Граф коммитов

4648 Коммитов

Автор SHA1 Сообщение Дата
Tim Kosse 225186cad2 Fix memory leak: Free hostkey fingerprint when cross-certifying. 2017-01-06 19:31:05 +00:00
Simon Tatham e2452f3bd0 Add some missing checks for EINTR after select(2).
I noticed today that Unix Plink responds to SIGWINCH by accidentally
dying of EINTR having interrupted its main select loop, and when I
checked, there turn out to be a couple of other select loops with the
same bug.
2017-01-06 19:29:06 +00:00
Simon Tatham 86ba2e6339 Remove/rescope variable 'ret' in sftp_put_file.
This is a purely stylistic cleanup - no functional change intended -
after Tim Kosse's changes in commits e9a76883a and 6f871e3d2.

I think the underlying cause of the confusion whose functional effects
he was fixing there is that I have the bad habit of tending to call
variables 'ret' for two different reasons: one is because it's holding
the value returned from some subroutine I've just called, and the
other is because it's holding the value I'm preparing to return from
the routine _containing_ the variable.

The reason it's a bad habit is that I confuse the two purposes, and a
variable of one type ends up accidentally being treated as the other.
So while Tim's commits have already fixed the functional effects of
the error in this case, this change should help prevent a recurrence
because now there's no variable called 'ret' at all that's in scope
for the whole function.
2016-12-29 11:29:14 +00:00
Tim Kosse fa38307244 In random_add_noise, put the hashed noise into the pool, not the raw noise
random_add_noise calls SHATransform for every 64 octets of incoming noise,
yet instead of xor'ing the hashed noise into the pool it instead only xor'ed
20 octets of the raw noise in each iteration. This effectively reduced the
amount of new entropy entering the pool.
2016-12-29 11:18:03 +00:00
Tim Kosse 6f871e3d22 Handle failed SSH_FXP_CLOSE requests in sftp_put_file.
It is possible for SSH_FXP_CLOSE requests to fail. This can happen if the
server buffers writes and an error occurs flushing the data to disk while
processing the SSH_FXP_CLOSE request. If the close fails, sftp_put_file now
returns an error as well.
2016-12-29 11:18:03 +00:00
Tim Kosse e9a76883ad Fix sftp_put_file returning success on failed transfers.
Due to a shadowed variable, transfer failures were not reflected in the return
code to sftp_put_file. Instead of tracking the return code, use the 'err'
variable to decide which return code to use.
2016-12-29 11:18:03 +00:00
Tim Kosse 57e21d756e Fix sftp_get_file returning success on failed transfers.
Due to the return variable 'ret' being shadowed in the transfer loop, errors
in the transfer loop did not affect the final return value of sftp_get_file.
This particularly affects psftp's batch mode (without passing the -be
command-line argument), which would errorneously continue. The solution is
to simply remove the shadowing declaration.
2016-12-29 11:18:03 +00:00
Simon Tatham 24a43404b4 Fix a compile failure with NO_IPV6.
A user points out that buf[] in sk_tcp_peer_info is only used in the
IPv6 branch of an ifdef, and is declared with a size of
INET6_ADDRSTRLEN, which won't be defined in NO_IPV6 mode. So moving
the definition inside another IPv6-only ifdef fixes the resulting
build failure.
2016-12-11 22:27:40 +00:00
Tim Kosse 09b74971c7 Fix type mismatch in sftp_find_request
The id member of the sftp_request structure is of type unsigned int.
This type is also used in the sftp_reqfind callback. In
sftp_find_request we thus need to pass a pointer to unsigned int to
find234. Before this commit, sftp_find_request was passing a pointer
to unsigned long to find234, which causes the lookup to fail on
big-endian platforms where sizeof(unsigned int) != sizeof(unsigned
long), e.g. ppc64.
2016-11-19 07:27:24 +00:00
Simon Tatham fa91b55eec Make ESC[3J (clear scrollback) a disableable escape sequence.
A user complained that it was being done nonconsensually, and it seems
reasonable that the user should have the choice to prevent it.
2016-11-17 20:25:27 +00:00
Simon Tatham 5c390fceab Make the new ^< and ^> keystrokes add the class prefix.
The new font name configured by the keystrokes was missing its
"client:" or "server:" prefix, which could have led to the selection
of the wrong font in rare situations.
2016-11-16 22:02:54 +00:00
Simon Tatham 1a51771720 Unix PuTTY/pterm: Ctrl-< / Ctrl-> to change font size.
Each gtkfont back end now provides a routine that will return the name
of a similar font to the current one but one notch larger or smaller.
For Pango, this is just a matter of incrementing the font size field
in a standard way; for X11 server-side fonts, we have to go and do an
XListFonts query with a wildcard that requests fonts that vary only in
the size fields from the current one, and then iterate over the result
looking for the best one.

