X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/134f5ecef908ba0933d2de0ecba207de0126cffc..ae3ab75a9bc8ad74465bebda3c1bdcad9b520cb0:/ssh.c diff --git a/ssh.c b/ssh.c index 7c6fa2f8..8b73da4c 100644 --- a/ssh.c +++ b/ssh.c @@ -439,6 +439,8 @@ enum { #define crState(t) crStateP(t, ssh->t) #define crFinish(z) } *crLine = 0; return (z); } #define crFinishV } *crLine = 0; return; } +#define crFinishFree(z) } sfree(s); return (z); } +#define crFinishFreeV } sfree(s); return; } #define crReturn(z) \ do {\ *crLine =__LINE__; return (z); case __LINE__:;\ @@ -778,8 +780,8 @@ static unsigned long ssh_pkt_getuint32(struct Packet *pkt); static int ssh2_pkt_getbool(struct Packet *pkt); static void ssh_pkt_getstring(struct Packet *pkt, char **p, int *length); static void ssh2_timer(void *ctx, long now); -static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, - struct Packet *pktin); +static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, + struct Packet *pktin); static void ssh2_msg_unexpected(Ssh ssh, struct Packet *pktin); struct rdpkt1_state_tag { @@ -1017,14 +1019,15 @@ static void logeventf(Ssh ssh, const char *fmt, ...) sfree(buf); } -#define bombout(msg) \ - do { \ - char *text = dupprintf msg; \ - ssh_do_close(ssh, FALSE); \ - logevent(text); \ - connection_fatal(ssh->frontend, "%s", text); \ - sfree(text); \ - } while (0) +static void bomb_out(Ssh ssh, char *text) +{ + ssh_do_close(ssh, FALSE); + logevent(text); + connection_fatal(ssh->frontend, "%s", text); + sfree(text); +} + +#define bombout(msg) bomb_out(ssh, dupprintf msg) /* Functions to leave bits out of the SSH packet log file. */ @@ -1060,12 +1063,14 @@ static void parse_ttymodes(Ssh ssh, * follows it, or 'A' indicating that we should pass the * value through from the local environment via get_ttymode. */ - if (val[0] == 'A') + if (val[0] == 'A') { val = get_ttymode(ssh->frontend, key); - else - val++; /* skip the 'V' */ - if (val) - do_mode(data, key, val); + if (val) { + do_mode(data, key, val); + sfree(val); + } + } else + do_mode(data, key, val + 1); /* skip the 'V' */ } } @@ -4244,6 +4249,7 @@ static void ssh_channel_try_eof(struct ssh_channel *c) if (ssh->version == 2 && bufchain_size(&c->v.v2.outbuffer) > 0) return; /* can't send EOF: pending outgoing data */ + c->pending_eof = FALSE; /* we're about to send it */ if (ssh->version == 1) { send_packet(ssh, SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid, PKT_END); @@ -4254,17 +4260,8 @@ static void ssh_channel_try_eof(struct ssh_channel *c) ssh2_pkt_adduint32(pktout, c->remoteid); ssh2_pkt_send(ssh, pktout); c->closes |= CLOSES_SENT_EOF; - if (!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes)) { - /* - * Also send MSG_CLOSE. - */ - pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); - ssh2_pkt_adduint32(pktout, c->remoteid); - ssh2_pkt_send(ssh, pktout); - c->closes |= CLOSES_SENT_CLOSE; - } + ssh2_channel_check_close(c); } - c->pending_eof = FALSE; /* we've sent it now */ } void sshfwd_write_eof(struct ssh_channel *c) @@ -4284,25 +4281,19 @@ void sshfwd_write_eof(struct ssh_channel *c) void sshfwd_unclean_close(struct ssh_channel *c) { Ssh ssh = c->ssh; - struct Packet *pktout; if (ssh->state == SSH_STATE_CLOSED) return; - if (!(c->closes & CLOSES_SENT_CLOSE)) { - pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); - ssh2_pkt_adduint32(pktout, c->remoteid); - ssh2_pkt_send(ssh, pktout); - c->closes |= CLOSES_SENT_EOF | CLOSES_SENT_CLOSE; - } - switch (c->type) { case CHAN_X11: x11_close(c->u.x11.s); + logevent("Forwarded X11 connection terminated due to local error"); break; case CHAN_SOCKDATA: case CHAN_SOCKDATA_DORMANT: pfd_close(c->u.pfd.s); + logevent("Forwarded port closed due to local error"); break; } c->type = CHAN_ZOMBIE; @@ -5485,7 +5476,7 @@ static void ssh2_mkkey(Ssh ssh, Bignum K, unsigned char *H, char chr, /* * Handle the SSH-2 transport layer. */ -static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, +static void do_ssh2_transport(Ssh ssh, void *vin, int inlen, struct Packet *pktin) { unsigned char *in = (unsigned char *)vin; @@ -5726,7 +5717,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh2_pkt_send_noqueue(ssh, s->pktout); if (!pktin) - crWaitUntil(pktin); + crWaitUntilV(pktin); /* * Now examine the other side's KEXINIT to see what