nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-03-21 14:18:38 -05:00
Code Issues Projects Releases Wiki Activity

Merge branch 'pre-0.64'

Browse Source
This commit is contained in:
Simon Tatham 2015-02-28 07:57:58 +00:00
commit 808e414130
9 changed files with 54 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Buildscr
View File

@ -35,7 +35,7 @@ module putty
ifeq "$(RELEASE)" "" set Ndate $(!builddate) ifeq "$(RELEASE)" "" set Ndate $(!builddate)
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date
ifneq "$(Ndate)" "" read Date date ifneq "$(Ndate)" "" read Date date
set Epoch 6000 # update this at every release set Epoch 15493 # update this at every release
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days
ifneq "$(Ndate)" "" read Days days ifneq "$(Ndate)" "" read Days days

2
LATEST.VER
View File

@ -1 +1 @@
0.63 0.64

2
doc/plink.but
View File

@ -41,7 +41,7 @@ use Plink:
\c Z:\sysosd>plink \c Z:\sysosd>plink
\c Plink: command-line connection utility \c Plink: command-line connection utility
\c Release 0.XX \c Release 0.64
\c Usage: plink [options] [user@]host [command] \c Usage: plink [options] [user@]host [command]
\c ("host" can also be a PuTTY saved session name) \c ("host" can also be a PuTTY saved session name)
\c Options: \c Options:

2
doc/pscp.but
View File

@ -39,7 +39,7 @@ use PSCP:
\c Z:\owendadmin>pscp \c Z:\owendadmin>pscp
\c PuTTY Secure Copy client \c PuTTY Secure Copy client
\c Release 0.XX \c Release 0.64
\c Usage: pscp [options] [user@]host:source target \c Usage: pscp [options] [user@]host:source target
\c pscp [options] source [source...] [user@]host:target \c pscp [options] source [source...] [user@]host:target
\c pscp [options] -ls [user@]host:filespec \c pscp [options] -ls [user@]host:filespec

7
ssh.c
View File

@ -6648,6 +6648,13 @@ static void do_ssh2_transport(Ssh ssh, void *vin, int inlen,
} }
ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen);
{
const char *err = dh_validate_f(ssh->kex_ctx, s->f);
if (err) {
bombout(("key exchange reply failed validation: %s", err));
crStopV;
}
}
s->K = dh_find_K(ssh->kex_ctx, s->f); s->K = dh_find_K(ssh->kex_ctx, s->f);
/* We assume everything from now on will be quick, and it might /* We assume everything from now on will be quick, and it might

1
ssh.h
View File

@ -596,6 +596,7 @@ void *dh_setup_group(const struct ssh_kex *kex);
void *dh_setup_gex(Bignum pval, Bignum gval); void *dh_setup_gex(Bignum pval, Bignum gval);
void dh_cleanup(void *); void dh_cleanup(void *);
Bignum dh_create_e(void *, int nbits); Bignum dh_create_e(void *, int nbits);
const char *dh_validate_f(void *handle, Bignum f);
Bignum dh_find_K(void *, Bignum f); Bignum dh_find_K(void *, Bignum f);
int loadrsakey(const Filename *filename, struct RSAKey *key, int loadrsakey(const Filename *filename, struct RSAKey *key,

23
sshdh.c
View File

@ -218,6 +218,29 @@ Bignum dh_create_e(void *handle, int nbits)
return ctx->e; return ctx->e;
} }
/*
* DH stage 2-epsilon: given a number f, validate it to ensure it's in
* range. (RFC 4253 section 8: "Values of 'e' or 'f' that are not in
* the range [1, p-1] MUST NOT be sent or accepted by either side."
* Also, we rule out 1 and p-1 too, since that's easy to do and since
* they lead to obviously weak keys that even a passive eavesdropper
* can figure out.)
*/
const char *dh_validate_f(void *handle, Bignum f)
{
struct dh_ctx *ctx = (struct dh_ctx *)handle;
if (bignum_cmp(f, One) <= 0) {
return "f value received is too small";
} else {
Bignum pm1 = bigsub(ctx->p, One);
int cmp = bignum_cmp(f, pm1);
freebn(pm1);
if (cmp >= 0)
return "f value received is too large";
}
return NULL;
}
/* /*
* DH stage 2: given a number f, compute K = f^x mod p. * DH stage 2: given a number f, compute K = f^x mod p.
*/ */

20
sshpubk.c
View File

@ -67,7 +67,7 @@ static int loadrsakey_main(FILE * fp, struct RSAKey *key, int pub_only,
i += 4; i += 4;
/* Now the serious stuff. An ordinary SSH-1 public key. */ /* Now the serious stuff. An ordinary SSH-1 public key. */
j = makekey(buf + i, len, key, NULL, 1); j = makekey(buf + i, len - i, key, NULL, 1);
if (j < 0) if (j < 0)
goto end; /* overran */ goto end; /* overran */
i += j; i += j;
@ -802,6 +802,7 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
goto error; goto error;
} }
sfree(public_blob); sfree(public_blob);
smemclr(private_blob, private_blob_len);
sfree(private_blob); sfree(private_blob);
sfree(encryption); sfree(encryption);
if (errorstr) if (errorstr)
@ -822,8 +823,10 @@ struct ssh2_userkey *ssh2_load_userkey(const Filename *filename,
sfree(mac); sfree(mac);
if (public_blob) if (public_blob)
sfree(public_blob); sfree(public_blob);
if (private_blob) if (private_blob) {
sfree(private_blob); smemclr(private_blob, private_blob_len);
sfree(private_blob);
}
if (errorstr) if (errorstr)
*errorstr = error; *errorstr = error;
return ret; return ret;
@ -1112,8 +1115,14 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
} }
fp = f_open(filename, "w", TRUE); fp = f_open(filename, "w", TRUE);
if (!fp) if (!fp) {
return 0; sfree(pub_blob);
smemclr(priv_blob, priv_blob_len);
sfree(priv_blob);
smemclr(priv_blob_encrypted, priv_blob_len);
sfree(priv_blob_encrypted);
return 0;
}
fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name); fprintf(fp, "PuTTY-User-Key-File-2: %s\n", key->alg->name);
fprintf(fp, "Encryption: %s\n", cipherstr); fprintf(fp, "Encryption: %s\n", cipherstr);
fprintf(fp, "Comment: %s\n", key->comment); fprintf(fp, "Comment: %s\n", key->comment);
@ -1130,6 +1139,7 @@ int ssh2_save_userkey(const Filename *filename, struct ssh2_userkey *key,
sfree(pub_blob); sfree(pub_blob);
smemclr(priv_blob, priv_blob_len); smemclr(priv_blob, priv_blob_len);
sfree(priv_blob); sfree(priv_blob);
smemclr(priv_blob_encrypted, priv_blob_len);
sfree(priv_blob_encrypted); sfree(priv_blob_encrypted);
return 1; return 1;
} }

8
windows/putty.iss
View File

@ -13,10 +13,10 @@
[Setup] [Setup]
AppName=PuTTY AppName=PuTTY
AppVerName=PuTTY version 0.63 AppVerName=PuTTY version 0.64
VersionInfoTextVersion=Release 0.63 VersionInfoTextVersion=Release 0.64
AppVersion=0.63 AppVersion=0.64
VersionInfoVersion=0.63.0.0 VersionInfoVersion=0.64.0.0
AppPublisher=Simon Tatham AppPublisher=Simon Tatham
AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/ AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/
AppReadmeFile={app}\README.txt AppReadmeFile={app}\README.txt