(I expect this will be more useful to Pango scalable-font users than
to X11 fonts, but it seemed a shame not to give the X11 side my best
shot while I was at it.)

Choice of hotkey: I know I'm being inconsistent with gnome-terminal's
use of Ctrl-plus and Ctrl-minus. I thought that was because I was
already using Ctrl-minus as a more convenient synonym for
Ctrl-underscore (which sends the actual control code 0x1F), but now I
actually try it, apparently I'm not. However, Ctrl-plus and Ctrl-minus
are quite horrible as a keystroke pair anyway (one has to be typed
with shift and one without!), and I feel as if the 'less' and
'greater' signs are more specific anyway, in that they specifically
indicate _size_ rather than just 'unspecified numerical value'.
2016-11-13 14:06:43 +00:00
Simon Tatham d9c68d236b gtkfont: refactor parse/unparse of XLFDs.
There were already two places in the code (x11font_enum_fonts and
x11_guess_derived_font_name) where we retrieved an XLFD from the X
server, sawed it up ad-hoc into its '-'-separated parts and accessed
them by numeric index.

I'm about to add a third, so before I do, let's turn this into a
somewhat principled system where we get to do the decode/encode in
just one place and call all the individual fields by names that are
actually memorable.

No functional change intended by this commit.
2016-11-13 13:50:18 +00:00
Simon Tatham 22013390c4 release.pl: switch the.earth.li to HTTPS.
That's the URL scheme we advertise on the website, so it's silly to do
the release-time testing by any other system.
2016-11-13 13:48:04 +00:00
Simon Tatham 24da181a01 cygtermd: be more specific in define of _XOPEN_SOURCE.
On Debian stretch, it seems we don't get setpgrp() unless we do not
merely define it, but define it to 500 or greater.
2016-09-19 14:17:26 +01:00
Simon Tatham ccf25c0849 Add explicit "./" in mkfiles.pl's require statements.
I've just tried for the first time to run mkfiles.pl on a system where
plain 'require "sbcsgen.pl"' does not search the cwd by default.
2016-09-19 14:14:54 +01:00
Owen Dunn bf00bcd2a4 SetCurrentProcessExplicitAppUserModelID to fix jumplist/removable media bug
The algorithm Windows uses to generate AppUserModelIDs "hangs on" to
removable media (CDs/DVDs) if PuTTY is launched with a CD/DVD in a drive.
Set the AppUserModelID explicitly to avoid using this algorithm.
2016-08-29 16:55:42 +01:00
Simon Tatham c5ce372a36 Fix memory leak in the new make_dir_path().
Thanks to Jason Andryuk for promptly pointing it out.
2016-08-10 19:34:46 +01:00
Ondřej Lysoněk 9952b2d5bd Added support for the XDG specification
The XDG configuration location ($XDG_CONFIG_HOME/putty, or
~/.config/putty) is now prefered over the old ~/.putty location, if the
XDG location already exists. If it doesn't exist, we try to use one of
the old locations ($HOME/.putty, [/etc/passwd home]/.putty, /.putty). If
none of the directories exist, we fall back to ~/.config/putty or
~/.putty, if the XDG_DEFAULT macro is defined or not, respectively. The
PUTTYDIR environment variable remains a definitive override of the
configuration location. This all ensures that the old location is still
used, unless the user explicitly requests otherwise.

The configuration directories are created using the make_dir_path()
function, to ensure that saving the configuration doesn't fail e.g.
because of a non-existent ~/.config directory.
2016-08-08 20:37:07 +01:00
Simon Tatham 23a02f429c New Unix utility function to make a directory path.
Essentially 'mkdir -p' - we try to make each prefix of the pathname,
terminating on any error other than EEXIST. Semantics are similar to
make_dir_and_check_ours(): we return NULL on success or a dynamically
allocated error message string on failure.
2016-08-08 20:37:07 +01:00
Simon Tatham 9398d23033 Lock down the search path for Windows DLL loading.
At least on systems providing SetDefaultDllDirectories, this should
stop PuTTY from being willing to load DLLs from its containing
directory - which makes no difference when it's been properly
installed (in which case the application dir contains no DLLs anyway),
but does if it's being run from somewhere uncontrolled like a browser
downloads directory.

