nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 01:48:00 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'pre-0.67'

Browse Source
This commit is contained in:
Simon Tatham 2016-02-29 19:59:59 +00:00
commit 984fe3dde8
13 changed files with 75 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Buildscr
View File

@ -35,7 +35,7 @@ module putty
ifeq "$(RELEASE)" "" set Ndate $(!builddate) ifeq "$(RELEASE)" "" set Ndate $(!builddate)
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -pe 's/(....)(..)(..)/$$1-$$2-$$3/' > date
ifneq "$(Ndate)" "" read Date date ifneq "$(Ndate)" "" read Date date
set Epoch 15746 # update this at every release set Epoch 15860 # update this at every release
ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days ifneq "$(Ndate)" "" in . do echo $(Ndate) | perl -ne 'use Time::Local; /(....)(..)(..)/ and print timegm(0,0,0,$$3,$$2-1,$$1) / 86400 - $(Epoch)' > days
ifneq "$(Ndate)" "" read Days days ifneq "$(Ndate)" "" read Days days

2
LATEST.VER
View File

@ -1 +1 @@
0.66 0.67

51
doc/pgpkeys.but
View File

@ -22,11 +22,11 @@ the origin of files distributed by the PuTTY team.)
\H{pgpkeys-pubkey} Public keys \H{pgpkeys-pubkey} Public keys
We maintain a set of three keys, stored with different levels of We maintain multiple keys, stored with different levels of security
security due to being used in different ways. See \k{pgpkeys-security} due to being used in different ways. See \k{pgpkeys-security} below
below for details. for details.
The three keys we provide are: The keys we provide are:
\dt Snapshot Key \dt Snapshot Key
@ -38,15 +38,20 @@ we send to particular users.
\dd Used to sign manually released versions of PuTTY. \dd Used to sign manually released versions of PuTTY.
\dt Secure Contact Key
\dd An encryption-capable key suitable for people to send confidential
messages to the PuTTY team, e.g. reports of vulnerabilities.
\dt Master Key \dt Master Key
\dd Used to tie the other two keys into the GPG web of trust. The \dd Used to tie all the above keys into the GPG web of trust. The
Master Key signs the other two keys, and other GPG users have signed Master Key signs all the other keys, and other GPG users have signed
it in turn. it in turn.
The current issue of those three keys are available for download from The current issue of those keys are available for download from the
the PuTTY website, and are also available on PGP keyservers using the PuTTY website, and are also available on PGP keyservers using the key
key IDs listed below. IDs listed below.
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key}} \dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/master-2015.asc}{\s{Master Key}}
@ -60,6 +65,14 @@ key IDs listed below.
\cw{2048R/9DFE2648B43434E4}). Fingerprint: \cw{2048R/9DFE2648B43434E4}). Fingerprint:
\cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4} \cw{0054\_DDAA\_8ADA\_15D2\_768A\_\_6DE7\_9DFE\_2648\_B434\_34E4}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/contact-2016.asc}{\s{Secure Contact Key}}
\dd RSA, 2048-bit. Main key ID: \cw{2048R/8A0AF00B} (long version:
\cw{2048R/C4FCAAD08A0AF00B}). Encryption subkey ID:
\cw{2048R/50C2CF5C} (long version: \cw{2048R/9EB39CC150C2CF5C}.
Fingerprint:
\cw{8A26\_250E\_763F\_E359\_75F3\_\_118F\_C4FC\_AAD0\_8A0A\_F00B}
\dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key}} \dt \W{http://www.chiark.greenend.org.uk/~sgtatham/putty/keys/snapshot-2015.asc}{\s{Snapshot Key}}
\dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version: \dd RSA, 2048-bit. Key ID: \cw{2048R/D15F7E8A} (long version:
@ -115,6 +128,12 @@ The Releases private key is kept encrypted on the developers' own
local machines. So an attacker wanting to steal it would have to also local machines. So an attacker wanting to steal it would have to also
steal the passphrase. steal the passphrase.
\S{pgpkeys-contact} The Secure Contact Key
The Secure Contact Key is stored with a similar level of security to
the Release Key: it is stored with a passphrase, and no automated
script has access to it.
\S{pgpkeys-master} The Master Keys \S{pgpkeys-master} The Master Keys
The Master Key signs almost nothing. Its purpose is to bind the other The Master Key signs almost nothing. Its purpose is to bind the other
@ -137,11 +156,15 @@ once.
\H{pgpkeys-rollover} Key rollover \H{pgpkeys-rollover} Key rollover
Our current three keys were generated in September 2015. Prior to Our current keys were generated in September 2015, except for the
that, we had a much older set of keys generated in 2000. For each of Secure Contact Key which was generated in February 2016 (we didn't
the three key types above, we provided both an RSA key \e{and} a DSA think of it until later).
key (because at the time we generated them, RSA was not in practice
available to everyone, due to export restrictions). Prior to that, we had a much older set of keys generated in 2000. For
each of the key types above (other than the Secure Contact Key), we
provided both an RSA key \e{and} a DSA key (because at the time we
generated them, RSA was not in practice available to everyone, due to
export restrictions).
The new Master Key is signed with both of the old ones, to show that The new Master Key is signed with both of the old ones, to show that
it really is owned by the same people and not substituted by an it really is owned by the same people and not substituted by an

