Граф коммитов

2688 Коммитов

Автор SHA1 Сообщение Дата
Ben Harris ae64be506f draft-ietf-secsh-transport-24 says that only "SSH-" at the start of a line
marks a version string.  It's a bit vague about the definition of a line,
but I think it's reasonable to assume that they'll end with LF.  Change
do_ssh_init() to ignore "SSH-" anywhere else.  This makes the existing state
machine overkill, so replace it with something a little more readable.

[originally from svn r6138]
2005-07-24 13:46:14 +00:00
Jacob Nevins d4a365000e This is getting silly; nearly 25% of our mirrors are now in the US.
Discourage more strongly mirrors in well-served areas in the Feedback section.
Also, duplicate that text on the Mirrors page, along with a request to tell us
the country (since lots of people still don't).

[originally from svn r6109]
[this svn revision also touched putty-website]
2005-07-17 13:37:58 +00:00
Jacob Nevins 36ff0a38f4 Patch from Colin Watson: we were sometimes passing stack storage to putenv(),
which is Bad (in his case, it caused TERM to end up unset). Use malloc()'d
storage instead.

[originally from svn r6095]
2005-07-15 11:47:28 +00:00
Jacob Nevins eec73ea3b6 Missing argument in MALLOC_LOG version of snrealloc() macro.
[originally from svn r6075]
2005-07-06 18:26:41 +00:00
Ben Harris 7d49271ada Piers Finlayson reports that "DigiSSH_2.0" chokes (in a new and exciting
manner) on rekeys.  Add it to the list.

[originally from svn r6067]
2005-07-05 21:15:23 +00:00
Jacob Nevins 3b4e643588 Try to make it slightly clearer that TIS/CryptoCard are generic, since
SSH:TDGv2 seems to think that TIS is only relevant to its original
application (whose name eludes me at the moment).

[originally from svn r6038]
2005-06-29 18:20:17 +00:00
Ben Harris d3b993a9c1 In local-to-remote copies, abort if fxp_init() fails, rather than ploughing
on and trying to transfer files, which caused a null-pointer deference.

Thanks to Fernando Najera for reporting the bug.

[originally from svn r6021]
2005-06-25 21:43:09 +00:00
Ben Harris 36e1650965 Quote session name in command line example for robustness.
[originally from svn r6020]
2005-06-25 19:22:13 +00:00
Ben Harris 85a641500d Improve IPA representation of "PuTTY", as suggested by John Lunney. My
rationale (as mailed to him):

I think you're right.  I got the pronunciation there from the second edition
of the OED and my Collins dictionary at home, both of which believe that
"pretty" is pronounced /'prItI/, but, at least to me, those two vowels are
different.  Both of them think that /i/ doesn't occur in English words, the
vowel in "beat" being /i:/.  The third edition of the OED, though, adds /i/
as an English vowel in its pronunciation guide, with "happy" as an example
of its use.  I'll update the FAQ following your suggestion.

[originally from svn r5989]
2005-06-22 10:00:09 +00:00
Jacob Nevins 9897694920 Fix an apparently-harmless error spotted by Ben Rudiak-Gould:
do_ssh2_transport() was returning the wrong value for rekeys after the first.
This apparent error was introduced in r4901, but we can't see any reason for
the change to have been made. If it turns out to be a mistake to revert it,
I'm sure we'll find out.

Here for posterity is Simon's analysis:

| A lot of the return values from do_ssh2_transport appear to be vestigial: it
| used to be that a zero return from do_ssh2_transport meant it had handled the
| packet internally, and a 1 return meant the packet wasn't a transport-layer
| one and needed to pass on to do_ssh2_authconn. Since r4901, however, the
| layer discrimination is done based on the message type ranges, and the only
| remaining dependency on the return value from do_ssh2_transport is a special
| case in ssh2_protocol which detects the first 1 return and makes the
| initialisation call to do_ssh2_authconn.
| 
| Therefore, the gratuitous 1 return on every key exchange as a result of the
| confusing if statement is simply ignored in ssh2_protocol (because
| ssh->protocol_initial_phase_done is already TRUE). So the remaining question
| was, why does the _lack_ of that 1 return not cause a problem, if the if's
| sense is indeed reversed?
| 
| The answer is that 1 is still returned, just not by the crReturn inside the
| if statement. It's returned by the next crReturn, just after
| wait_for_rekey(). Which suggests that in fact, the if statement has the
| correct sense, but the crReturn inside it has the wrong value - it should be
| returning _zero_, to indicate that every NEWKEYS after the first one is
| uninteresting to the authconn code, and on the very first run through that
| doesn't happen and the NEWKEYS gets all the way to the crReturn(1) later on.

[originally from svn r5986]
[r4901 == a4ba026838]
2005-06-21 20:13:48 +00:00
Ben Harris 4ad47722e8 Make the sanity-checks on the size of incoming packets much stricter. We now
enforce the following:

* Packet must have at least one byte of payload and four bytes of padding.
* Total packet length must not exceed 35000 bytes compressed.
* Total packet length including length field must be a multiple of cipher
  block size (or eight bytes).

