Remove the length limit on protocol version strings. (In principle, I
[u/mdw/putty] / ssh.c
diff --git a/ssh.c b/ssh.c
index 1077b33..1d328ae 100644 (file)
--- a/ssh.c
+++ b/ssh.c
 #define SSH1_AUTH_TIS                             5    /* 0x5 */
 #define SSH1_AUTH_CCARD                           16   /* 0x10 */
 
+#define SSH1_PROTOFLAG_SCREEN_NUMBER              1    /* 0x1 */
+/* Mask for protoflags we will echo back to server if seen */
+#define SSH1_PROTOFLAGS_SUPPORTED                 0    /* 0x1 */
+
 #define SSH2_MSG_DISCONNECT                       1    /* 0x1 */
 #define SSH2_MSG_IGNORE                           2    /* 0x2 */
 #define SSH2_MSG_UNIMPLEMENTED                    3    /* 0x3 */
@@ -256,6 +260,8 @@ static Socket s = NULL;
 
 static unsigned char session_key[32];
 static int ssh1_compressing;
+static int ssh1_remote_protoflags;
+static int ssh1_local_protoflags;
 static int ssh_agentfwd_enabled;
 static int ssh_X11_fwd_enabled;
 static int ssh_remote_bugs;
@@ -347,6 +353,16 @@ static void c_write (char *buf, int len) {
     from_backend(1, buf, len);
 }
 
+static void c_write_untrusted(char *buf, int len) {
+    int i;
+    for (i = 0; i < len; i++) {
+        if (buf[i] == '\n')
+            c_write("\r\n", 2);
+        else if ((buf[i] & 0x60) || (buf[i] == '\r'))
+            c_write(buf+i, 1);
+    }
+}
+
 static void c_write_str (char *buf) {
     c_write(buf, strlen(buf));
 }
@@ -432,11 +448,13 @@ next_packet:
        unsigned char *decompblk;
        int decomplen;
 #if 0
-       int i;
-       debug(("Packet payload pre-decompression:\n"));
-       for (i = -1; i < pktin.length; i++)
-           debug(("  %02x", (unsigned char)pktin.body[i]));
-       debug(("\r\n"));
+        {
+            int i;
+            debug(("Packet payload pre-decompression:\n"));
+            for (i = -1; i < pktin.length; i++)
+                debug(("  %02x", (unsigned char)pktin.body[i]));
+            debug(("\r\n"));
+        }
 #endif
        zlib_decompress_block(pktin.body-1, pktin.length+1,
                              &decompblk, &decomplen);
@@ -453,10 +471,13 @@ next_packet:
        sfree(decompblk);
        pktin.length = decomplen-1;
 #if 0
-       debug(("Packet payload post-decompression:\n"));
-       for (i = -1; i < pktin.length; i++)
-           debug(("  %02x", (unsigned char)pktin.body[i]));
-       debug(("\r\n"));
+        {
+            int i;
+            debug(("Packet payload post-decompression:\n"));
+            for (i = -1; i < pktin.length; i++)
+                debug(("  %02x", (unsigned char)pktin.body[i]));
+            debug(("\r\n"));
+        }
 #endif
     }
 
@@ -1135,10 +1156,11 @@ static void ssh_detect_bugs(char *vstring) {
 }
 
 static int do_ssh_init(unsigned char c) {
-    static char *vsp;
+    static char vslen;
     static char version[10];
-    static char vstring[80];
-    static char vlog[sizeof(vstring)+20];
+    static char *vstring;
+    static int vstrsize;
+    static char *vlog;
     static int i;
 
     crBegin;
@@ -1158,13 +1180,18 @@ static int do_ssh_init(unsigned char c) {
        crReturn(1);                   /* get another character */
     }
 
+    vstring = smalloc(16);
+    vstrsize = 16;
     strcpy(vstring, "SSH-");
-    vsp = vstring+4;
+    vslen = 4;
     i = 0;
     while (1) {
        crReturn(1);                   /* get another char */
-       if (vsp < vstring+sizeof(vstring)-1)
-           *vsp++ = c;
+       if (vslen >= vstrsize-1) {
+            vstrsize += 16;
+            vstring = srealloc(vstring, vstrsize);
+        }
+        vstring[vslen++] = c;
        if (i >= 0) {
            if (c == '-') {
                version[i] = '\0';
@@ -1179,7 +1206,11 @@ static int do_ssh_init(unsigned char c) {
     ssh_agentfwd_enabled = FALSE;
     rdpkt2_state.incoming_sequence = 0;
 
-    *vsp = 0;
+    vstring[vslen] = 0;
+    if (vslen > 80)
+        vlog = smalloc(20 + vslen);
+    else
+        vlog = smalloc(100);
     sprintf(vlog, "Server version: %s", vstring);
     ssh_detect_bugs(vstring);
     vlog[strcspn(vlog, "\r\n")] = '\0';
@@ -1227,6 +1258,9 @@ static int do_ssh_init(unsigned char c) {
     }
     ssh_state = SSH_STATE_BEFORE_SIZE;
 
+    sfree(vstring);
+    sfree(vlog);
+
     crFinish(0);
 }
 
@@ -1408,9 +1442,13 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
        logevent(logmsg);
     }
 