7
doc/plink.but
View File

@ -41,7 +41,7 @@ use Plink:
\c Z:\sysosd>plink \c Z:\sysosd>plink
\c Plink: command-line connection utility \c Plink: command-line connection utility
\c Release 0.66 \c Release 0.67
\c Usage: plink [options] [user@]host [command] \c Usage: plink [options] [user@]host [command]
\c ("host" can also be a PuTTY saved session name) \c ("host" can also be a PuTTY saved session name)
\c Options: \c Options:
@ -80,8 +80,9 @@ use Plink:
\c -N don't start a shell/command (SSH-2 only) \c -N don't start a shell/command (SSH-2 only)
\c -nc host:port \c -nc host:port
\c open tunnel in place of session (SSH-2 only) \c open tunnel in place of session (SSH-2 only)
\c -shareexists \c -sshlog file
\c test whether a connection-sharing upstream exists \c -sshrawlog file
\c log protocol details to a file
Once this works, you are ready to use Plink. Once this works, you are ready to use Plink.

5
doc/pscp.but
View File

@ -39,7 +39,7 @@ use PSCP:
\c Z:\owendadmin>pscp \c Z:\owendadmin>pscp
\c PuTTY Secure Copy client \c PuTTY Secure Copy client
\c Release 0.66 \c Release 0.67
\c Usage: pscp [options] [user@]host:source target \c Usage: pscp [options] [user@]host:source target
\c pscp [options] source [source...] [user@]host:target \c pscp [options] source [source...] [user@]host:target
\c pscp [options] -ls [user@]host:filespec \c pscp [options] -ls [user@]host:filespec
@ -66,6 +66,9 @@ use PSCP:
\c -unsafe allow server-side wildcards (DANGEROUS) \c -unsafe allow server-side wildcards (DANGEROUS)
\c -sftp force use of SFTP protocol \c -sftp force use of SFTP protocol
\c -scp force use of SCP protocol \c -scp force use of SCP protocol
\c -sshlog file
\c -sshrawlog file
\c log protocol details to a file
(PSCP's interface is much like the Unix \c{scp} command, if you're (PSCP's interface is much like the Unix \c{scp} command, if you're
familiar with that.) familiar with that.)

