1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-18 05:46:37 +00:00
Commit Graph

6592 Commits

Author SHA1 Message Date
Simon Tatham
7e515c4111 Fix free of an uninitialised pointer.
CHAN_AGENT channels need c->u.a.message to be either NULL or valid
dynamically allocated memory, because it'll be freed by
ssh_channel_destroy. This bug triggers if an agent forwarding channel
is opened and closed without having sent any queries.

[originally from svn r10032]
2013-08-26 11:55:56 +00:00
Simon Tatham
597cbddbb9 Fix handling of IPv6 dynamic forwardings.
During the Conf revamp, I changed the internal representation of
dynamic forwardings so that they were stored as the conceptually
sensible L12345=D rather than the old D12345, and added compensation
code to translate to the latter form for backwards-compatible data
storage and for OpenSSH-harmonised GUI display. Unfortunately I forgot
that keys in the forwarding data can also prefix the L/R with a
character indicating IPv4/IPv6, and my translations didn't take
account of that possibility. Fix them.

[originally from svn r10031]
2013-08-22 17:45:26 +00:00
Simon Tatham
6805bdcd6a Don't run toplevel callbacks in modal dialogs.
Because some of them can call gtk_main_quit(), which completely
confuses the dialog box system.

[originally from svn r10029]
2013-08-18 10:56:20 +00:00
Simon Tatham
b8e668cd9b Sensibly enforce non-interactive rekeying.
We now only present the full set of host key algorithms we can handle
in the first key exchange. In subsequent rekeys, we present only the
host key algorithm that we agreed on the previous time, and then we
verify the host key by simply enforcing that it's exactly the same as
the one we saw at first and disconnecting rudely if it isn't.

[originally from svn r10027]
2013-08-18 06:48:20 +00:00
Simon Tatham
4db5c2899f Make calling term_nopaste() a cross-platform feature.
It was one of those things that went in ages ago on Windows and never
got replicated in the Unix front end. And it needn't be: ldisc.c is a
perfect place to put it, since it knows which of the data it's sending
is based on a keystroke and which is automatically generated, and it
also has access to the terminal context. So now a keypress can
interrupt a runaway paste on all platforms.

[originally from svn r10025]
2013-08-17 16:06:40 +00:00
Simon Tatham
9d5903b163 Revamp Windows pending_netevent using toplevel callbacks.
This greatly simplifies the process of calling select_result() from
the top level after receiving WM_NETEVENT.

[originally from svn r10024]
2013-08-17 16:06:35 +00:00
Simon Tatham
d35a41f6ba Revamp net_pending_errors using toplevel callbacks.
Again, I've removed the special-purpose ad-hockery from the assorted
front end message loops that dealt with deferred handling of socket
errors, and instead uxnet.c and winnet.c arrange that for themselves
by calling the new general top-level callback mechanism.

[originally from svn r10023]
2013-08-17 16:06:27 +00:00
Simon Tatham
a44366585f Revamp GTK's session close handling using toplevel callbacks.
Instead of having a special GTK idle function for dealing with session
closing, I now use the new top-level callback mechanism which is
slightly simpler for calling a one-off function.

Also in this commit, I've arranged for connection_fatal to queue a
call to the same session close function after displaying the message
box, with the effect that now all the same processing takes place no
matter whether the session closes cleanly or uncleanly - e.g. the SSH
specials submenu is cleaned out, as it should be.

[originally from svn r10022]
2013-08-17 16:06:22 +00:00
Simon Tatham
43c9748ac9 Revamp Windows's close_session() using toplevel callbacks.
Instead of setting a must_close_session flag and having special code
in the message loop to check it, we'll schedule the call to
close_session using the new top-level callback system.

[originally from svn r10021]
2013-08-17 16:06:18 +00:00
Simon Tatham
7be9af74ec Revamp the terminal paste mechanism using toplevel callbacks.
I've removed the ad-hoc front-end bodgery in the Windows and GTK ports
to arrange for term_paste to be called at the right moments, and
instead, terminal.c itself deals with knowing when to send the next
chunk of pasted data using a combination of timers and the new
top-level callback mechanism.

As a happy side effect, it's now all in one place so I can actually
understand what it's doing! It turns out that what all that confusing
code was up to is: send a line of pasted data, and delay sending the
next line until either a CR or LF is returned from the server
(typically indicating that the pasted text has been received and
echoed) or 450ms elapse, whichever comes first.

[originally from svn r10020]
2013-08-17 16:06:12 +00:00
Simon Tatham
75c79e318f Add a general way to request an immediate top-level callback.
This is a little like schedule_timer, in that the callback you provide
will be run from the top-level message loop of whatever application
you're in; but unlike the timer mechanism, it will happen
_immediately_.

The aim is to provide a general way to avoid re-entrance of code, in
cases where just _doing_ the thing you want done is liable to trigger
a confusing recursive call to the function in which you came to the
decision to do it; instead, you just request a top-level callback at
the message loop's earliest convenience, and do it then.

