addr = sk_namelookup(host, realhost);
if ((err = sk_addr_error(addr)))
@ -683,10 +689,11 @@ static char *telnet_init(void *frontend_handle, void **backend_handle,
* Open socket.
*/
{
char buf[200], addrbuf[100];
char *buf, addrbuf[100];
sk_getaddr(addr, addrbuf, 100);
sprintf(buf, "Connecting to %.100s port %d", addrbuf, port);
buf = dupprintf("Connecting to %s port %d", addrbuf, port);
logevent(telnet->frontend, buf);
sfree(buf);
}
telnet->s = new_connection(addr, *realhost, port, 0, 1,
nodelay, (Plug) telnet);
@ -772,7 +779,7 @@ static void telnet_size(void *handle, int width, int height)
{
Telnet telnet = (Telnet) handle;
unsigned char b[16];
char logbuf[50];
char *logbuf;
telnet->term_width = width;
telnet->term_height = height;
@ -789,10 +796,11 @@ static void telnet_size(void *handle, int width, int height)
b[7] = IAC;
b[8] = SE;
telnet->bufsize = sk_write(telnet->s, b, 9);
sprintf(logbuf, "client:\tSB NAWS %d,%d",
((unsigned char) b[3] << 8) + (unsigned char) b[4],
((unsigned char) b[5] << 8) + (unsigned char) b[6]);
logbuf = dupprintf("client:\tSB NAWS %d,%d",
((unsigned char) b[3] << 8) + (unsigned char) b[4],
((unsigned char) b[5] << 8) + (unsigned char) b[6]);
logevent(telnet->frontend, logbuf);
sfree(logbuf);
}
/*