The feebleness of our old checks was noticed by Ben Rudiak-Gould.

[originally from svn r5981]
2005-06-20 13:56:30 +00:00
Ben Harris 93712a3ee1 A major purpose of PuTTY's memory-allocation functions is to succeed or die
trying, so there's no need to check their return values for NULL.  Spotted
by Ben Rudiak-Gould.

[originally from svn r5978]
2005-06-19 14:17:24 +00:00
Ben Harris b400397f69 Move comment about ECHO and LINE input modes to a more sensible position.
Spotted by Ben Rudiak-Gould.

[originally from svn r5976]
2005-06-19 13:57:50 +00:00
Jacob Nevins 3c7cb747f6 Detection of "auth-agent@openssh.com" was too liberal. Spotted by
Ben Rudiak-Gould.

[originally from svn r5962]
2005-06-14 23:20:42 +00:00
Jacob Nevins bb95adf054 We should wait until the Rlogin server indicates that it's happy to receive
window-size notifications before we send them.
This clears up a problem where the first password entry always failed.

[originally from svn r5960]
2005-06-14 14:48:17 +00:00
Jacob Nevins ccedec116c "SanskritFritz" points out that digits at the start of RTF pastes were being
eaten by the trailing "\f0" on the RTF preamble. The RTF spec (1.0 and 1.6)
suggests that adding a space should defuse this situation and be otherwise
harmless, and it works for me (Win98).

[originally from svn r5931]
2005-06-09 10:05:29 +00:00
Jacob Nevins 9565f4f550 Double-free on mkdir error, spotted by Brian Hartsock.
[originally from svn r5929]
2005-06-08 15:14:47 +00:00
Jacob Nevins a7097f7e86 Remove a couple of mistaken references to Telnet in comments.
[originally from svn r5853]
2005-05-28 13:46:04 +00:00
Jacob Nevins 203a25d502 Miscellaneous updates:
- note Visual Foo version requirements
 - note which things are done for you in our source snapshots
 - other tweaks

[originally from svn r5839]
2005-05-23 12:41:21 +00:00
Jacob Nevins 99ecca53ed Factor out all local SSH disconnections into a new function ssh_disconnect(),
and add the ability to treat a local disconnection as "unclean" -- notably, if
we can't agree any authentication methods to even try; someone was complaining
that the PuTTY window by default just disappears for no apparent reason in this
circumstance.

Also, use appropriate disconnect codes for those SSH2_MSG_DISCONNECT messages
that we do send.

I don't think I've seriously broken any user-visible behaviour, but the way
that connection-close distinctions are transmitted to the front-end is shaky
(or so it seems to me), so there may be non-ideal changes on some platforms.

[originally from svn r5824]
2005-05-21 16:49:27 +00:00
Jacob Nevins 3f20ec26a0 Fix documentation of NO_MANIFESTS (oops).
[originally from svn r5821]
2005-05-21 15:09:36 +00:00
Jacob Nevins 2ba272c262 Add NO_MANIFESTS option to Windows build, as the manifests apparently cause
trouble for 64-bit Windows builds.
Also flag the build flags that only apply to Windows.

[originally from svn r5820]
2005-05-21 14:35:21 +00:00
Jacob Nevins 26635548e8 Use {Get,Set}WindowLongPtr() instead of {Get,Set}WindowLong() for compatibility
with 64-bit Windows. Untested on 64-bit, but it doesn't appear to have broken
anything on 32-bit.

[originally from svn r5819]
2005-05-21 14:16:43 +00:00
Jacob Nevins 9cde5fa319 Minor memory leak spotted by Mikhail Kruk.
[originally from svn r5815]
2005-05-20 21:52:07 +00:00
Jacob Nevins b742913984 connection_fatal() should be called after ssh_closing() and other accesses to
`ssh', since it potentially frees it and potentially doesn't return.
Only affected a couple of rare circumstances.

[originally from svn r5787]
2005-05-16 14:41:08 +00:00
Jacob Nevins 680a32d5bc Don't try and set up reconfigured port-forwardings if the connection isn't yet
ready for them. Spotted by Martin Dushkov.

[originally from svn r5786]
2005-05-16 08:31:05 +00:00
Ben Harris ab855b74c5 Add experimental support for detecting BREAK on input and propagating it as
TS_BRK on output.  This is tested to the extent that other data survive the
escaping performed by PARMRK, at least on my system.  Actual passing on
of BREAK is as-yet untested.

[originally from svn r5779]
2005-05-14 22:01:10 +00:00
Jacob Nevins aa43d817d2 Use the packet dispatch table to handle USERAUTH_BANNER messages, which should
hopefully solve `drop-banner'. I haven't been able to test the failure case,
but the behaviour with OpenSSH appears no worse.