+    ssh1_remote_protoflags = GET_32BIT(pktin.body+8+i+j);
     supported_ciphers_mask = GET_32BIT(pktin.body+12+i+j);
     supported_auths_mask = GET_32BIT(pktin.body+16+i+j);
 
+    ssh1_local_protoflags = ssh1_remote_protoflags & SSH1_PROTOFLAGS_SUPPORTED;
+    ssh1_local_protoflags |= SSH1_PROTOFLAG_SCREEN_NUMBER;
+
     MD5Init(&md5c);
     MD5Update(&md5c, keystr2, hostkey.bytes);
     MD5Update(&md5c, keystr1, servkey.bytes);
@@ -1484,7 +1522,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
                 PKT_DATA, cookie, 8,
                 PKT_CHAR, (len*8) >> 8, PKT_CHAR, (len*8) & 0xFF,
                 PKT_DATA, rsabuf, len,
-                PKT_INT, 0,
+                PKT_INT, ssh1_local_protoflags,
                 PKT_END);
 
     logevent("Trying to enable encryption...");
@@ -2044,10 +2082,16 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
         char proto[20], data[64];
         logevent("Requesting X11 forwarding");
         x11_invent_auth(proto, sizeof(proto), data, sizeof(data));
-        send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING, 
-                   PKT_STR, proto, PKT_STR, data,
-                   PKT_INT, 0,
-                   PKT_END);
+        if (ssh1_local_protoflags & SSH1_PROTOFLAG_SCREEN_NUMBER) {
+            send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING,
+                        PKT_STR, proto, PKT_STR, data,
+                        PKT_INT, 0,
+                        PKT_END);
+        } else {
+            send_packet(SSH1_CMSG_X11_REQUEST_FORWARDING,
+                        PKT_STR, proto, PKT_STR, data,
+                        PKT_END);
+        }
         do { crReturnV; } while (!ispkt);
         if (pktin.type != SSH1_SMSG_SUCCESS && pktin.type != SSH1_SMSG_FAILURE) {
             bombout(("Protocol confusion"));
@@ -2096,8 +2140,8 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt) {
        zlib_decompress_init();
     }
 
-    if (*cfg.remote_cmd)
-        send_packet(SSH1_CMSG_EXEC_CMD, PKT_STR, cfg.remote_cmd, PKT_END);
+    if (*cfg.remote_cmd_ptr)
+        send_packet(SSH1_CMSG_EXEC_CMD, PKT_STR, cfg.remote_cmd_ptr, PKT_END);
     else
         send_packet(SSH1_CMSG_EXEC_SHELL, PKT_END);
     logevent("Started session");
@@ -2946,7 +2990,21 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
            if (!gotit)
                crWaitUntilV(ispkt);
            while (pktin.type == SSH2_MSG_USERAUTH_BANNER) {
-               /* FIXME: should support this */
+                char *banner;
+                int size;
+                /*
+                 * Don't show the banner if we're operating in
+                 * non-verbose non-interactive mode. (It's probably
+                 * a script, which means nobody will read the
+                 * banner _anyway_, and moreover the printing of
+                 * the banner will screw up processing on the
+                 * output of (say) plink.)
+                 */
+                if (flags & (FLAG_VERBOSE | FLAG_INTERACTIVE)) {
+                    ssh2_pkt_getstring(&banner, &size);
+                    if (banner)
+                        c_write_untrusted(banner, size);
+                }
                crWaitUntilV(ispkt);
            }
            if (pktin.type == SSH2_MSG_USERAUTH_SUCCESS) {
@@ -3075,9 +3133,11 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                            continue;
                        }
 
-                       c_write_str("Authenticating with public key \"");
-                       c_write(commentp, commentlen);
-                       c_write_str("\" from agent\r\n");
+                        if (flags & FLAG_VERBOSE) {
+                            c_write_str("Authenticating with public key \"");
+                            c_write(commentp, commentlen);
+                            c_write_str("\" from agent\r\n");
+                        }
 
                        /*
                         * Server is willing to accept the key.
@@ -3543,11 +3603,11 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
     if (cfg.ssh_subsys) {
         ssh2_pkt_addstring("subsystem");
         ssh2_pkt_addbool(1);           /* want reply */
-        ssh2_pkt_addstring(cfg.remote_cmd);
-    } else if (*cfg.remote_cmd) {
+        ssh2_pkt_addstring(cfg.remote_cmd_ptr);
+    } else if (*cfg.remote_cmd_ptr) {
         ssh2_pkt_addstring("exec");
         ssh2_pkt_addbool(1);           /* want reply */
-        ssh2_pkt_addstring(cfg.remote_cmd);
+        ssh2_pkt_addstring(cfg.remote_cmd_ptr);
     } else {
         ssh2_pkt_addstring("shell");
         ssh2_pkt_addbool(1);           /* want reply */
@@ -3734,7 +3794,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
                 c = find234(ssh_channels, &i, ssh_channelfind);
                 if (!c)
                     continue;          /* nonexistent channel */
-                mainchan->v2.remwindow += ssh2_pkt_getuint32();
+                c->v2.remwindow += ssh2_pkt_getuint32();
                 try_send = TRUE;
            } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
                 char *type;