1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 18:07:59 +00:00
Commit Graph

96 Commits

Author SHA1 Message Date
Simon Tatham
0c110dcd10 Fixes for more robust handling of command-line parse errors.
[originally from svn r2236]
2002-11-20 20:09:02 +00:00
Simon Tatham
7c95ea19c8 Robustness fixes for KEXINIT handling and others. In particular, I've
created a self-mallocing variant of sprintf, to obviate any future
need for paranoid %.100s type stuff in format strings.

[originally from svn r2199]
2002-11-07 19:49:03 +00:00
Simon Tatham
4756c15fc9 Yet more global-removal. The static variables in logging.c are now
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.

[originally from svn r2147]
2002-10-26 12:58:13 +00:00
Simon Tatham
24530b945e Port forwarding module now passes backend handles around properly.
As a result I've now been able to turn the global variables `back'
and `backhandle' into module-level statics in the individual front
ends. Now _that's_ progress!

[originally from svn r2142]
2002-10-26 10:33:59 +00:00
Simon Tatham
72ff571148 Major destabilisation, phase 2. This time it's the backends' turn:
each backend now stores all its internal variables in a big struct,
and each backend function gets a pointer to this struct passed to
it. This still isn't the end of the work - lots of subsidiary things
still use globals, notably all the cipher and compressor modules and
the X11 forwarding authentication stuff. But ssh.c itself has now
been transformed, and that was the really painful bit, so from here
on it all ought to be a sequence of much smaller and simpler pieces
of work.

[originally from svn r2127]
2002-10-25 11:30:33 +00:00
Simon Tatham
0a80c983e2 Major destabilisation, phase 1. In this phase I've moved (I think)
all the global and function-static variables out of terminal.c into
a dynamically allocated data structure. Note that this does not yet
confer the ability to run more than one of them in the same process,
because other things (the line discipline, the back end) are still
global, and also in particular the address of the dynamically
allocated terminal-data structure is held in a global variable
`term'. But what I've got here represents a reasonable stopping
point at which to check things in. In _theory_ this should all still
work happily, on both Unix and Windows. In practice, who knows?

[originally from svn r2115]
2002-10-22 16:11:33 +00:00
Simon Tatham
a24d9d3029 Fix for `hostname-whitespace'; thanks to Justin Bradford.
[originally from svn r2080]
2002-10-16 11:35:13 +00:00
Simon Tatham
6d0e9b205d First phase of porting. pterm now compiles and runs under Linux+gtk.
The current pty.c backend is temporarily a loopback device for
terminal emulator testing, the display handling is only just enough
to show that terminal.c is functioning, the keyboard handling is
laughable, and most features are absent. Next step: bring output and
input up to a plausibly working state, and put a real pty on the
back to create a vaguely usable prototype. Oh, and a scrollbar would
be nice too.
In _theory_ the Windows builds should still work fine after this...

[originally from svn r2010]
2002-10-09 18:09:42 +00:00
Jacob Nevins
389c62fed4 Fix code which was clobbering people's -P arguments in PSCP (moved it to
before the deferred command line processing).
Also removed a couple of unused variables.

[originally from svn r1994]
2002-10-07 16:52:55 +00:00
Jacob Nevins
c7fa2f6183 Updated usage messages for command-line utilities to reflect new options.
Updated manual to reflect reality (e.g. usage messages, '-p port' not actually
  implemented, sprinkle references to '-i keyfile').
(I've put "Release 0.53" in the messages; let's hope this doesn't cause a
  flood of "where is 0.53?" email.)
I don't guarantee that the result is entirely sane and sensible in all
  respects, but it is at least consistent.

[originally from svn r1951]
2002-09-11 17:30:36 +00:00
Simon Tatham
118fc8c81e Revamp of command-line handling. Most command line options should
now be processed in cmdline.c, which is called from all utilities
(well, not Pageant or PuTTYgen). This should mean we get to
standardise almost all options across almost all tools. Also one
major change: `-load' is now the preferred option for loading a
saved session in PuTTY proper. `@session' still works but is
deprecated.