we're up @@ -5738,7 +5729,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (pktin->type != SSH2_MSG_KEXINIT) { bombout(("expected key exchange packet from server")); - crStop(0); + crStopV; } ssh->kex = NULL; ssh->hostkey = NULL; @@ -5773,7 +5764,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (!ssh->kex) { bombout(("Couldn't agree a key exchange algorithm (available: %s)", str ? str : "(null)")); - crStop(0); + crStopV; } /* * Note that the server's guess is considered wrong if it doesn't match @@ -5791,7 +5782,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (!ssh->hostkey) { bombout(("Couldn't agree a host key algorithm (available: %s)", str ? str : "(null)")); - crStop(0); + crStopV; } s->guessok = s->guessok && @@ -5815,7 +5806,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (!s->cscipher_tobe) { bombout(("Couldn't agree a client-to-server cipher (available: %s)", str ? str : "(null)")); - crStop(0); + crStopV; } ssh_pkt_getstring(pktin, &str, &len); /* server->client cipher */ @@ -5837,7 +5828,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (!s->sccipher_tobe) { bombout(("Couldn't agree a server-to-client cipher (available: %s)", str ? str : "(null)")); - crStop(0); + crStopV; } ssh_pkt_getstring(pktin, &str, &len); /* client->server mac */ @@ -5901,11 +5892,11 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_dialog_callback, ssh); if (s->dlgret < 0) { do { - crReturn(0); + crReturnV; if (pktin) { bombout(("Unexpected data from server while" " waiting for user response")); - crStop(0); + crStopV; } } while (pktin || inlen > 0); s->dlgret = ssh->user_response; @@ -5914,7 +5905,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (s->dlgret == 0) { ssh_disconnect(ssh, "User aborted at kex warning", NULL, 0, TRUE); - crStop(0); + crStopV; } } @@ -5926,11 +5917,11 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_dialog_callback, ssh); if (s->dlgret < 0) { do { - crReturn(0); + crReturnV; if (pktin) { bombout(("Unexpected data from server while" " waiting for user response")); - crStop(0); + crStopV; } } while (pktin || inlen > 0); s->dlgret = ssh->user_response; @@ -5939,7 +5930,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (s->dlgret == 0) { ssh_disconnect(ssh, "User aborted at cipher warning", NULL, 0, TRUE); - crStop(0); + crStopV; } } @@ -5951,11 +5942,11 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_dialog_callback, ssh); if (s->dlgret < 0) { do { - crReturn(0); + crReturnV; if (pktin) { bombout(("Unexpected data from server while" " waiting for user response")); - crStop(0); + crStopV; } } while (pktin || inlen > 0); s->dlgret = ssh->user_response; @@ -5964,7 +5955,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (s->dlgret == 0) { ssh_disconnect(ssh, "User aborted at cipher warning", NULL, 0, TRUE); - crStop(0); + crStopV; } } @@ -5979,7 +5970,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, pktin->data + 5, pktin->length - 5); if (s->ignorepkt) /* first_kex_packet_follows */ - crWaitUntil(pktin); /* Ignore packet */ + crWaitUntilV(pktin); /* Ignore packet */ } if (ssh->kex->main_type == KEXTYPE_DH) { @@ -6016,16 +6007,16 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh2_pkt_adduint32(s->pktout, s->pbits); ssh2_pkt_send_noqueue(ssh, s->pktout); - crWaitUntil(pktin); + crWaitUntilV(pktin); if (pktin->type != SSH2_MSG_KEX_DH_GEX_GROUP) { bombout(("expected key exchange group packet from server")); - crStop(0); + crStopV; } s->p = ssh2_pkt_getmp(pktin); s->g = ssh2_pkt_getmp(pktin); if (!s->p || !s->g) { bombout(("unable to read mp-ints from incoming group packet")); - crStop(0); + crStopV; } ssh->kex_ctx = dh_setup_gex(s->p, s->g); s->kex_init_value = SSH2_MSG_KEX_DH_GEX_INIT; @@ -6051,10 +6042,10 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh2_pkt_send_noqueue(ssh, s->pktout); set_busy_status(ssh->frontend, BUSY_WAITING); /* wait for server */ - crWaitUntil(pktin); + crWaitUntilV(pktin); if (pktin->type != s->kex_reply_value) { bombout(("expected key exchange reply packet from server")); - crStop(0); + crStopV; } set_busy_status(ssh->frontend, BUSY_CPU); /* cogitate */ ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen); @@ -6062,7 +6053,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, s->f = ssh2_pkt_getmp(pktin); if (!s->f) { bombout(("unable to parse key exchange reply packet")); - crStop(0); + crStopV; } ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); @@ -6095,10 +6086,10 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, * RSA key exchange. First expect a KEXRSA_PUBKEY packet * from the server. */ - crWaitUntil(pktin); + crWaitUntilV(pktin); if (pktin->type != SSH2_MSG_KEXRSA_PUBKEY) { bombout(("expected RSA public key packet from server")); - crStop(0); + crStopV; } ssh_pkt_getstring(pktin, &s->hostkeydata, &s->hostkeylen); @@ -6117,7 +6108,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (!s->rsakey) { sfree(s->rsakeydata); bombout(("unable to parse RSA public key from server")); - crStop(0); + crStopV; } hash_string(ssh->kex->hash, ssh->exhash, s->rsakeydata, s->rsakeylen); @@ -6177,11 +6168,11 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_rsakex_freekey(s->rsakey); - crWaitUntil(pktin); + crWaitUntilV(pktin); if (pktin->type != SSH2_MSG_KEXRSA_DONE) { sfree(s->rsakeydata); bombout(("expected signature packet from server")); - crStop(0); + crStopV; } ssh_pkt_getstring(pktin, &s->sigdata, &s->siglen); @@ -6205,7 +6196,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, (char *)s->exchange_hash, ssh->kex->hash->hlen)) { bombout(("Server's host key did not match the signature supplied")); - crStop(0); + crStopV; } /* @@ -6222,11 +6213,11 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, ssh_dialog_callback, ssh); if (s->dlgret < 0) { do { - crReturn(0); + crReturnV; if (pktin) { bombout(("Unexpected data from server while waiting" " for user host key response")); - crStop(0); + crStopV; } } while (pktin || inlen > 0); s->dlgret = ssh->user_response; @@ -6235,7 +6226,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, if (s->dlgret == 0) { ssh_disconnect(ssh, "User aborted at host key verification", NULL, 0, TRUE); - crStop(0); + crStopV; } if (!s->got_session_id) { /* don't bother logging this in rekeys */ logevent("Host key fingerprint is:"); @@ -6325,10 +6316,10 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, /* * Expect SSH2_MSG_NEWKEYS from server. */ - crWaitUntil(pktin); + crWaitUntilV(pktin); if (pktin->type != SSH2_MSG_NEWKEYS) { bombout(("expected new-keys packet from server")); - crStop(0); + crStopV; } ssh->incoming_data_size = 0; /* start counting from here */ @@ -6430,7 +6421,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, */ do_ssh2_authconn(ssh, NULL, 0, NULL); } - crReturn(1); + crReturnV; } if (pktin) { logevent("Server initiated key re-exchange"); @@ -6489,7 +6480,7 @@ static int do_ssh2_transport(Ssh ssh, void *vin, int inlen, } goto begin_key_exchange; - crFinish(1); + crFinishV; } /* @@ -6599,6 +6590,7 @@ static void ssh2_queue_chanreq_handler(struct ssh_channel *c, struct outstanding_channel_request *ocr = snew(struct outstanding_channel_request); + assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE))); ocr->handler = handler; ocr->ctx = ctx; ocr->next = NULL; @@ -6615,12 +6607,18 @@ static void ssh2_queue_chanreq_handler(struct ssh_channel *c, * when it arrives. The returned packet is ready to have any * request-specific data added and be sent. Note that if a handler is * provided, it's essential that the request actually be sent. + * + * The handler will usually be passed the response packet in pktin. + * If pktin is NULL, this means that no reply will ever be forthcoming + * (e.g. because the entire connection is being destroyed) and the + * handler should free any storage it's holding. */ static struct Packet *ssh2_chanreq_init(struct ssh_channel *c, char *type, cchandler_fn_t handler, void *ctx) { struct Packet *pktout; + assert(!(c->closes & (CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE))); pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_REQUEST); ssh2_pkt_adduint32(pktout, c->remoteid); ssh2_pkt_addstring(pktout, type); @@ -6911,8 +6909,10 @@ static void ssh_channel_destroy(struct ssh_channel *c) } del234(ssh->channels, c); - if (ssh->version == 2) + if (ssh->version == 2) { bufchain_clear(&c->v.v2.outbuffer); + assert(c->v.v2.chanreq_head == NULL); + } sfree(c); /* @@ -6943,21 +6943,24 @@ static void ssh2_channel_check_close(struct ssh_channel *c) Ssh ssh = c->ssh; struct Packet *pktout; - if ((c->closes & (CLOSES_SENT_EOF | CLOSES_RCVD_EOF | CLOSES_SENT_CLOSE)) - == (CLOSES_SENT_EOF | CLOSES_RCVD_EOF) && !c->v.v2.chanreq_head) { + if ((!