should stop ssh_do_close() accessing freed ssh->channels when invoked later
from ssh_free(). Spotted by Fred Sauer.
(Perhaps this is the cause of the crashes people have been reporting on
abnormal closures such as `Software caused connection abort'? I've not been
able to test this.)
[originally from svn r4946]
timing.c, and hence takes its own responsibility for calling
noise_regular() at regular intervals. Again, this means it will be
called consistently in _all_ the SSH-speaking tools, not just those
in which I remembered to call it!
[originally from svn r4913]
SSH2, is now handled by the packet dispatch table. Dispatch table
entries are enabled as soon as possible, so that if anyone tries to
(for example) start using a forwarded port before the main shell
session setup has finished, things should work sensibly.
The SSH code is now a hybrid of coroutine-based sequential logic and
table-driven event dispatch, each where it makes the most sense. I'm
rather pleased with it.
Should fix: ext-data-at-start, portfwd-at-start.
[originally from svn r4909]
[this svn revision also touched putty-wishlist]
data transfer in either direction (whichever comes first), or at
explicit client request (nice idea Jacob). Have tested by lowering
the limits, and it all seems solid enough; in particular, this has
also allowed me to test the behaviour when connection-level data is
received during rekey, and that looks fine too (at least it does
_now_ :-).
[originally from svn r4908]
[this svn revision also touched putty-wishlist]
which pretty much any module can call to request a call-back in the
future. So terminal.c can do its own handling of blinking, visual
bells and deferred screen updates, without having to rely on
term_update() being called 50 times a second (fixes: pterm-timer);
and ssh.c and telnet.c both invoke a new module pinger.c which takes
care of sending keepalives, so they get sent uniformly in all front
ends (fixes: plink-keepalives, unix-keepalives).
[originally from svn r4906]
[this svn revision also touched putty-wishlist]
ssh1_protocol() and ssh2_protocol() are now high-level functions
which see _every_ SSH packet and decide which lower-level function
to pass it to. Also, they each support a dispatch table of simple
handler functions for message types which can arrive at any time.
Results are:
- ignore, debug and disconnect messages are now handled by the
dispatch table rather than being warts in the rdpkt functions
- SSH2_MSG_WINDOW_ADJUST is handled by the dispatch table, which
means that do_ssh2_authconn doesn't have to explicitly
special-case it absolutely every time it waits for a response to
its latest channel request
- the top-level SSH2 protocol function chooses whether messages get
funnelled to the transport layer or the auth/conn layer based on
the message number ranges defined in the SSH architecture draft -
so things that should go to auth/conn go there even in the middle
of a rekey (although a special case is that nothing goes to
auth/conn until initial kex has finished). This should fix the
other half of ssh2-kex-data.
[originally from svn r4901]
can keep several of them in parallel. In particular, this allows us
to queue outgoing packets during repeat key exchange, to be actually
sent after the rekey completes.
(This doesn't fully fix ssh2-kex-data; also required is the ability
to handle _incoming_ connection-layer packets during rekey without
exploding.)
[originally from svn r4899]
structure have been retired. Now all Packet structures are
dynamically allocated. Each rdpkt function allocates one, and it's
freed after being used; and the packet construction functions
allocate them too, and they're freed by the send functions.
`pktin' and `pktout' were ugly. They were _morally_ still global
variables; even though they were replicated per SSH session to
comply with the Mac no-globals requirement, they weren't really in
the _spirit_ of `dynamically allocate your data'.
As a side effect of this change, the `pktout_blanks' and
`pktout_nblanks' fields in the Ssh structure have been moved into
the Packet structure.
[originally from svn r4898]
prompt for keyboard-interactive. I suspect we should do the same with that
method (especially given the apparent number of systems that use it for
regular password auth), but in the absence of systems to test against I've
not actually made the change. (I'm worried that the `partial success' field
might not be set correctly in a multi-stage authentication, for instance.)
[originally from svn r4850]
authentication state, a failed `password' authentication in SSH-2 was
sending us back to trying `none' and `keyboard-interactive' each time
round, which uses up OpenSSH's quota of authentication attempts rather
quickly. Added a check for `cfg.change_username' to the logic which
sends us back to the start.
[originally from svn r4849]
pointed out that Plink would attempt to use a zero-length username iff
a remote command was specified (because the FLAG_INTERACTIVE test was
erroneously combined with the no-username test).
I don't think this will break non-interactive use; in the cases which
behave differently, Plink would be attempting to use the empty
username, which was almost certainly wrong, whereas now it will give a
prompt (which can be avoided with -batch as usual).
(Although perhaps we should attempt to use a local username as a guess for
the remote username, as PSCP does? I've not done this.)
[originally from svn r4831]
Also, I'm pretty sure that adding a source address to a remote SSH-2 forwarding
can never have worked, since we added an address string to the packet twice in
that case. OpenSSH 3.4p1 certainly doesn't like it (`Server has disabled port
forwarding' debug message). Fixed (and OpenSSH is happier now).
[originally from svn r4727]
mechanics means that each SSH-2 remote tunnel will sfree() something
random and thus have a chance of crashing or doing something else
bad, although it won't otherwise affect execution. Introduced in
1.319 [r4529] (some of my improved diagnostics). One day I'll make a
checkin to ssh.c without forgetting about the coroutines...
[originally from svn r4725]
[r4529 == 27193c4bf0]
fixing `vuln-ssh2-debug', by missing out a field. In most cases
(always_display = 0) we would log a zero-length or truncated message.
(Also add a prototype for ssh2_pkt_getbool().)
[originally from svn r4718]
This is disgustingly huge because old versions of OpenSSH got the message
format wrong, so we have to infer which format is in use. Tested with
Debian stable OpenSSH (3.4p1), with `uint32' packet, and lshd, which uses
the correct `string' packet, and also let me test "core dumped" and the
explanatory message.
