1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-25 09:12:24 +00:00
Commit Graph

3725 Commits

Author SHA1 Message Date
Simon Tatham
8902fef445 Been meaning to get round to this for a while: use CryptGenRandom to
gather extra entropy at Windows PuTTY startup time. (It's only used as
one of the inputs to PuTTY's internal entropy pool, so nobody is
required to trust it.)

[originally from svn r9941]
2013-07-20 08:34:54 +00:00
Simon Tatham
b426872219 Centralise calls to fcntl into functions that carefully check the
error returns.

[originally from svn r9940]
2013-07-19 18:10:02 +00:00
Simon Tatham
96f3589e16 Add an error check to every setsockopt call in uxnet.c.
[originally from svn r9939]
2013-07-19 17:45:01 +00:00
Simon Tatham
8966f7c1ea Add some conditionally-compilable diagnostics to the RNG. I got
briefly worried that it might not be doing what I thought it was
doing, but examining these diagnostics shows that it is after all, and
now I've written them it would be a shame not to keep them for future
use.

[originally from svn r9938]
2013-07-19 17:44:58 +00:00
Simon Tatham
407fd7b9ab Better error reporting when failing to save a session.
[originally from svn r9937]
2013-07-19 17:44:53 +00:00
Simon Tatham
13bac5ed69 Add some missing calls to cleanup_exit.
[originally from svn r9936]
2013-07-19 17:44:47 +00:00
Simon Tatham
311761e245 Run the random pool setup and teardown functions with random_active
nonzero rather than zero.

[originally from svn r9935]
2013-07-19 17:44:42 +00:00
Simon Tatham
b4adf61bc7 Report errors in store_host_key too.
[originally from svn r9934]
2013-07-19 17:44:38 +00:00
Simon Tatham
2854ae1f33 Add proper error reports in write_random_seed, via the new 'nonfatal'
error reporting function.

[originally from svn r9933]
2013-07-19 17:44:33 +00:00
Simon Tatham
acf38797eb Add a nonfatal() function everywhere, to be used for reporting things
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.

[originally from svn r9932]
2013-07-19 17:44:28 +00:00
Simon Tatham
1d21346d4c Add a missing error check in pterm's child-process setup. Shouldn't
really fail, but might as well be careful.

[originally from svn r9931]
2013-07-19 17:44:22 +00:00
Simon Tatham
33f485c1c3 It suddenly strikes me as probably a good idea to enforce that anyone
calling random_byte has previously called random_ref.

(I'm not aware of any current code getting this wrong! It just seems
to me to be the sort of thing you'd want to be really sure of.)

[originally from svn r9930]
2013-07-19 17:44:20 +00:00
Simon Tatham
e8f661c2e4 Fix a build failure: r9924 thoughtlessly put an assert before some
declarations, and gcc didn't complain but VC did.

[originally from svn r9928]
[r9924 == 1dabc578a9]
2013-07-15 06:40:59 +00:00
Simon Tatham
0d7f2fdabc In the various channel request mini-coroutines, replace
crWaitUntilV(pktin) with plain crReturnV, because those coroutines can
be called back either with a response packet from the channel request
_or_ with NULL by ssh_free meaning 'please just clean yourself up'.

[originally from svn r9927]
2013-07-14 17:08:35 +00:00
Simon Tatham
16d62f6d94 Remove a redundant while-loop condition when reading RFC822-style
header text from a PuTTY key file.

(It's silly to have both while (len > 0) at the top of the loop _and_
an if (len == 0) return in the middle, and in fact the former was the
erroneous one since it would have prohibited a 39-character header,
which I intended to be permitted.)

[originally from svn r9926]
2013-07-14 10:46:55 +00:00
Simon Tatham
3692a585f7 Remove a pointless assignment in setup_config_box.
[originally from svn r9925]
2013-07-14 10:46:42 +00:00
Simon Tatham
1dabc578a9 Remove a return path from sshcom_write() which was both unreachable
(it would trigger if !type==RSA and !type==DSA, but one of those must
have been true to get there in the first place) and erroneous (it
would return NULL without going through the cleanup code). Since the
code's internal structure guarantees that path isn't reached, replace
it with an assert.