[originally from svn r1799]
2002-08-04 21:18:56 +00:00
Simon Tatham
0605d6d3c1 Forgot to call fxp_init() in `pscp -ls' mode under SFTP.
[originally from svn r1748]
2002-06-25 18:51:06 +00:00
Jacob Nevins
6a95a15aaa Added comments to document '-gui' Windows messages, based on putty-bugs post
<E14g2ty-0008WN-00@ixion.tartarus.org> (except for Ryan Finnie's extra
messages).

[originally from svn r1620]
2002-04-18 22:23:12 +00:00
Simon Tatham
8ea5ea17d1 The SFTP form of PSCP should remember to send FXP_INIT! Oops.
[originally from svn r1616]
2002-04-10 19:54:42 +00:00
Simon Tatham
dac0d45699 Ensure our network layer is properly cleaned up before PuTTY exits.
Specifically, we explicitly closesocket() all open sockets, which
appears to be necessary since otherwise Windows sends RST rather
than FIN. I'm _sure_ that's a Windows bug, but there we go.

[originally from svn r1574]
2002-03-06 20:13:22 +00:00
Simon Tatham
fdbd697801 from_backend() should always be called with len > 0. Only rlogin
mode ever failed to do this, and only Plink actually had a problem
with it, so this didn't become obvious for a while. rlogin mode is
fixed, and all implementations of from_backend() now contain an
assertion so that we should spot errors of this type more quickly in
future.

[originally from svn r1571]
2002-03-01 13:17:45 +00:00
Simon Tatham
466b1c82d5 Create the long-awaited console.c, and move the common routines out
of scp.c, psftp.c and plink.c into it. Additionally, add `batch
mode', in which all the interactive prompts (bad host key, log file
exists, insecure cipher, password prompt) are disabled and safe
responses are assumed. (The idea being that if you run PSCP, for
example, in a cron job then you'd probably rather it failed and
exited instead of leaving the cron job wedged while it waits for
user input that will never arrive.)

[originally from svn r1525]
2001-12-31 16:15:19 +00:00
Simon Tatham
3ed0d44f16 Retired the #ifdef DUMP_PACKETS stuff in ssh.c because I'm utterly
sick of recompiling to enable packet dumps. SSH packet dumping is
now provided as a logging option, and dumps to putty.log like all
the other logging options. While I'm at it I cleaned up the format
so that packet types are translated into strings for easy browsing.
POSSIBLE SIDE EFFECT: in the course of this work I had to re-enable
the SSH1 packet length checks which it turns out hadn't actually
been active for some time, so it's possible things might break as a
result. If need be I can always disable those checks for the 0.52
release and think about it more carefully later.

[originally from svn r1493]
2001-12-14 14:57:50 +00:00
Simon Tatham
3270c74f9e Configurable TCP_NODELAY option on network connections
[originally from svn r1428]
2001-11-29 21:47:11 +00:00
Simon Tatham
6608016fc2 INCOMPATIBLE CHANGE to the SSH2 private key file format. There is
now a passphrase-keyed MAC covering _all_ important data in the
file, including the public blob and the key comment. Should
conclusively scupper any attacks based on nobbling the key file in
an attempt to sucker the machine that decrypts it. MACing the
comment field also protects against a key-substitution attack (if
someone's worked out a way past our DSA protections and can extract
the private key from a signature, swapping key files and
substituting comments might just enable them to get the signature
they need to do this. Paranoid, but might as well).

[originally from svn r1413]
2001-11-25 14:31:46 +00:00
Simon Tatham
cf2085eeaf Ryan Finnie's extensions to the GUI feedback mode in pscp.
[originally from svn r1395]
2001-11-21 22:58:01 +00:00
Simon Tatham
a7f196263e The other utilities should do the same processing of the hostname
(parsing `user@' prefixes etc) that PuTTY proper does.