[originally from svn r4653]
of the SSH servers I conveniently have access to (Debian stable OpenSSH --
3.4p1 -- and lshd) seem to take a blind bit of notice, but the channel
requests look fine to me in the packet log.
I've included all the signals explicitly defined by
draft-ietf-secsh-connect-19, but I've put the more obscure ones in a submenu
of the specials menu; there's therefore been some minor upheaval to support
such submenus.
[originally from svn r4652]
down. (A side effect of fixing this is that ssh->mainchain is set to NULL
when it closes, which might avoid other sorts of trouble.)
While we're here, don't bother offering SSH1_MSG_IGNORE if we believe the
remote will barf on it.
[originally from svn r4650]
into the Connection panel, and implemented support for the SSH2
"env" request. (I haven't yet found a server which accepts this
request, so although I've visually checked the packet log and it
looks OK, I haven't yet been able to do a full end-to-end test.)
Also, the `pty' backend reads this data and does a series of
`putenv' commands before launching the shell or application.
This is mostly because in last week's UTF-8 faffings I got
thoroughly sick of typing `export LANG=en_GB.UTF-8' every time I
started a new testing pterm, and it suddenly occurred to me that
this would be precisely the sort of thing you'd want to have pterm
set up for you, particularly since you can configure it alongside
the translation settings and so you can ensure they match up
properly.
[originally from svn r4645]
PuTTY / Plink not to run a remote shell/command at all. Supported in
the GUI configuration and via the (OpenSSH-like) -N command-line
option.
No effort is currently made to arrange `nice' UI properties. If you
do this in GUI PuTTY, a full-size terminal window will still be
created, and will sit there with almost nothing in it throughout
your session. If you do it in Plink, Plink will not accept any kind
of request to terminate gracefully; you'll have to ^C or kill it.
Nonetheless, even this little will be useful to some people...
[originally from svn r4614]
by default (although they can be included). There's also an option to remove
session data, which is good both for privacy and for reducing the size of
logfiles.
[originally from svn r4593]
enable login with this version. (I'd suspected as much -- see ssh.c CVS
log 1.299 [r3359] -- and Geoffrey Hughes has now confirmed this.)
[originally from svn r4566]
[r3359 == d534d4e104]
truncated - it was from OpenSSH on HP/UX and had all sorts of stuff in it
("last successful login" etc).
Bodged it by bumping up the space allocated in the fixed array for a password
prompt. Also added an indication that the prompt is being truncated, as
required by draft-ietf-secsh-auth-kbdinteract-06.
(NB that before this checkin, there was a more-or-less harmless buffer overread
where if we ever received a keyboard-interactive prompt with echo=1, we'd
probably spew goo on the terminal; fixed now.)
[originally from svn r4476]
forwarded X11 connection is now logged as well as the closing; but we also
log the peer IP/port in case it's interesting, and log the reason for
refusing to honour a channel open.
[originally from svn r4451]
handle source address spec ":10023"; ignoring' type errors in the
Event Log. The forwarding would go ahead as normal so this is
cosmetic. Fixed.
[originally from svn r4392]
No very good reason, but I've occasionally wanted to frob it to see if it
makes any difference to problems I'm having, and it was easy.
Tested that it does actually cause keepalives on Windows (with tcpdump);
should also work on Unix. Not implemented on Mac (does nothing), but then
neither is TCP_NODELAY.
Quite a big checkin, much of which is adding `keepalive' alongside `nodelay'
in network function calls.
[originally from svn r4309]
account of coroutines and used local variables over a crFoo. I believe the
impact was cosmetic, affecting the speeds reported in the Event Log only.
I've put the variables `ispeed' and `ospeed' in the main ssh_tag structure,
even though they're only live for a short duration; I did this rather than
create a new state struct for ssh1_protocol() (since ssh_tag already has
short-duration junk like portfwd_strptr).
[originally from svn r4272]
(we didn't before) - `ssh-termspeed'.
In the process, I've removed the individual controls on the Telnet and
Rlogin panels and replaced them with one on the Connection panel (since they
were backed by the same storage anyway).
The terminal speeds sent in SSH are logged in the Event Log.
[originally from svn r4133]
things; it called freebn on the DH gex values even if DH gex had not
taken place. Bug was trivially reproducible as a NULL-dereference
segfault by making any SSH2 connection with DH gex disabled. Should
now be fixed.
[originally from svn r3678]
functions have sprouted `**errorstr' arguments, which if non-NULL can
return a textual error message. The interface additions are patchy and
ad-hoc since this seemed to suit the style of the existing interfaces.
I've since realised that most of this is masked by sanity-checking that
gets done before these functions are called, but it will at least report
MAC failures and the like (tested on Unix), which was the original point
of the exercise.
Note that not everyone who could be using this information is at the
moment.
[originally from svn r3430]
sk_new() on invocation; these functions become responsible for (eventually)
freeing it. The caller must not do anything with 'addr' after it's been passed
in. (Ick.)
Why:
A SOCKS5 crash appears to have been caused by overzealous freeing of
a SockAddr (ssh.c:1.257 [r2492]), which for proxied connections is
squirreled away long-term (and this can't easily be avoided).
It would have been nice to make a copy of the SockAddr, in case the caller has
a use for it, but one of the implementations (uxnet.c) hides a "struct
addrinfo" in there, and we have no defined way to duplicate those. (None of the
current callers _do_ have a further use for the SockAddr.)
As far as I can tell, everything _except_ proxying only needs addr for the
duration of the call, so sk_addr_free()s immediately. If I'm mistaken, it
should at least be easier to find the offending free()...
[originally from svn r3383]
[r2492 == bdd6633970]