[originally from svn r10019]
2013-08-17 16:06:08 +00:00
Simon Tatham
883641845f Sebastian Kuschel reports that pfd_closing can be called for a socket
error with pr->c NULL, in which case calling sshfwd_unclean_close on
it will dereference NULL and segfault. Write an alternative error
handling path for that possibility.

(I don't know if it's the only way, but one way this can happen is if
you're doing dynamic forwarding and the socket error occurs during
SOCKS negotiation, in which case no SSH channel has been set up yet
because we haven't yet found out what we want to put in the
direct-tcpip channel open message.)

[originally from svn r10018]
2013-08-15 06:42:36 +00:00
Simon Tatham
4ae1e260ea It turns out I was a little over-strict in my handling of EOF in
pscp.c when I did the big revamp in r9279: I assumed that in any SCP
connection we would be the first to send EOF, but in fact this isn't
true - doing downloads with old-SCP, EOF is initiated by the server,
so we were spuriously reporting an error for 'unexpected' EOF when
everything had gone fine. Thanks to Nathan Phelan for the report.

[originally from svn r10016]
[r9279 == 947962e0b9]
2013-08-13 06:46:51 +00:00
Simon Tatham
293af847b5 sbcsgen.pl uses 'select' to point Perl at a different default output
handle. Revert that when we hackily call it from mkfiles.pl, so that
if I have a need to insert diagnostics in the latter they won't go
into the end of sbcsdat.c.

[originally from svn r10013]
2013-08-08 17:22:07 +00:00
Simon Tatham
c0b6e0b962 Revert the default for font bolding style back to using colours rather
than fonts. I broke this in r9559 when I added the option for 'both',
because the internal representation got offset by one so as to change
from a boolean to two bitfields and I must have confused myself about
what the default should be.

[originally from svn r10008]
[r9559 == bc6e0952ef]
2013-08-07 06:22:52 +00:00
Simon Tatham
95f581339d Bump version number prior to tagging 0.63.
[originally from svn r9998]
2013-08-06 17:09:07 +00:00
Simon Tatham
ead9081318 One more defensive assert, just to be sure.
[originally from svn r9997]
2013-08-06 16:45:49 +00:00
Simon Tatham
a7cc906df0 The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

[originally from svn r9996]
2013-08-05 19:50:51 +00:00
Simon Tatham
a7d13e284a Add some more precautionary assertions, just in case anything wildly
out of range manages to get past other recent fixes.

[originally from svn r9995]
2013-08-05 19:50:47 +00:00
Jacob Nevins
0cc6fb8bfe Belatedly update the copyright year to 2013.
[originally from svn r9993]
[this svn revision also touched putty-website]
2013-08-05 15:15:17 +00:00
Simon Tatham
97db2b6646 Fix memory leaks in the new error return from modinv.
[originally from svn r9992]
2013-08-04 22:33:50 +00:00
Simon Tatham
20aabc3059 Spot when we didn't successfully create an RSA public key from a
public blob, and return a proper error in that situation rather than a
struct with unhelpful NULLs in.

[originally from svn r9991]
2013-08-04 19:34:10 +00:00
Simon Tatham
cb1df53360 Make modinv able to return NULL if its inputs are not coprime, and
check for that return value everywhere it is used.

[originally from svn r9990]
2013-08-04 19:34:07 +00:00
Simon Tatham
9c054cf467 Avoid trying to take the modular inverse of zero in response to a
sufficiently silly DSA signature.

[originally from svn r9989]
2013-08-04 19:34:00 +00:00
Simon Tatham
bf9b9224d8 Another couple of memory leaks.
[originally from svn r9988]
2013-08-04 19:33:57 +00:00
Simon Tatham
5bcb8d6aac More consistently defend against division by zero with assertions. We
now check that all the modular functions (modpow, modinv, modmul,
bigdivmod) have nonzero moduli, and that modinv also has a nonzero
thing to try to invert.

[originally from svn r9987]
2013-08-04 19:33:53 +00:00
Simon Tatham
76dc7c49a2 Validate newly created DSA keys more carefully. Don't want a structure
half-filled with null pointers.

[originally from svn r9986]
2013-08-04 19:33:49 +00:00
Simon Tatham
4b1fcc8ba2 Remove some redundant null-pointer checks from code that must have
been written before I wrote a never-failing snew.

[originally from svn r9985]
2013-08-04 19:33:46 +00:00
Simon Tatham
8041377799 Sanitise freeing of DSA keys.
[originally from svn r9984]
2013-08-04 19:33:43 +00:00
Simon Tatham
ba49faec3d Reinstate a piece of code accidentally removed in r9214, where Windows
PuTTY does not trim a colon suffix off the hostname if it contains
_more than one_ colon. This allows IPv6 literals to be entered.