5
misc.h
View File

@ -187,4 +187,9 @@ void debug_memdump(const void *buf, int len, int L);
(cp)[0] = (unsigned char)((value) >> 8), \ (cp)[0] = (unsigned char)((value) >> 8), \
(cp)[1] = (unsigned char)(value) ) (cp)[1] = (unsigned char)(value) )
/* Replace NULL with the empty string, permitting an idiom in which we
* get a string (pointer,length) pair that might be NULL,0 and can
* then safely say things like printf("%.*s", length, NULLTOEMPTY(ptr)) */
#define NULLTOEMPTY(s) ((s)?(s):"")
#endif #endif

2
pscp.c
View File

@ -1495,7 +1495,7 @@ int scp_get_sink_action(struct scp_sink_action *act)
{ {
char sizestr[40]; char sizestr[40];
if (sscanf(act->buf, "%lo %s %n", &act->permissions, if (sscanf(act->buf, "%lo %39s %n", &act->permissions,
sizestr, &i) != 2) sizestr, &i) != 2)
bump("Protocol error: Illegal file descriptor format"); bump("Protocol error: Illegal file descriptor format");
act->size = uint64_from_decimal(sizestr); act->size = uint64_from_decimal(sizestr);

27
ssh.c
View File

@ -5562,7 +5562,7 @@ static void ssh1_msg_port_open(Ssh ssh, struct Packet *pktin)
ssh_pkt_getstring(pktin, &host, &hostsize); ssh_pkt_getstring(pktin, &host, &hostsize);
port = ssh_pkt_getuint32(pktin); port = ssh_pkt_getuint32(pktin);
pf.dhost = dupprintf("%.*s", hostsize, host); pf.dhost = dupprintf("%.*s", hostsize, NULLTOEMPTY(host));
pf.dport = port; pf.dport = port;
pfp = find234(ssh->rportfwds, &pf, NULL); pfp = find234(ssh->rportfwds, &pf, NULL);
@ -6045,7 +6045,7 @@ static void ssh1_msg_debug(Ssh ssh, struct Packet *pktin)
int msglen; int msglen;
ssh_pkt_getstring(pktin, &msg, &msglen); ssh_pkt_getstring(pktin, &msg, &msglen);
logeventf(ssh, "Remote debug message: %.*s", msglen, msg); logeventf(ssh, "Remote debug message: %.*s", msglen, NULLTOEMPTY(msg));
} }
static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin) static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
@ -6055,7 +6055,8 @@ static void ssh1_msg_disconnect(Ssh ssh, struct Packet *pktin)
int msglen; int msglen;
ssh_pkt_getstring(pktin, &msg, &msglen); ssh_pkt_getstring(pktin, &msg, &msglen);
bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg)); bombout(("Server sent disconnect message:\n\"%.*s\"",
msglen, NULLTOEMPTY(msg)));
} }
static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin) static void ssh_msg_ignore(Ssh ssh, struct Packet *pktin)
@ -8264,7 +8265,8 @@ static void ssh2_msg_channel_open_failure(Ssh ssh, struct Packet *pktin)
reason_code = 0; /* ensure reasons[reason_code] in range */ reason_code = 0; /* ensure reasons[reason_code] in range */
ssh_pkt_getstring(pktin, &reason_string, &reason_length); ssh_pkt_getstring(pktin, &reason_string, &reason_length);
logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]", logeventf(ssh, "Forwarded connection refused by server: %s [%.*s]",
reasons[reason_code], reason_length, reason_string); reasons[reason_code], reason_length,
NULLTOEMPTY(reason_string));
pfd_close(c->u.pfd.pf); pfd_close(c->u.pfd.pf);
} else if (c->type == CHAN_ZOMBIE) { } else if (c->type == CHAN_ZOMBIE) {
@ -8560,9 +8562,7 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
char *addrstr; char *addrstr;
ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen); ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