[originally from svn r1346]
2001-10-30 21:45:27 +00:00
Simon Tatham
39c3f9b8bc Fix pasting of newlines in local line editing mode. Possibly not a
very _good_ fix; something might want doing after the release.

[originally from svn r1277]
2001-09-19 20:07:15 +00:00
Simon Tatham
6364ff3e71 terminal.c's from_backend() no longer calls term_out(), because
term_out() can in turn call ldisc_send() which calls back to
from_backend() when local echo is enabled. This was giving rise to
crazy re-entrancy stuff and stack overflows. Instead from_backend()
deposits its data in a bufchain which term_out() empties the next
time it's called.

[originally from svn r1276]
2001-09-18 19:41:07 +00:00
Simon Tatham
7692bf350a psftp and pscp should disable all forwarding (ports, X, agent).
Partly because that's a good idea _anyway_, and partly because it
seems to be causing trouble. (Specifically, their pathetic attempt
to emulate plink's proper select handling seems to get confused when
the back end tries to open a local listening socket.)

[originally from svn r1264]
2001-09-12 20:11:48 +00:00
Simon Tatham
e9adbd2473 Clarify the comment at the top of scp.c to make the licensing
situation more explicit.

[originally from svn r1263]
2001-09-10 08:39:37 +00:00
Simon Tatham
b5dcdf7fc8 Fix potential float screwup in scp percentage indicator. (Don't
compute (100*a)/b. Instead compute 100*(a/b), because that way
there's no chance that 100*a will become inexact enough to fail to
yield 100 when a==b.)

[originally from svn r1254]
2001-09-08 15:16:30 +00:00
Simon Tatham
3c74c01014 Pedantry patch from RDB: sanitise header use, correct one comment
and remove an unused variable.

[originally from svn r1243]
2001-09-07 22:49:17 +00:00
Simon Tatham
b27c27f657 When pscp in SFTP mode does client-side matching of a server-side
wildcard, it's polite to let the user know if the wildcard didn't
match any file names.

[originally from svn r1227]
2001-09-05 19:33:12 +00:00
Simon Tatham
1a1ed1ff71 Fix segfault (should free act.buf not act.name, because the latter
might not point at the start of the former). Cheers Minefield :-)

[originally from svn r1224]
2001-08-29 08:56:26 +00:00
Simon Tatham
c9326c240e stripslashes() should have been dealing with colons as well. I don't
_think_ there was an exploit (even if the server sends "c:foobar",
the client will not attempt to create "c:foobar"; instead it will
try to create ".\c:foobar" which will fail), but it's as well to be
sure.

[originally from svn r1223]
2001-08-28 12:26:16 +00:00
Simon Tatham
ea27f048f9 Fix various small compiler warnings, mostly unused local variables
[originally from svn r1218]
2001-08-28 08:08:43 +00:00
Simon Tatham
448c1a085a Finally tighten up the server-side wildcard security hole, the
_right_ way. (SSWs are disabled by default and can be re-enabled
using `-unsafe', meaning that pscp will _never_ do anything
unexpected to your local file system unless you explicitly give
consent. The sftp-based variant will work fine because the
corresponding mechanism is _not_ unsafe.)

[originally from svn r1212]
2001-08-27 15:02:52 +00:00
Simon Tatham
a8e0abbf28 Fix tiny bug in new sftp-mode wildcards: when there wasn't a leading
path component (just `host:*' rather than `host:directory/*') there
was trouble.

[originally from svn r1211]
2001-08-27 14:51:31 +00:00
Simon Tatham
e6c8913093 Minor modification: in remote->local non-recursive mode matching a
wildcard, we don't abandon ship completely if the wildcard matches a
directory; we just warn and carry on with the rest.

[originally from svn r1210]
2001-08-27 10:24:55 +00:00
Simon Tatham
0da98d052d Implemented a simple wildcard matching engine, and used it to
restore remote wildcard capability in sftp-style PSCP.

