Flush the log file after logging each packet (so that if we're going

[u/mdw/putty] / ssh.c

diff --git a/ssh.c b/ssh.c
index 115c0ce..22b8f5e 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -724,6 +724,11 @@ static int ssh1_rdpkt(unsigned char **data, int *datalen)
        st->to_read -= st->chunk;
     }
 
+    if (cipher && detect_attack(pktin.data, st->biglen, NULL)) {
+        bombout(("Network attack (CRC compensation) detected!"));
+        crReturn(0);
+    }
+
     if (cipher)
        cipher->decrypt(pktin.data, st->biglen);
 
@@ -3729,6 +3734,14 @@ static int ssh2_try_send(struct ssh_channel *c)
  */
 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin)
 {
+    /*
+     * Never send WINDOW_ADJUST for a channel that the remote side
+     * already thinks it's closed; there's no point, since it won't
+     * be sending any more data anyway.
+     */
+    if (c->closes != 0)
+       return;
+
     if (newwin > c->v.v2.locwindow) {
        ssh2_pkt_init(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
        ssh2_pkt_adduint32(c->remoteid);
@@ -5125,6 +5138,23 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                        ssh2_pkt_send();
                    }
                }
+           } else if (pktin.type == SSH2_MSG_GLOBAL_REQUEST) {
+               char *type;
+               int typelen, want_reply;
+
+               ssh2_pkt_getstring(&type, &typelen);
+               want_reply = ssh2_pkt_getbool();
+
+                /*
+                 * We currently don't support any global requests
+                 * at all, so we either ignore the request or
+                 * respond with REQUEST_FAILURE, depending on
+                 * want_reply.
+                 */
+                if (want_reply) {
+                    ssh2_pkt_init(SSH2_MSG_REQUEST_FAILURE);
+                    ssh2_pkt_send();
+               }
            } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
                char *type;
                int typelen;