Preliminary testing suggests that this shouldn't break any existing
deliberate use of DLLs, including GSSAPI providers.
2016-07-18 20:02:32 +01:00
Simon Tatham f56dd17709 clip_addchar: merge memory-management performance fix. 2016-06-27 19:24:56 +01:00
Jeff Westfahl 5f3160d186 Speed up clipboard copies.
Copying large scrollback buffers to the clipboard can take a long time,
up to several minutes. Doubling the size of the clipboard copy buffer
when more space is needed, instead of just adding a small constant size,
significantly speeds up clipboard copies of large scrollback buffers.
2016-06-27 09:58:16 -05:00
Ben Harris 7b9ad09006 Factor out code to close the local socket associated with a channel.
The only visible effect should be that abrupt closure of an SSH
connection now leads to a slew of messages about closing forwarded
ports.
2016-05-28 14:50:02 +01:00
Ben Harris 5da8ec5ca6 Use ssh2_channel_got_eof() in ssh1_msg_channel_close().
Of course, that means renaming it to ssh_channel_got_eof().  It also
involves adding the assertions from ssh1_msg_channel_close(), just in
case.
2016-05-25 23:16:09 +01:00
Ben Harris b7cc086e00 Move call to ssh2_channnel_check_close().
From ssh2_channel_got_eof() to ssh2_msg_channel_eof().  This removes
the only SSH-2 specicifity from the former.  ssh2_channel_got_eof()
can also be called from ssh2_msg_channel_close(), but that calls
ssh2_channel_check_close() already.
2016-05-25 23:06:20 +01:00
Ben Harris 12cebbf676 Assume that u.pfd.pf and u.x11.xconn are not NULL on appropriate channels.
Nothing ever sets them to NULL, and the various paths by which the
channel types can be set to CHAN_X11 or CHAN_SOCKDATA all ensure thet
the relevant union members are non-NULL.  All the removed conditionals
have been converted into assertions, just in case  I'm wrong.
2016-05-25 22:22:19 +01:00
Ben Harris 4115ab6e2e Don't completely ignore unknown types of SSH_MSG_CHANNEL_EXTENDED_DATA.
It's important to do the usual window accounting in all cases.  We
still ignore the data themselves, which I think is the right thing to
do.
2016-05-24 22:38:40 +01:00
Ben Harris f0f191466a Remove CHAN_SOCKDATA_DORMANT.
It's redundant with the halfopen flag and is a misuse of the channel
type field.  Happily, everything that depends on CHAN_SOCKDATA_DORMANT
also checks halfopen, so removing it is trivial.
2016-05-23 10:06:31 +01:00
Ben Harris 066dfb7786 Forward channel messages for shared channels in ssh_channel_msg().
This saves doing it separately in every function that processes such
messages.
2016-05-22 23:59:48 +01:00
Ben Harris 08d4ca0787 More strictness in ssh_channel_msg().
Now it disconnects if the server sends
SSH_MSG_CHANNEL_OPEN_CONFIRMATION or SSH_MSG_CHANNEL_OPEN_FAILURE for
a channel that isn't half-open.  Assertions in the SSH-2 handlers for
these messages rely on this behaviour even though it's never been
enforced before.
2016-05-22 22:57:25 +01:00
Ben Harris d17b9733a9 Switch SSH-1 channel message handlers to use ssh_channel_msg().
This gives consistent (and stricter) handling of channel messages
directed at non-existent and half-open channels.
2016-05-22 22:21:20 +01:00
Ben Harris 1c8c38555d Generalise ssh2_channel_msg() to ssh_channel_msg().
It now supports both SSH-1 and SSH-2 channel messages.  The SSH-1 code
doesn't yet use it, though.
2016-05-22 22:14:00 +01:00
Ben Harris d8eff1070d Assert that ssh2_channel_check_close() is only called in SSH-2.
That really should be true, but I don't entirely trust
sshfwd_unclean_close().
2016-05-22 13:50:34 +01:00
Ben Harris bc48975ce5 In ssh_channel_init(), insert the new channel into the channel tree234.
All but one caller was doing this unconditionally.  The one conditional
call was when initialising the main channel, and in consequence PuTTY
leaked a channel structure when the server refused to open the main
channel.  Now it doesn't.
2016-05-21 23:26:57 +01:00
Ben Harris acfab518d2 Convert ssh2_channel_init() into ssh_channel_init().
By adding support for initialising SSH-1 channels as well.  Now all
newly-created channels go through this function.
2016-05-21 22:29:57 +01:00
Ben Harris c7759f300b Unify despatch of incoming channel data between SSH-1 and SSH-2. 2016-05-21 13:13:00 +01:00
Ben Harris e06833b46b Don't send SSH_MSG_CHANNEL_WINDOW_ADJUST with a zero adjustment. 2016-05-20 21:33:46 +01:00
Ben Harris 0e1b0e24c1 Factor out common parts of ssh_unthrottle and sshfwd_unthrottle.
The SSH-2 code is essentially all shared, but SSH-1 still has some
code specific to the stdout/stderr case.
2016-05-20 21:33:46 +01:00
Ben Harris de52cc8597 Remove inaccurate comment about Unix getticks() function.
It's not always based on gettimeofday(); now it mostly uses
clock_gettime().
2016-05-17 13:07:36 +02:00
Jacob Nevins 1de7240eb8 Document SSH IUTF8 mode. 2016-05-07 11:36:55 +01:00
Jacob Nevins 4e3aa6572d Set SSH IUTF8 appropriately in Unix Plink. 2016-05-07 11:36:50 +01:00
Tim Kosse 9ba51c79fa Fix uninitialized variable in Windows get_file_posn.
The Windows implementation of get_file_posn is calling SetFilePointer
to obtain the current position in the file. However it did not
initialize the variable holding the high order 32-bit to 0. Thus,
SetFilePointer either returned -1 to indicate an error or did move the
file pointer to a different location instead of just returning the
current position. This change just initializes the variable to 0.