addrstr = snewn(peeraddrlen+1, char); addrstr = dupprintf("%.*s", peeraddrlen, NULLTOEMPTY(peeraddr));
memcpy(addrstr, peeraddr, peeraddrlen);
addrstr[peeraddrlen] = '\0';
peerport = ssh_pkt_getuint32(pktin); peerport = ssh_pkt_getuint32(pktin);
logeventf(ssh, "Received X11 connect request from %s:%d", logeventf(ssh, "Received X11 connect request from %s:%d",
@ -8597,13 +8597,14 @@ static void ssh2_msg_channel_open(Ssh ssh, struct Packet *pktin)
char *shost; char *shost;
int shostlen; int shostlen;
ssh_pkt_getstring(pktin, &shost, &shostlen);/* skip address */ ssh_pkt_getstring(pktin, &shost, &shostlen);/* skip address */
pf.shost = dupprintf("%.*s", shostlen, shost); pf.shost = dupprintf("%.*s", shostlen, NULLTOEMPTY(shost));
pf.sport = ssh_pkt_getuint32(pktin); pf.sport = ssh_pkt_getuint32(pktin);
ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen); ssh_pkt_getstring(pktin, &peeraddr, &peeraddrlen);
peerport = ssh_pkt_getuint32(pktin); peerport = ssh_pkt_getuint32(pktin);
realpf = find234(ssh->rportfwds, &pf, NULL); realpf = find234(ssh->rportfwds, &pf, NULL);
logeventf(ssh, "Received remote port %s:%d open request " logeventf(ssh, "Received remote port %s:%d open request "
"from %s:%d", pf.shost, pf.sport, peeraddr, peerport); "from %.*s:%d", pf.shost, pf.sport,
peeraddrlen, NULLTOEMPTY(peeraddr), peerport);
sfree(pf.shost); sfree(pf.shost);
if (realpf == NULL) { if (realpf == NULL) {
@ -10267,7 +10268,7 @@ static void do_ssh2_authconn(Ssh ssh, const unsigned char *in, int inlen,
s->cur_prompt->to_server = TRUE; s->cur_prompt->to_server = TRUE;
s->cur_prompt->name = dupstr("New SSH password"); s->cur_prompt->name = dupstr("New SSH password");
s->cur_prompt->instruction = s->cur_prompt->instruction =
dupprintf("%.*s", prompt_len, prompt); dupprintf("%.*s", prompt_len, NULLTOEMPTY(prompt));
s->cur_prompt->instr_reqd = TRUE; s->cur_prompt->instr_reqd = TRUE;
/* /*
* There's no explicit requirement in the protocol * There's no explicit requirement in the protocol
@ -10705,13 +10706,13 @@ static void ssh2_msg_disconnect(Ssh ssh, struct Packet *pktin)
logevent(buf); logevent(buf);
sfree(buf); sfree(buf);
buf = dupprintf("Disconnection message text: %.*s", buf = dupprintf("Disconnection message text: %.*s",
msglen, msg); msglen, NULLTOEMPTY(msg));
logevent(buf); logevent(buf);
bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"", bombout(("Server sent disconnect message\ntype %d (%s):\n\"%.*s\"",
reason, reason,
(reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ? (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) ?
ssh2_disconnect_reasons[reason] : "unknown", ssh2_disconnect_reasons[reason] : "unknown",
msglen, msg)); msglen, NULLTOEMPTY(msg)));
sfree(buf); sfree(buf);
} }
@ -10725,7 +10726,7 @@ static void ssh2_msg_debug(Ssh ssh, struct Packet *pktin)
ssh2_pkt_getbool(pktin); ssh2_pkt_getbool(pktin);
ssh_pkt_getstring(pktin, &msg, &msglen); ssh_pkt_getstring(pktin, &msg, &msglen);
logeventf(ssh, "Remote debug message: %.*s", msglen, msg); logeventf(ssh, "Remote debug message: %.*s", msglen, NULLTOEMPTY(msg));
} }
static void ssh2_msg_transport(Ssh ssh, struct Packet *pktin) static void ssh2_msg_transport(Ssh ssh, struct Packet *pktin)