((CLOSES_SENT_EOF | CLOSES_RCVD_EOF) & ~c->closes) || + c->type == CHAN_ZOMBIE) && + !c->v.v2.chanreq_head && + !(c->closes & CLOSES_SENT_CLOSE)) { /* - * We have both sent and received EOF, and we have no - * outstanding channel requests, which means the - * channel is in final wind-up. But we haven't sent CLOSE, so - * let's do so now. + * We have both sent and received EOF (or the channel is a + * zombie), and we have no outstanding channel requests, which + * means the channel is in final wind-up. But we haven't sent + * CLOSE, so let's do so now. */ pktout = ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE); ssh2_pkt_adduint32(pktout, c->remoteid); ssh2_pkt_send(ssh, pktout); - c->closes |= CLOSES_SENT_CLOSE; + c->closes |= CLOSES_SENT_EOF | CLOSES_SENT_CLOSE; } if (!((CLOSES_SENT_CLOSE | CLOSES_RCVD_CLOSE) & ~c->closes)) { + assert(c->v.v2.chanreq_head == NULL); /* * We have both sent and received CLOSE, which means we're * completely done with the channel. @@ -7465,7 +7468,6 @@ static void ssh2_send_ttymode(void *data, char *mode, char *val) ssh2_pkt_adduint32(pktout, arg); } -static void ssh2_msg_authconn(Ssh ssh, struct Packet *pktin); static void ssh2_maybe_setup_x11(struct ssh_channel *c, struct Packet *pktin, void *ctx) { @@ -7504,14 +7506,15 @@ static void ssh2_maybe_setup_x11(struct ssh_channel *c, struct Packet *pktin, crWaitUntilV(pktin); - if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { - logevent("X11 forwarding enabled"); - ssh->X11_fwd_enabled = TRUE; - } else - logevent("X11 forwarding refused"); + if (pktin) { + if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { + logevent("X11 forwarding enabled"); + ssh->X11_fwd_enabled = TRUE; + } else + logevent("X11 forwarding refused"); + } } - sfree(s); - crFinishV; + crFinishFreeV; } static void ssh2_maybe_setup_agent(struct ssh_channel *c, struct Packet *pktin, @@ -7534,14 +7537,15 @@ static void ssh2_maybe_setup_agent(struct ssh_channel *c, struct Packet *pktin, crWaitUntilV(pktin); - if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { - logevent("Agent forwarding enabled"); - ssh->agentfwd_enabled = TRUE; - } else - logevent("Agent forwarding refused"); + if (pktin) { + if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { + logevent("Agent forwarding enabled"); + ssh->agentfwd_enabled = TRUE; + } else + logevent("Agent forwarding refused"); + } } - sfree(s); - crFinishV; + crFinishFreeV; } static void ssh2_maybe_setup_pty(struct ssh_channel *c, struct Packet *pktin, @@ -7581,19 +7585,20 @@ static void ssh2_maybe_setup_pty(struct ssh_channel *c, struct Packet *pktin, crWaitUntilV(pktin); - if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { - logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)", - ssh->ospeed, ssh->ispeed); - ssh->got_pty = TRUE; - } else { - c_write_str(ssh, "Server refused to allocate pty\r\n"); - ssh->editing = ssh->echoing = 1; + if (pktin) { + if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) { + logeventf(ssh, "Allocated pty (ospeed %dbps, ispeed %dbps)", + ssh->ospeed, ssh->ispeed); + ssh->got_pty = TRUE; + } else { + c_write_str(ssh, "Server refused to allocate pty\r\n"); + ssh->editing = ssh->echoing = 1; + } } } else { ssh->editing = ssh->echoing = 1; } - sfree(s); - crFinishV; + crFinishFreeV; } static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin, @@ -7639,6 +7644,7 @@ static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin, while (s->env_left > 0) { crWaitUntilV(pktin); + if (!pktin) goto out; if (pktin->type == SSH2_MSG_CHANNEL_SUCCESS) s->env_ok++; s->env_left--; @@ -7655,8 +7661,8 @@ static void ssh2_setup_env(struct ssh_channel *c, struct Packet *pktin, c_write_str(ssh, "Server refused to set all environment variables\r\n"); } } - sfree(s); - crFinishV; + out:; + crFinishFreeV; } /* @@ -9725,6 +9731,17 @@ static void ssh_free(void *handle) pfd_close(c->u.pfd.s); break; } + if (ssh->version == 2) { + struct outstanding_channel_request *ocr, *nocr; + ocr = c->v.v2.chanreq_head; + while (ocr) { + ocr->handler(c, NULL, ocr->ctx); + nocr = ocr->next; + sfree(ocr); + ocr = nocr; + } + bufchain_clear(&c->v.v2.outbuffer); + } sfree(c); } freetree234(ssh->channels);