(Really we need to do a much bigger revamp of all uses of hostnames to
arrange that square-bracketed IPv6 literals work consistently, but
this at least removes a regression over 0.62.)

[originally from svn r9983]
[r9214 == a1f3b7a358]
2013-08-04 19:32:10 +00:00
Simon Tatham
fd266a3cec Raise the default scrollback from 200 to 2000 lines. The former was
not so silly in the 1990s and before I implemented scrollback
compression, but it's been a ridiculously low default for a while now.

[originally from svn r9982]
2013-08-02 22:33:40 +00:00
Simon Tatham
55e8a268ab Found a lot of places in sshbn.c where for-loops zeroing out memory
just before freeing it really ought to be smemclrs.

[originally from svn r9981]
2013-08-02 19:51:36 +00:00
Simon Tatham
493a333078 Verify RSA keys created by rsa2_openssh_createkey.
[originally from svn r9980]
2013-08-02 06:28:05 +00:00
Simon Tatham
2e0723e9ef Replace some 'sfree' calls of bignums with the proper 'freebn'.
[originally from svn r9979]
2013-08-02 06:28:00 +00:00
Simon Tatham
6184e9f95d Add some missing bounds checks in signature verification routines.
[originally from svn r9978]
2013-08-02 06:27:56 +00:00
Simon Tatham
e01104f899 Fix an array-size bug in modmul, and add some tests for it.
[originally from svn r9977]
2013-08-02 06:27:54 +00:00
Simon Tatham
a777103fd9 Remove one of the frees added in r9916. stat_name points to somewhere
within the same string that destfname points to the start of, so
freeing it causes at best a double-free of destfname and more likely a
free of something that isn't even the start of an allocated block.

[originally from svn r9974]
[r9916 == cc4f38df14]
2013-07-29 17:47:33 +00:00
Simon Tatham
808df44e54 Add an assortment of missing consts I've just noticed.
[originally from svn r9972]
2013-07-27 18:35:48 +00:00
Simon Tatham
a5fd6ad272 Get rid of the variable 'advapi' in Pageant's WinMain, which was never
actually used for anything sensible and could have been freed while
containing nonsense at program end.

[originally from svn r9971]
2013-07-24 19:18:06 +00:00
Simon Tatham
6ede5c473a Back out r9964. I wasn't paying attention: every control is in the
byid tree but not all of them are in the byctrl tree.

[originally from svn r9970]
[r9964 == b3afa10aa7]
2013-07-22 19:56:04 +00:00
Simon Tatham
3b278a95f8 Add a bob script to do Coverity scanning.
[originally from svn r9969]
2013-07-22 19:56:00 +00:00
Simon Tatham
eb19a35a3d Fix a few more memory and resource leaks.
[originally from svn r9968]
2013-07-22 19:55:55 +00:00
Simon Tatham
e5d3a353cc Remove the variable 'bufused', which came over from winnet.c in
mistaken cut and paste and is just a bug.

[originally from svn r9967]
2013-07-22 19:55:53 +00:00
Simon Tatham
5e2c794424 Increase FONT_MAXNO from 0x2f to 0x40, to ensure the fonts[] array
includes every possible combination of the font bitfields, in
particular ATTR_OEM|ATTR_NARROW.

[originally from svn r9966]
2013-07-22 07:12:31 +00:00
Simon Tatham
81a11efdaf Correct an inequality sign causing the bounds check in Windows
palette_set() to be bogus. Fortunately, this isn't exploitable through
the terminal emulator, because the palette escape sequence parser
contains its own bounds check before even calling palette_set().

While I'm at it, fix the same goof in the OS X version! That port is
more or less abandoned, but that's no excuse for leaving obviously
wrong code lying around.

[originally from svn r9965]
2013-07-22 07:12:26 +00:00
Simon Tatham
b3afa10aa7 Missing assert.
[originally from svn r9964]
2013-07-22 07:12:21 +00:00
Simon Tatham
0a26bd74e1 Replace the type-checking COMPTR macro with my current idea of best
practice in type-check macros.

[originally from svn r9963]
2013-07-22 07:12:15 +00:00
Simon Tatham
353b85be67 Add missing casts in arguments to ctype functions.
[originally from svn r9962]
2013-07-22 07:12:10 +00:00
Simon Tatham
61e555ec79 Rationalise null pointer checks in both decode_codepage functions, so
that decode_codepage(NULL) and decode_codepage("") both return the
default character set.

[originally from svn r9961]
2013-07-22 07:12:05 +00:00
Simon Tatham
f9f93584c2 Fix a double error handling goof in the winstore side of the jump list
support: transform_jumplist_registry should give its caller
dynamically allocated data if and only if it returns JUMPLISTREG_OK,
and get_jumplist_registry_entries should test the return value against
JUMPLISTREG_OK rather than a value from a totally different enum.

[originally from svn r9960]
2013-07-22 07:11:58 +00:00