[originally from svn r1209]
2001-08-27 10:17:41 +00:00
Simon Tatham
ff9a038cdd PSCP now uses the modern SFTP protocol if it can, and falls back to
scp1 if it can't. Currently not very tested - I checked it in as
soon as it completed a successful recursive copy in both directions.
Also, one known bug: you can't specify a remote wildcard, because by
the nature of SFTP we'll need to implement the wildcard engine on
the client side. I do intend to do this (and use the same wildcard
engine in PSFTP as well) but I haven't got round to it yet.

[originally from svn r1208]
2001-08-26 18:32:28 +00:00
Simon Tatham
605fa91201 Arrgh; yet again I make my security checking too draconian to
actually get things done. I'm sure this is the second time I've
checked in this mistake :-/ Still, this time I've got right to the
bottom of the cause, and commented it clearly. Phew.

[originally from svn r1207]
2001-08-26 15:45:55 +00:00
Simon Tatham
ebde798f13 Oops. ^X^S comes _before_ `cvs commit'. Two more diagnostics gone :-)
[originally from svn r1206]
2001-08-26 15:32:51 +00:00
Simon Tatham
306a13c025 Further tightening up in PSCP. Fixed a couple more holes whereby a
malicious SCP server could have written to areas other than the ones
the user requested; cleared up buffer overruns everywhere. Hopefully
we now do not use arbitrary buffer limits _anywhere_.

[originally from svn r1205]
2001-08-26 15:31:29 +00:00
Simon Tatham
f7f96066f7 Preparatory work for allowing PSCP to work over SFTP as well as old-
style scp1. I've built a layer of abstraction covering all the gory
details of the old scp network protocol.

[originally from svn r1204]
2001-08-26 14:53:51 +00:00
Simon Tatham
44c4ee79e6 Jacob's patch for a drag-list to select SSH ciphers. Heavily hacked
by me to make the drag list behaviour slightly more intuitive.
WARNING: DO NOT LOOK AT pl_itemfrompt() IF YOU ARE SQUEAMISH.

[originally from svn r1199]
2001-08-25 19:33:33 +00:00
Simon Tatham
c87fa98d09 Extensive changes that _should_ fix the socket buffering problems,
by ceasing to listen on input channels if the corresponding output
channel isn't accepting data. Has had basic check-I-didn't-actually-
break-anything-too-badly testing, but hasn't been genuinely tested
in stress conditions (because concocting stress conditions is non-
trivial).

[originally from svn r1198]
2001-08-25 17:09:23 +00:00
Simon Tatham
78a37a5122 Be prepared to print spaces at the end of a statistics line in case
the previously printed line was longer. Avoids multiple trailing
percents.

[originally from svn r1135]
2001-05-19 13:41:18 +00:00
Simon Tatham
52a688abd1 The host-key-unknown prompt now offers the same three options as the
host-key-changed prompt: update-cache-and-connect, connect-without-
updating-cache, and abandon-connection. (Previously the middle one
was missing.)

[originally from svn r1122]
2001-05-13 14:11:49 +00:00
Simon Tatham
fb473cc16c Placate gcc's `-Wall' warnings.
[originally from svn r1121]
2001-05-13 14:02:28 +00:00
Simon Tatham
e45f75a2be Attempt to report the error condition right when an SCP connection
with a pre-supplied password fails to authenticate.

[originally from svn r1114]
2001-05-13 11:15:16 +00:00
Simon Tatham
c2eb57a034 `realhost', passed back from all the backend init functions, was
scoped within those functions. It's now dynamically allocated.

[originally from svn r1108]
2001-05-09 14:01:15 +00:00
Simon Tatham
3730ada5ce Run entire source base through GNU indent to tidy up the varying
coding styles of the various contributors! Woohoo!

[originally from svn r1098]
2001-05-06 14:35:20 +00:00
Simon Tatham
d27112ea87 Put the \001 prefix back on scp error messages when they're sent to
the server. (Not sure _why_ they're sent to the server; scp is
weird.) It may be pointless when sent to the screen, which is why I
removed it, but it's extremely pointful on the wire :-(

[originally from svn r1090]
2001-04-28 17:18:47 +00:00