Граф коммитов

25 Коммитов

Автор SHA1 Сообщение Дата
Tim Kosse f3f215423b Close file descriptor in test main().
Some static analyzers are complaining about it.
2015-08-15 13:54:55 +01:00
Simon Tatham 3fd8014ea7 Add a missing bounds check in the Deflate decompressor.
The symbol alphabet used for encoding ranges of backward distances in
a Deflate compressed block contains 32 symbol values, but two of them
(symbols 30 and 31) have no meaning, and hence it is an encoding error
for them to appear in a compressed block. If a compressed file did so
anyway, this decompressor would index past the end of the distcodes[]
array. Oops.

This is clearly a bug, but I don't believe it's a vulnerability. The
nonsense record we load from distcodes[] in this situation contains an
indeterminate bogus value for 'extrabits' (how many more bits to read
from the input stream to complete the backward distance) and also for
the offset to add to the backward distance after that. But neither of
these can lead to a buffer overflow: if extrabits is so big that
dctx->nbits (which is capped at 32) never exceeds it, then the
decompressor will simply swallow all further data without producing
any output, and otherwise the decompressor will consume _some_ number
of spare bits from the input, work out a backward distance and an
offset in the sliding window which will be utter nonsense and probably
out of bounds, but fortunately will then AND the offset with 0x7FFF at
the last minute, which makes it safe again. So I think the worst that
a malicious compressor can do is to cause the decompressor to generate
strange data, which of course it could do anyway if it wanted to by
sending that same data legally compressed.

[originally from svn r10278]
2014-10-01 18:33:45 +00:00
Simon Tatham e2a5c6b679 Add some assertions in sshzlib.c.
gcc 4.8 compiling with -O3 gives a new warning about the access to
st->pending at the top of lz77_compress, because for some reason it
thinks there's an out-of-bounds array access there (or perhaps just a
potential one, I'm not really sure which side -Warray-bounds is erring
on). Add an assertion reassuring it that st->npending can't get bigger
than the size of st->pending at the site it's complaining about, and a
second one at the site where st->npending is increased (just in case
my analysis of why it can't happen was wrong!). Also add a comment
explaining the assertions.

[originally from svn r10144]
2014-02-22 18:02:14 +00:00
Simon Tatham 799f7f563d Missing #include.
[originally from svn r9551]
2012-06-01 19:43:05 +00:00
Jacob Nevins 74c5f7dda9 Implement zlib@openssh.com, using the rekey-after-userauth method suggested in
the wishlist entry.

[originally from svn r9120]
[this svn revision also touched putty-website,putty-wishlist]
2011-03-04 22:34:47 +00:00
Jacob Nevins 767778cf1b Add some extra validation to zlib decompression (primarily to shut up a GCC 4.6
warning).

[originally from svn r9113]
2011-03-01 23:44:06 +00:00
Jacob Nevins cd94e3bc3c Patch from Colin Watson intended to give a clean Unix compile with GCC 4.
(Since we choose to compile with -Werror, this is particularly important.)

I haven't yet checked that the resulting source actually compiles cleanly with
GCC 4, hence not marking `gcc4-warnings' as fixed just yet.

[originally from svn r7041]
2006-12-30 23:00:14 +00:00
Simon Tatham 2226098a9e Correct an embarrassingly wrong comment.
[originally from svn r6926]
2006-11-28 21:51:54 +00:00
Simon Tatham ecd50ec349 I just had a need to decode a piece of Zlib data from out of the
middle of a PDF. So here's a modification to sshzlib.c which enables
it to be compiled into a standalone Zlib decoder if you define
ZLIB_STANDALONE. As an added bonus, it (both standalone and in
PuTTY) also validates the Zlib header, just to make sure someone
hasn't defined a new compression format.

[originally from svn r4657]
2004-10-21 10:59:53 +00:00
Simon Tatham 33a59e78f1 Memory management fixes. Fixed a segfault in SSH1 compression
cleanup noticed by Gerhard Wiesinger, and also fixed some memory
leaks spotted by valgrind while debugging same.

[originally from svn r3726]
2004-01-18 09:14:41 +00:00
Simon Tatham d02ea52abc Fix a segfault (non-security-critical - null dereference for
reading) in the zlib code when fed certain kinds of invalid data. As
a result, ssh.c now needs to be prepared for zlib_decompress_block
to return failure.

[originally from svn r3306]
2003-06-26 13:41:30 +00:00
Simon Tatham d36a4c3685 Introduced wrapper macros snew(), snewn() and sresize() for the
malloc functions, which automatically cast to the same type they're
allocating the size of. Should prevent any future errors involving
mallocing the size of the wrong structure type, and will also make
life easier if we ever need to turn the PuTTY core code from real C
into C++-friendly C. I haven't touched the Mac frontend in this
checkin because I couldn't compile or test it.

[originally from svn r3014]
2003-03-29 16:14:26 +00:00
Ben Harris dd8c09eeba zlib_disable_compression() and zlib_huflookup() are unused outside this file.
Make them static.

[originally from svn r2485]
2003-01-05 23:36:53 +00:00
Simon Tatham 4756c15fc9 Yet more global-removal. The static variables in logging.c are now
absent, and also (I think) all the frontend request functions (such
as request_resize) take a context pointer, so that multiple windows
can be handled sensibly. I wouldn't swear to this, but I _think_
that only leaves the Unicode stuff as the last stubborn holdout.

[originally from svn r2147]
2002-10-26 12:58:13 +00:00
Simon Tatham 5df8e45c2e The Zlib module now uses dynamically allocated contexts. I think
that completes the static-removal in the crypto library. Ooh.

[originally from svn r2136]
2002-10-25 13:26:33 +00:00
Simon Tatham e8ab511442 ssh.com 3.2.0 uses zlib sync flush (start and close an empty
uncompressed block at the end of each compressed packet) which we
were embarrassingly unable to deal with because we assumed every
uncompressed block contained at least one byte. Particularly silly
because I _knew_ about the existence of sync flush when I coded this
module. Arrgh. Still, now fixed.

[originally from svn r1824]
2002-08-08 17:03:58 +00:00
Simon Tatham 3c74c01014 Pedantry patch from RDB: sanitise header use, correct one comment
and remove an unused variable.

[originally from svn r1243]
2001-09-07 22:49:17 +00:00
Simon Tatham fb473cc16c Placate gcc's `-Wall' warnings.
[originally from svn r1121]
2001-05-13 14:02:28 +00:00
Simon Tatham 3730ada5ce Run entire source base through GNU indent to tidy up the varying
coding styles of the various contributors! Woohoo!

[originally from svn r1098]
2001-05-06 14:35:20 +00:00
Simon Tatham 03c9b6107b Replace PuTTY's 2-3-4 tree implementation with the shiny new counted
one, in preparation for using it to speed up scrollback.

[originally from svn r1053]
2001-04-16 17:18:24 +00:00
Simon Tatham 4b5a97fbee Fix a few trivial compiler warnings
[originally from svn r1001]
2001-03-15 11:39:17 +00:00
Simon Tatham aaeecbb4ea Make the SSH2 traffic analysis defence robust in the face of Zlib
compression. This involves introducing an option to disable Zlib
compression (that is, continue to work within the Zlib format but
output an uncompressed block) for the duration of a single packet.

[originally from svn r982]
2001-03-05 16:38:42 +00:00
Simon Tatham 48699e8431 Add zlib_freetable() to prevent memory leaks. Thanks to Kevin Eric Saunders
[originally from svn r917]
2001-01-31 09:10:18 +00:00
Simon Tatham d5240d4157 Make memory management uniform: _everything_ now goes through the
smalloc() macros and thence to the safemalloc() functions in misc.c.
This should allow me to plug in a debugging allocator and track
memory leaks and segfaults and things.

[originally from svn r818]
2000-12-12 10:33:13 +00:00
Simon Tatham 462063cdc5 Implement Zlib compression, in both SSH1 and SSH2.
[originally from svn r792]
2000-11-01 21:34:21 +00:00