[originally from svn r9924]
2013-07-14 10:46:39 +00:00
Simon Tatham
7554dd5a9c Use the new ctrl_alloc_with_free to clean up a long-standing FIXME in
the session saving code, in which the contents of the edit box giving
the current saved session name was stored in a horrid place with a
fixed length. Now it's dangling off sessionsaver_data as it always
ought to have been, and it's dynamically reallocated to the
appropriate length, and there's a free function that cleans it up at
the end of the dialog's lifetime.

[originally from svn r9923]
2013-07-14 10:46:34 +00:00
Simon Tatham
ff09d5379b Add an extended version of ctrl_alloc which permits you to provide a
custom free function, in case you need to ctrl_alloc a structure which
then has additional dynamically allocated things dangling off it.

[originally from svn r9922]
2013-07-14 10:46:29 +00:00
Simon Tatham
2f6d6a839d Move the calculation of the exchange hash to above the various
warnings about insecure crypto components. The latter may crReturn
(though not in any current implementation, I believe), which
invalidates pktin, which is used by the former.

[originally from svn r9921]
2013-07-14 10:46:27 +00:00
Simon Tatham
74cf14e4eb Add a missing null pointer check in wc_unescape, to bring it in line
with the usage comment saying you're allowed to pass NULL to find out
only the return value. No caller actually does pass NULL at the
moment.

[originally from svn r9920]
2013-07-14 10:46:17 +00:00
Simon Tatham
ea301bdd9b Fix another giant batch of resource leaks. (Mostly memory, but there's
one missing fclose too.)

[originally from svn r9919]
2013-07-14 10:46:07 +00:00
Simon Tatham
896bb7c74d Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

[originally from svn r9918]
2013-07-14 10:45:54 +00:00
Simon Tatham
1662a2f6cf Fix an always-false if statement which was causing the window border
not to be redrawn when the user reconfigured the background colour.

[originally from svn r9917]
2013-07-14 10:45:48 +00:00
Simon Tatham
cc4f38df14 Add an assortment of missing frees, and one missing file close. Mostly
on error paths, although the one in PSFTP's wildcard_iterate will come
up in normal usage.

[originally from svn r9916]
2013-07-11 17:43:41 +00:00
Simon Tatham
c925526e3f xfer_{up,down}load_gotpkt free their input sftp_packet as a side
effect of handling it, but they do not free it if it isn't a packet
they recognise as part of their upload/download. Invent a return value
that specifically signals this, and consistently free pktin at every
call site if that return value comes back. Also, ensure that that
return value also always comes with something meaningful in fxp_error.

[originally from svn r9915]
2013-07-11 17:24:53 +00:00
Simon Tatham
d9ccf044be Fix a collection of calls to tell_user so that they don't add their
own newline before the one tell_user puts on the end anyway. Also,
while I'm here, make up my mind about whether to prefix messages with
"scp:" or "pscp:" - I choose the latter.

[originally from svn r9914]
2013-07-11 17:24:47 +00:00
Simon Tatham
f78c9165a1 Fix a couple of code paths on which, if fxp_readdir returned an error,
we would return without first closing the directory handle we had used
as an argument.

[originally from svn r9913]
2013-07-11 17:24:44 +00:00
Simon Tatham
779466f0b0 It's not actually legal by the C standard to call qsort with a null
array pointer, _even_ if you're asking it to sort zero elements so
that in principle it should never dereference that pointer. Fix the
four instances in PSCP/PSFTP where this was previously occurring.

[originally from svn r9912]
2013-07-11 17:24:39 +00:00
Simon Tatham
84fed5c620 Fixes for the tree234 unit test: break its dependencies on half of the
rest of PuTTY, and fix a couple of format string type mismatches
pointed out by gcc.

[originally from svn r9911]
2013-07-11 17:24:32 +00:00
Simon Tatham
3d69dd2071 Add missing checks in update_for_intended_size() in the font selector
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.

[originally from svn r9910]
2013-07-11 17:24:28 +00:00
Simon Tatham
5a04ae3420 Fix a pty-freeing error which caused a segfault if you attempted to
use Restart Session in a post-not-close-on-exit pterm.

[originally from svn r9909]
2013-07-11 17:24:23 +00:00
Simon Tatham
1f3901a3a2 Add some missing null checks for inst->ldisc, which were causing
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.

[originally from svn r9908]
2013-07-11 17:24:20 +00:00
Simon Tatham
916cd3f0cd Remove another pointless null check, this time of inst->back in the
function which has just dereferenced it to get the exit code.

[originally from svn r9907]
2013-07-11 17:24:14 +00:00
Simon Tatham
8201e7d22d Remove redundant null checks for arguments to sftp_{get,put}_file
which are (a) never NULL anyway, and (b) have already been
dereferenced by the time we make those checks so it would be too late
if they were.

[originally from svn r9906]
2013-07-11 17:24:10 +00:00
Simon Tatham
85300e0b15 Fix a mishandling of error returns from makekey() in the SSH-1 private
key loader.

[originally from svn r9905]
2013-07-11 17:24:04 +00:00
Simon Tatham
1dbdd2c43f Add another missing bounds check in the SSH-1 private key loader.
[originally from svn r9904]
2013-07-11 17:24:01 +00:00
Simon Tatham
bc2076185e Get rid of the fixed-size 'hostname' buffer in every port-forwarded
connection, and replace it with sensible dynamically allocated
storage. While I'm at it, get rid of the disgusting dual use between
storing an actual hostname and storing an incoming SOCKS request; we
now have a separate pointer variable for each.

[originally from svn r9903]
2013-07-11 17:23:56 +00:00
Simon Tatham
8b6a8b617f Add an assortment of extra safety checks.
[originally from svn r9896]
2013-07-08 22:36:04 +00:00
Simon Tatham
ac8baf4cac Move the SSH-1 servkey and hostkey variables into the coroutine state,
since there is a theoretical code path (via the crReturn loop after
asking an interactive question about a host key or crypto algorithm)
on which we can leave and return to do_ssh1_login between allocating
and freeing those keys.

(In practice it shouldn't come up anyway with any of the current
implementations of the interactive question functions, not to mention
the unlikelihood of anyone non-specialist still using SSH-1, but
better safe than sorry.)

[originally from svn r9895]
2013-07-07 14:34:37 +00:00
Simon Tatham
2c586ee2cd Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.

To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.

While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.

[originally from svn r9894]
2013-07-06 20:43:21 +00:00
Simon Tatham
bbc9709b48 A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

[originally from svn r9889]
2013-07-01 17:56:33 +00:00
Simon Tatham
c5876a8ba2 Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

[originally from svn r9868]
2013-06-15 19:58:10 +00:00
Jacob Nevins
a7611316c5 Update docs for change to UTF-8 by default, and emphasise UTF-8 more generally.
[originally from svn r9846]
2013-05-28 23:46:44 +00:00
Simon Tatham
15f1bc7cdb It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).

[originally from svn r9843]
2013-05-25 14:03:19 +00:00
Simon Tatham
4c8c5e26b9 Fix a bug in which terminal output received from the session could be
buffered in terminal.c indefinitely and only released when further
output turned up.

Arose because we suppress the call to term_out from term_data if a
drag-select is in progress, but when the drag-select ends we weren't
proactively calling term_out to release the buffered data. So if your
session generated some terminal output while you were in mid-select,
_and had stopped by the time you let go of the mouse button_, then the
output would just sit there until released by the next call to
term_data.

[originally from svn r9768]
2013-03-10 11:04:07 +00:00
Simon Tatham
a9eb51b7d4 Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.

[originally from svn r9766]
2013-02-24 19:28:13 +00:00
Simon Tatham
74bc2635ad Don't forget to check the return values of setuid and friends.
[originally from svn r9764]
2013-02-23 21:00:29 +00:00
Simon Tatham
40ce043a97 Give a better error message if a PuTTY private key file has a version
number we don't understand. It's nicer to report 'format too new' than
'not a PuTTY key file'.

[originally from svn r9763]
2013-02-22 21:39:02 +00:00
Ben Harris
8f3cc4a9bf Add support for HMAC-SHA-256 as an SSH-2 MAC algorithm ("hmac-sha2-256")
as specified in RFC 6668.  This is not so much because I think it's 
necessary, but because scrypt uses HMAC-SHA-256 and once we've got it we 
may as well use it.

Code very closely derived from the HMAC-SHA-1 code.

Tested against OpenSSH 5.9p1 Debian-5ubuntu1.

[originally from svn r9759]
2013-02-20 23:30:55 +00:00