[originally from svn r5772]
[this svn revision also touched putty-wishlist]
2005-05-12 15:09:35 +00:00
Jacob Nevins c2abdbc360 s/public/private/ spotted by Walter Cleverly.
[originally from svn r5765]
2005-05-09 21:01:11 +00:00
Jacob Nevins 1d4705d9c8 Make Makefile.gtk build again on Linux (assume <utmpx.h>).
[originally from svn r5764]
2005-05-09 13:27:51 +00:00
Simon Tatham ea2cac08e9 Fix what looks like a cut-and-paste error which was stopping Unix
Plink building on MacOS X.

[originally from svn r5762]
2005-05-08 11:47:59 +00:00
Jacob Nevins 1f2f60de04 Correct apparent misspelling of `SIOCATMARK'.
[originally from svn r5749]
2005-05-05 22:47:30 +00:00
Jacob Nevins b099456c87 Implement `bypass-ssh2-userauth', since from correspondence it sounds like
there are servers which could in principle operate in this mode, although I
don't know if any do in practice. (Hence, I haven't been able to test it.)

[originally from svn r5748]
[this svn revision also touched putty-wishlist]
2005-05-05 22:37:54 +00:00
Ben Harris df913d0036 Also blank X authentication data when using SSH-1, and add a comment explaining
why this may not be sufficient to hide it.

[originally from svn r5720]
2005-04-30 17:08:48 +00:00
Ben Harris 162d04d360 X11 authentication data are generally sensitive, so blank them from packet
logs by default.

[originally from svn r5719]
2005-04-30 16:13:11 +00:00
Ben Harris a777b82f84 Unlike the AES and Blowfish code, our implementations of the various DES
modes of operation all took separate source and destination pointers.  They
were never called with those pointers different, though, so reduce them to
a single pointer like everything else uses.

[originally from svn r5716]
2005-04-30 14:30:07 +00:00
Ben Harris d83cd2f79b Fix stupid typo that probably utterly broke SSH-1 support, and caused compiles
with GCC to fail.  Not sure how it survived long enough to test, really.

[originally from svn r5715]
2005-04-30 14:26:46 +00:00
Ben Harris b7f7f4ec72 Minimally document 3des-ctr and blowfish-ctr.
[originally from svn r5703]
2005-04-28 09:03:16 +00:00
Ben Harris a40410a122 Remove comment explaining why 3des-ctr is disabled, since it isn't.
[originally from svn r5702]
2005-04-28 09:00:50 +00:00
Ben Harris fe83afa6ec Enable blowfish-ctr by default. It's been tested and found working.
Thanks to der Mouse for help with the testing.

[originally from svn r5701]
2005-04-28 08:56:03 +00:00
Ben Harris a33339b3f1 In blowfish-ctr mode, increment the counter in the correct order. Thanks to
der Mouse for spotting the same error in my 3des-ctr implementation.

[originally from svn r5700]
2005-04-28 08:24:46 +00:00
Ben Harris 34741dcc19 Fix two more stupid bugs in 3des-ctr:
- We were using the first word of each block of keystream block twice and the
   second not at all.
 - We were incrementing the high-order word of the counter after every block
   rather than the low-order one.

With those fixed, our 3des-ctr implementation interoperates with the one in
Moussh.  Thanks to der Mouse for his help with the testing.

3des-ctr is now enabled by default.

[originally from svn r5699]
2005-04-28 08:21:04 +00:00
Ben Harris 61199b6a04 On monochrome displays, display the cursor in reverse video so that it's
visible on reversed out text.  This only applies to active block cursors for
now.

[originally from svn r5698]
2005-04-27 21:42:51 +00:00
Ben Harris 1aee4d81e0 Tiny manual CSE of previous commit.
[originally from svn r5697]
2005-04-27 21:22:40 +00:00
Ben Harris 5a980feac9 On 1bpp displays, ignore colour attributes. This makes pterm minimally useful
there, though (e.g.) switching to using reverse video for the cursor would
probably also help.  Displays with other silly depths (e.g. 2bpp) aren't
catered for, but I suspect they're rare in the X world.

[originally from svn r5696]
2005-04-27 21:09:45 +00:00
Ben Harris 7b72634c27 Make palette changes use "best match" colours too.
[originally from svn r5695]
2005-04-27 20:30:47 +00:00
Ben Harris 62cdb81e0a Rather than checking for <sys/sockio.h>, just include it if our other
attempts at finding SIOCATMARK have failed.  This removes one of our
Autoconf tests, which is always nice.

[originally from svn r5690]
2005-04-27 15:42:10 +00:00
Ben Harris 024781b3ed Use the correct key order for 3des-ctr.
[originally from svn r5687]
2005-04-27 12:39:52 +00:00
Ben Harris fcaee2626c In SSH-2 mode, PuTTY wasn't sending KEXINIT until it had received one from the
server, which led to stalemate if the server did the same.  PuTTY now sends
KEXINIT proactively as soon as it's worked out that it's talking SSH-2.

[originally from svn r5685]
2005-04-27 11:10:54 +00:00
Simon Tatham 47e27618d8 mkunxarc.sh is supposed to be silent, so I'm having it discard the
stderr output from mkauto.sh. (I debated discarding it within
mkauto.sh itself, but decided against it.)

[originally from svn r5684]
2005-04-27 08:09:32 +00:00