As a result, this bug has caused psftp's reget command to fail
resuming transfers or to create corrupt files due to setting up an
incorrect resume offset.
2016-05-04 06:24:26 +01:00
Simon Tatham cc9d920c78 Rework samplekex.py to use the new -proxycmd.
It now expects its standard input to be connected to the same PuTTY
its standard output is talking to, i.e. expects to be invoked as a
proxy command. It conducts the same sample key exchange as it used to,
but now reads the SSH greeting and first couple of packets back from
PuTTY and minimally checks that they're something like what it was
expecting.

(In the process, I've also fixed a mistake in the Python message code
enumeration, which caused one of those expect() calls to fail.)
2016-05-03 16:51:42 +01:00
Simon Tatham e65e5d165f Add a '-proxycmd' command-line option.
This is equivalent to selecting 'Local' as the proxy type and entering
the argument string in the proxy command box, in the GUI.

I've pulled this out of all the other proxy options to promote to a
named command-line option, partly because it's the proxy option with
the most natural command-line expression in the first place (any shell
command you might want to use is already in the form of a single
string), and also because it has uses beyond end-user proxying
applications: in particular, replacing the network connection with a
local process is a convenient way to do testing in the style of
contrib/samplekex.py, avoiding the need to run a separate command to
make the test 'server' listen on a port.
2016-05-03 15:59:15 +01:00
Simon Tatham d47be8d91a Swap endianness of the Curve25519 ECDH private key.
DJB's spec at http://cr.yp.to/ecdh/curve25519-20060209.pdf is clear
that we should be clearing the low 3 bits of the _LSB_ of the private
key bit string, and setting bit 6 and clearing bit 7 of the _MSB_. We
were doing the opposite, due to feeding the resulting bit string to
bignum_from_bytes() rather than bignum_from_bytes_le().

This didn't cause an interoperability issue, because the two DH
exponentiations still commute, but it goes against the Curve25519
spec, in particular the care taken to fix the position of the leading
exponent bit.

The code is now consistent with the test vectors in RFC 7748 section
6.1: if you modify the EC_MONTGOMERY branch of ssh_ecdhkex_newkey() to
replace the loop on random_byte() with a memcpy that fills bytes[]
with 77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a
and then print out the resulting publicKey->x, you find that it's
(byte-reversed) the expected output value given in that RFC section,
8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a.
2016-05-03 14:46:10 +01:00
Simon Tatham dcf4466305 Send the IUTF8 terminal mode in SSH "pty-req"s.
An opcode for this was recently published in
https://tools.ietf.org/html/draft-sgtatham-secsh-iutf8-00 .

The default setting is conditional on frontend_is_utf8(), which is
consistent with the pty back end's policy for setting the same flag
locally. Of course, users can override the setting either way in the
GUI configurer, the same as all other tty modes.
2016-05-03 11:13:48 +01:00
Simon Tatham 2a73676490 Support frontend_is_utf8() in all front ends.
Previously only Unix front ends bothered to include it, on the basis
that only the pty backend needed it (to set IUTF8 in the pty). We're
about to need it everywhere else too.
2016-05-03 11:13:48 +01:00
Simon Tatham 2ce0b680cf Loop over all _supported_, not just configured, SSH tty modes.
Previously, the code that marshalled tty settings into the "pty-req"
request was iterating through the subkeys stored in ssh->conf, meaning
that if a session had been saved before we gained support for a
particular tty mode, the iteration wouldn't visit that mode at all and
hence wouldn't send even the default setting for it.

Now we iterate over the array of known mode identifiers in
ssh_ttymodes[] and look each one up in ssh->conf, rather than vice
versa. This means that when we add support for a new tty mode with a
nontrivial policy for choosing its default state, we should start
using the default handler immediately, rather than bizarrely waiting
for users to save a session after the change.
2016-05-03 11:13:48 +01:00
Ben Harris 8a2797cf0f ssh_pkt_defersend: don't call do_ssh2_transport when using SSH-1.
Also add an assertion to do_ssh2_transport to catch this.

This bug would be highly unlikely to manifest accidentally, but I
think you could trigger it by setting the data-based rekey threshold
very low.
2016-05-01 19:16:22 +02:00