8
windows/putty.iss
View File

@ -13,10 +13,10 @@
[Setup] [Setup]
AppName=PuTTY AppName=PuTTY
AppVerName=PuTTY version 0.66 AppVerName=PuTTY version 0.67
VersionInfoTextVersion=Release 0.66 VersionInfoTextVersion=Release 0.67
AppVersion=0.66 AppVersion=0.67
VersionInfoVersion=0.66.0.0 VersionInfoVersion=0.67.0.0
AppPublisher=Simon Tatham AppPublisher=Simon Tatham
AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/ AppPublisherURL=http://www.chiark.greenend.org.uk/~sgtatham/putty/
AppReadmeFile={app}\README.txt AppReadmeFile={app}\README.txt

3
windows/winnpc.c
View File

@ -79,7 +79,6 @@ Socket new_named_pipe_client(const char *pipename, Plug plug)
ret = new_error_socket(err, plug); ret = new_error_socket(err, plug);
sfree(err); sfree(err);
CloseHandle(pipehandle); CloseHandle(pipehandle);
sfree(usersid);
return ret; return ret;
} }
@ -89,12 +88,10 @@ Socket new_named_pipe_client(const char *pipename, Plug plug)
sfree(err); sfree(err);
CloseHandle(pipehandle); CloseHandle(pipehandle);
LocalFree(psd); LocalFree(psd);
sfree(usersid);
return ret; return ret;
} }
LocalFree(psd); LocalFree(psd);
sfree(usersid);
return make_handle_socket(pipehandle, pipehandle, NULL, plug, TRUE); return make_handle_socket(pipehandle, pipehandle, NULL, plug, TRUE);
} }

4
windows/winpgnt.c
View File

@ -921,7 +921,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
debug(("couldn't get default SID\n")); debug(("couldn't get default SID\n"));
#endif #endif
CloseHandle(filemap); CloseHandle(filemap);
sfree(ourself);
return 0; return 0;
} }
@ -934,7 +933,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
rc)); rc));
#endif #endif
CloseHandle(filemap); CloseHandle(filemap);
sfree(ourself);
sfree(ourself2); sfree(ourself2);
return 0; return 0;
} }
@ -955,7 +953,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
!EqualSid(mapowner, ourself2)) { !EqualSid(mapowner, ourself2)) {
CloseHandle(filemap); CloseHandle(filemap);
LocalFree(psd); LocalFree(psd);
sfree(ourself);
sfree(ourself2); sfree(ourself2);
return 0; /* security ID mismatch! */ return 0; /* security ID mismatch! */
} }
@ -963,7 +960,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message,
debug(("security stuff matched\n")); debug(("security stuff matched\n"));
#endif #endif
LocalFree(psd); LocalFree(psd);
sfree(ourself);
sfree(ourself2); sfree(ourself2);
} else { } else {
#ifdef DEBUG_IPC #ifdef DEBUG_IPC

1
windows/winpgntc.c
View File

@ -182,6 +182,5 @@ int agent_query(void *in, int inlen, void **out, int *outlen,
sfree(mapname); sfree(mapname);
if (psd) if (psd)
LocalFree(psd); LocalFree(psd);
sfree(usersid);
return 1; return 1;
} }

5
windows/winsecur.c
View File

@ -44,6 +44,9 @@ PSID get_user_sid(void)
DWORD toklen, sidlen; DWORD toklen, sidlen;
PSID sid = NULL, ret = NULL; PSID sid = NULL, ret = NULL;
if (usersid)
return usersid;
if (!got_advapi()) if (!got_advapi())
goto cleanup; goto cleanup;
@ -73,7 +76,7 @@ PSID get_user_sid(void)
/* Success. Move sid into the return value slot, and null it out /* Success. Move sid into the return value slot, and null it out
* to stop the cleanup code freeing it. */ * to stop the cleanup code freeing it. */
ret = sid; ret = usersid = sid;
sid = NULL; sid = NULL;
cleanup: cleanup: