1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-12 02:47:59 +00:00
Commit Graph

6279 Commits

Author SHA1 Message Date
Simon Tatham
e090e55179 logparse.pl: fix a thinko in &parse.
The type code for an mpint in the input format string is "m", not
"mpint". This hasn't come up yet as far as I can see, but as and when
I add verbose dump routines for packet types that involve asymmetric
crypto, it will.
2018-04-05 18:26:12 +01:00
Simon Tatham
48625ece7d logparse.pl: add a verbose dump system.
This allows me to request a verbose dump of the contents of some
particular packet type, or for all packet types.

Currently, the only packet type for which I've written a verbose dump
function is KEXINIT, but the framework is there to add further verbose
dumpers as and when they're needed.
2018-04-05 18:26:12 +01:00
Simon Tatham
204780080d logparse.pl: more sensible option-parsing.
Switched to Getopt::Long in place of the previous ad-hockery, which
will make it easier to add more (and more complicated) options.
2018-04-05 18:26:12 +01:00
Simon Tatham
510187a733 Ignore spurious configure_area events.
Colin Watson reports that on pre-releases of Ubuntu 18.04, configure
events which don't actually involve a change of window size show up
annoyingly often. Our handling of configure events involves throwing
away the backing Cairo surface, making a fresh blank one, and
scheduling a top-level callback to get terminal.c to do a repaint and
populate the new surface; so a draw event before that callback occurs
causes the window contents to flicker off and on again, not to mention
wasting a lot of time.

The simplest solution is to spot spurious configures, and respond by
not throwing away the previous Cairo surface in the first place.
2018-04-04 21:04:18 +01:00
Simon Tatham
971b04f9de Extend the scope of the line==NULL dialog box.
My theory that this report was completely obsolete seems to have been
scuppered, in the most infuriating way possible: a user sent a report
from 0.70 of a null-pointer crash happening moments _before_ that
check, because the compressed line pointer passed to decompressline()
was NULL.

So there's still some need for this thing after all, and moreover, it
should be happening just before that decompressline() call as well as
after it!
2018-04-03 20:44:53 +01:00
Jacob Nevins
ce7c18f600 Paste-controls: make the help topic names match.
Ahem.
2018-03-29 23:24:15 +01:00
Jacob Nevins
5f9fcfee57 Hook up Windows help context for 'Permit control characters in pasted text' 2018-03-27 23:12:52 +01:00
Simon Tatham
d6338c22c3 Fix mishandling of IV in AES-NI CBC decryption.
A user reported that the new hardware AES implementation wasn't
working, and sent an event log suggesting that it was being run in CBC
mode - which is unusual enough these days that that may well have been
its first test.

I wasn't looking forward to debugging the actual AES intrinsics code,
but fortunately, I didn't have to, because an eyeball review spotted a
nice simple error in the CBC decrypt function in which the wrong local
variable was being stored into the IV variable on exit from the
function. Testing against a local CBC-only server reproduced the
reported failure and suggested that this fixed it.
2018-03-27 23:05:29 +01:00
Jacob Nevins
c67389e1fb Document 'Permit control characters in pasted text'
And the consequent GUI rearrangements.
2018-03-24 15:35:46 +00:00
Pavel I. Kryukov
1ec8a84cf6 Add CPUID leaf checks prior to SHA checks
Some old CPUs do not support CPUID to be called with eax=7
To prevent failures, call CPUID with eax=0 to get the highest possible
eax value (leaf) and compare it to 7.

GCC does this check internally with __get_cpuid_count function

Thanks to Jeffrey Walton for noticing.
2018-03-22 20:07:06 +00:00
Pavel I. Kryukov
a27f55e819 Use correct way to detect new instructions in Clang
__clang_major__ and __clang_minor__ macros may be overriden
 in Apple and other compilers. Instead of them, we use
__has_attribute(target) to check whether Clang supports per-function
targeted build and __has_include() to check if there are intrinsic
header files
2018-03-14 20:36:31 +00:00
Simon Tatham
a624786333 Add KEX method "diffie-hellman-group14-sha256".
Out of the five KEX methods in RFC8268, this is the one that is
completely trivial to add in PuTTY, because it only requires half a
dozen lines of data declarations putting together two components we
already have. draft-ietf-curdle-ssh-kex-sha2-10, if approved, will
also promote it to MUST status.
2018-03-13 20:37:59 +00:00
Pavel I. Kryukov
f872551cd8 Work around LLVM bug 34980
Clang generates an internal failure if the same function
has different target attributes in definition and declaration.
To work around that, we made a proxy predeclared function
without target attribute.
2018-03-12 20:17:47 +00:00
Pavel I. Kryukov
5d9d075aac Add SHA256 implementation with new instructions
SHA256-NI code is conditionally enabled if CPU supports SHA extensions.
The procedure is based on Jeffrey Walton's SHA256 implementation:
https://github.com/noloader/SHA-Intrinsics
2018-03-12 20:17:47 +00:00
Pavel I. Kryukov
cf875a0f56 Add SHA1 implementation with new instructions
SHA1-NI code is conditionally enabled if CPU supports SHA extensions.
The procedure is based on Jeffrey Walton's SHA1 implementation:
https://github.com/noloader/SHA-Intrinsics
2018-03-12 20:17:47 +00:00
Pavel I. Kryukov
f51a5c9235 Add supports_sha_ni(void) function
It executes CPUID instruction to check whether
SHA extensions are supported by hosting CPU.
2018-03-12 20:17:47 +00:00
Pavel I. Kryukov
59e2334029 Add pointers to SHA1 and SHA256 implementation functions
These pointers will be required in next commits
where subroutines with new instructions are introduced.
Depending on CPUID dynamic check, pointers will refer to old
SW-only implementations or to new instructions subroutines
2018-03-12 20:17:47 +00:00
Pavel I. Kryukov
5a38b293bd Check whether compiler supports SHA-NI intrinsics
SHA intrinsics are available in Clang >=3.8, GCC >=5, and MSVC >=14,
so if supported compiler is used, COMPILER_SUPPORTS_SHA_NI macro
becomes defined
2018-03-12 20:17:47 +00:00
Simon Tatham
b2b8f6c3d4 Rename the 'Words' config panel to 'Copy'.
Now its remit is widened to include not just the character-classes
list box, but also anything else related specifically to _copying_
rather than _pasting_, i.e. the terminal -> clipboard direction.

This allows me to move the Windows-specific 'write RTF to clipboard'
option into the newly named Copy panel, which gets it _out_ of the
main Selection panel which had just overflowed due to the new option
added by the previous commit.

(It looks a little asymmetric that there's no corresponding Paste
panel now! But since it would currently contain a single checkbox,
I'll wait until there's more to put in it...)
2018-03-11 19:04:12 +00:00
Simon Tatham
10c9104822 Sanitise control characters from paste data by default.
This is a mild security measure against malicious clipboard-writing.
It's only mild, because of course there are situations in which even a
sanitised paste could be successfully malicious (imagine someone
managing to write the traditional 'rm -rf' command into your clipboard
when you were going to paste to a shell prompt); but it at least
allows pasting into typical text editors without also allowing the
control sequence that exits the editor UI and returns to the shell
prompt.

This is a configurable option, because there's no well defined line to
be drawn between acceptable and unacceptable pastes, and it's very
plausible that users will have sensible use cases for pasting things
outside the list of permitted characters, or cases in which they know
they trust the clipboard-writer. I for one certainly find it useful on
occasion to deliberately construct a paste containing control
sequences that automate a terminal-based UI.

While I'm at it, when bracketed paste mode is enabled, we also prevent
pasting of data that includes the 'end bracketed paste' sequence
somewhere in the middle. I really _hope_ nobody was treating bracketed
paste mode as a key part of their security boundary, but then again, I
also can't imagine that anyone had an actually sensible use case for
deliberately making a bracketed paste be only partly bracketed, and
it's an easy change while I'm messing about in this area anyway.
2018-03-11 17:40:42 +00:00
Simon Tatham
28520e41ac terminal.c: put source commit id in 'line==NULL' dialog.
People sometimes send in cut-and-pastes of that dialog box from very
old versions of PuTTY. This can usually be detected because the
'lineno' field in the error message refers to a line number in
terminal.c which doesn't have a call to lineptr() or scrlineptr() on
it _now_ but used to a long time ago). But that's a pretty roundabout
way to detect anything, so let's put some more reliable version
information in the error message.

(This might also provide a way to test the hypothesis that whatever
bug used to cause this dialog box to appear is now fixed, and that
_all_ remaining reports of this error message are from outdated
builds.)
2018-03-11 13:59:28 +00:00
Simon Tatham
97a248b463 Use gdk_display_beep() in place of obsolete gdk_beep().
Except in GTK1 (which doesn't have the former), via a gtkcompat.h
workaround.

Up-to-date GTK3 has deprecated gdk_beep(), causing build failures due
to the default -Werror setting.
2018-03-03 18:26:45 +00:00
Simon Tatham
0476ceaa08 GTK1 build fixes.
Looks as if I haven't retried the GTK1 build for a while, and recent
GTK frontend development has broken it. The selection revamp has
pointed out that GTK1 didn't have the accessor function
gtk_selection_data_get_selection(), the standard GdkAtom value
GDK_SELECTION_CLIPBOARD, or keysyms for alphabetic characters; and
also I had an initialisation of one of my own structure fields
(dp->selparams) accidentally not guarded by the same GTK-versioning
ifdef that controls whether or not it was defined.
2018-03-03 18:24:12 +00:00
Simon Tatham
31a2017af5 Add missing casts in dupcat().
Ahem. I _spotted_ this in code review, and forgot to make the change
before pushing!

Because it's legitimate for a C implementation to define 'NULL' so
that it expands to just 0, it follows that if you use NULL in a
variadic argument list where the callee will expect to extract a
pointer, you run the risk of putting an int-sized rather than
pointer-sized argument on the list and causing the consumer to get out
of sync. So you have to add an explicit cast.
2018-02-13 19:45:54 +00:00
Nico Williams
3447047594 Don't grow logevent buf indefinitely
The PuTTY GUIs (Unix and Windows) maintain an in-memory event log
for display to users as they request.  This uses ints for tracking
eventlog size, which is subject to memory exhaustion and (given
enough heap space) overflow attacks by servers (via, e.g., constant
rekeying).

Also a bounded log is more user-friendly.  It is rare to want more
than the initial logging and the logging from a few recent rekey
events.

The Windows fix has been tested using Dr. Memory as a valgrind
substitute.  No errors corresponding to the affected code showed up.
The Dr. Memory results.txt was split into a file per-error and then

    grep Error $(grep -l windlg *)|cut -d: -f3-|sort |uniq -c

was used to compare.  Differences arose from different usage of the GUI,
but no error could be traced to the code modified in this commit.

The Unix fix has been tested using valgrind.  We don't destroy the
eventlog_stuff eventlog arrays, so we can't be entirely sure that we
don't leak more than we did before, but from code inspection it looks
like we don't (and anyways, if we leaked as much as before, just without
the integer overflow, well, that's still an improvement).
2018-02-13 19:28:19 +00:00
Simon Tatham
b26bd60df9 Avoid logging zero-length strings of outgoing raw data.
In the 'SSH packets + raw data' logging mode, one of these occurs
immediately after the initial key exchange, at the point where the
transport routine releases any queued higher-layer packets that had
been waiting for KEX to complete. Of course, in the initial KEX there
are never any of those, so we do a zero-length s_write(), which is
harmless but has the side effect of a zero-length raw-data log entry.
2018-02-07 20:56:22 +00:00
Simon Tatham
6c4d3cb8f3 Better file-existence test on Windows.
Windows, annoyingly, doesn't seem to have any bit flag in
GetFileAttributes which distinguishes a regular file (which can be
truncated destructively) from a named pipe (which can't).

Fortunately, I'm saved from needing one by the policy I came up with
in the previous commit, in which I don't bother to ask about
truncating a file if it already has zero length, because it would make
no difference anyway. Named pipes do show up as zero-length in
GetFileAttributesEx, so they get treated like zero-length regular
files by this change and it's all good.
2018-02-07 20:05:32 +00:00
Simon Tatham
b4fde270c6 Better file-existence test on Unix.
Now we don't annoyingly print the 'askappend' prompt if you ask a
PuTTY tool to write its packet log to something that's not a regular
file, such as /dev/fd/1 or /dev/tty or a named pipe.

(In the case of a named pipe, another annoyance fixed by this change
is that we also don't open it for reading in the course of the
existence test.)
2018-02-07 07:34:53 +00:00
Simon Tatham
bbebdc8280 Make file-existence test a per-platform function.
NFC in this commit, but this will allow me to do something more subtle
and OS-specific in each OS's implementation of it.
2018-02-07 07:34:53 +00:00
Jacob Nevins
36764ffbbe Document Ctrl-Shift-PgUp/PgDn.
This was added in 81345e9a82.
2018-02-04 14:19:31 +00:00
Jacob Nevins
c971c428f3 Update copy and paste documentation.
Rewrite the "Using PuTTY" section for 'clipboard-generality', and also
explain why we default to mouse-based selection, interaction with other
applications via PRIMARY when running PuTTY on Unix, and bracketed-paste
mode. Also add lots of index terms.
2018-02-04 12:27:17 +00:00
Jacob Nevins
6b454a89f5 It's a new year. 2018-01-31 21:47:08 +00:00
Simon Tatham
83eb8e0109 Build fixes for GTK2.
Apparently I haven't tried a GTK2 build since the most recent set of
GTK-related code reorganisation. Some functions that were ifdef'ed out
in GTK3 builds were now unused even in GTK2 builds (and, because they
were also declared static, caused a -Werror build failure); and the
pointless stub version of gtkapp.c was missing a stub version of a
recently added function referred to from another module.
2018-01-30 19:22:45 +00:00
Jacob Nevins
5f7604888b Let puttyapp/ptermapp build against old Gtk 3.
gtk_application_set_accels_for_action() is new in Gtk 3.12, but (e.g.)
Ubuntu 14.04 LTS still ships with Gtk 3.10.
On the other hand, the function I've used instead,
gtk_application_add_accelerator(), is deprecated from Gtk 3.14 onwards,
indicating that it will disappear in some future version, so I've left
the newer code in against that day.
2017-12-20 11:55:51 +00:00
Simon Tatham
599bab84a1 Condition out AES-NI support if using a too-old clang.
A clang too old to have __attribute__((target)) will not manage to
compile the clang-style hardware-accelerated functions, so it
shouldn't try.
2017-12-20 10:12:28 +00:00
Simon Tatham
8ec55ef25f osxlaunch: stop setting DYLD_LIBRARY_PATH.
It actually doesn't seem to be necessary: running 'otool -L' on the
real binary in the application bundle (Pterm-bin or PuTTY-bin) lists a
lot of paths starting with "@executable_path/../Resources/", which I
take to mean that the application is already set up to automatically
load the GTK shared libraries out of its own bundle directory, without
me having to give it the extra hint of DYLD_LIBRARY_PATH.

Moreover, I just got round to upgrading my Mac to High Sierra, and now
the version of osxlaunch _with_ DYLD_LIBRARY_PATH is causing a crash
at program load time, when the libpng in the MacOS system library
directory tries to use the libz in the application bundle and finds
that it doesn't provide an entry point it was expecting
('inflateValidate'). I could try to fix that by updating the libz
version in my OS X PuTTY build environment, but that seems to me to
set a precedent of running to keep up with any further dependencies
the system libraries happen to acquire in later releases. Better to
reset DYLD_LIBRARY_PATH so that the system libpng will load the system
libz and not get confused in the first place.
2017-12-20 10:04:02 +00:00
Simon Tatham
10e570cc79 osxlaunch: fix some uninitialised pointers.
I've been having intermittent segfaults in this launcher program, and
by means of the new TEST_COMPILE_ON_LINUX facility introduced by
commit eef8cac28, I ran it under valgrind which helpfully pointed out
several pointers between linked-list nodes which I'd been relying on
OS memory allocation to happen to have zeroed for me.
2017-12-20 10:03:51 +00:00
Simon Tatham
6b8cd49aa7 osxlaunch: add diagnostics under an #ifdef.
Now I can compile with -DDEBUG_OSXLAUNCH and see exactly what the
program is doing, if I suspect it of misbehaviour.
2017-12-20 10:03:51 +00:00
Simon Tatham
eef8cac28e osxlaunch: bodge to let me test-build on Linux.
By default, the program still builds on Linux to a stub that just
prints 'nothing to see here'. But if you compile with
-DTEST_COMPILE_ON_LINUX, it compiles to a program that still doesn't
do anything _actually_ useful, but goes through all the same motions
that real osxlaunch would go through, until the final execv(2) fails
because of course it's not _really_ living in an application bundle
directory of the right shape.

That allows me to run all the setup code under the debugging tools I'm
most used to, in my preferred environment. (Same rationale as having
puttyapp / ptermapp build for Linux too.)
2017-12-20 10:03:14 +00:00
Simon Tatham
faef0ea679 Rewrite the OS X TODO a bit.
I've filled in the results of some not-entirely-conclusive
investigation into the trackpad scrolling issue, some thoughts on
resizing, and reordered the items into what currently seems the most
sensible order to me.
2017-12-18 14:04:57 +00:00
Simon Tatham
04184c87cc Fill in some more of the OS X menu bar.
This still isn't complete: I also need to add the variable collections
of things like mid-session special commands and saved session names,
and also I need to try to grey out menu items when they're not
applicable. But it's a start.
2017-12-18 11:46:48 +00:00
Simon Tatham
2065fb647f Minor refactoring of gtkapp.c -> gtkwin.c menu triggers.
Just to avoid an endless proliferation of functions too small to see,
I've arranged an enumeration of action ids and a single
app_menu_action function on the receiving end, and in gtkapp.c, a list
macro that means I at least don't have to define the tiny callback
functions and the GActionEntry records by hand and keep them in sync.
2017-12-18 11:19:26 +00:00
Simon Tatham
31080bf8a7 Add keyboard accelerators in the GtkApplication menu.
Now that they actually _work_, it seems more useful to start putting
them in on purpose.
2017-12-18 11:01:42 +00:00
Simon Tatham
1904c404ed OS X: pass Command key back to GTK if it's not being Meta.
This fixes the problem I'd previously noticed, that if you don't
configure the "Command key acts as Meta" setting, then keystrokes like
Command-Q which _ought_ to function as accelerators for the
application menu bar don't.

Turns out that this was for the totally obvious reason: the keyboard
event was still being processed by gtkwin.c's key_event() and
translated via the GTK IM into ordinary keyboard input. If instead I
return FALSE from key_event on detecting that a key event has a
non-Meta-configured Command modifier, then it will go to the next-
level key-event handler inside GTK itself which implements the menu
accelerator behaviour. Another problem ticked off the OS X checklist.
2017-12-18 10:43:13 +00:00
Simon Tatham
3faca7724a Correct the OS X branch of the clipboards ifdef.
That's what I get for not testing on all platforms before I push.
Forgot that, since OS X GTK mimics X11 GTK closely enough to still use
the name "CLIPBOARD" for the unique system clipboard, I had left this
code base's internal name for it as CLIP_CLIPBOARD and not the
CLIP_SYSTEM I used on Windows.
2017-12-18 10:31:42 +00:00
Simon Tatham
136c119da6 Fix linked-list mismanagement.
Oh dear. I have no excuse.
2017-12-17 20:43:44 +00:00
Simon Tatham
7bc637ad07 Sort out clipboard-related menu items.
The gtkapp.c menu now has a Copy as well as Paste option; those menu
items, as well as the corresponding ones on the context menu and Copy
All, now address sets of clipboards parametrised between OS X and
ordinary GTK in unix.h. Also I've tweaked the wording of the
context-menu items to not use the X-specific terminology "CLIPBOARD"
on OS X.
2017-12-17 20:35:45 +00:00
Simon Tatham
1ed2f98c89 Add missing g_application_hold on Duplicate Session.
The omission of this call caused a GTK assertion failure when the
GApplication's use count went negative after two releases and only one
hold.
2017-12-17 20:18:20 +00:00
Simon Tatham
1af9c425ba Better protection against stale clipboard_data_instances.
I had a segfault on OS X today at Pterm.app shutdown. I wasn't able to
reproduce it in a debugger, but the cause seemed to be that
clipboard_clear called term_deselect (this was from before the patch
series that renamed that function) when inst->term was already NULL.

This must be because a clipboard_data_instance outlived its associated
inst->term, and quite likely its associated inst as well. But we can't
free those structures when a gui_data is freed, because GTK callbacks
will still depend on them; so instead we must have each gui_data keep
a list of active cdis pointing at it, and then at destruction time,
walk along the list nulling out each one's pointer to part of itself.
2017-12-17 20:12:52 +00:00
Simon Tatham
2a76f8d4a2 Support custom clipboard names under X.
This required me to turn the drop-lists into combo boxes and add an
extra string-typed Conf setting alongside each enumerated value.
2017-12-17 18:49:00 +00:00