X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/32874aeac8dacbca26663777b39a79efc5d8dc4b..2d466ffd08675d26db45e524c2fe6a8cf4628e2b:/ssh.c

diff --git a/ssh.c b/ssh.c
index 9f0fe618..45354884 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1322,7 +1322,7 @@ static void ssh_detect_bugs(char *vstring)
 
 static int do_ssh_init(unsigned char c)
 {
-    static char vslen;
+    static int vslen;
     static char version[10];
     static char *vstring;
     static int vstrsize;
@@ -1505,7 +1505,8 @@ static int ssh_receive(Plug plug, int urgent, char *data, int len)
 /*
  * Connect to specified host and port.
  * Returns an error message, or NULL on success.
- * Also places the canonical host name into `realhost'.
+ * Also places the canonical host name into `realhost'. It must be
+ * freed by the caller.
  */
 static char *connect_to_host(char *host, int port, char **realhost)
 {
@@ -1545,7 +1546,7 @@ static char *connect_to_host(char *host, int port, char **realhost)
 	return err;
 
 #ifdef FWHACK
-    *realhost = FWhost;
+    *realhost = strdup(FWhost);
 #endif
 
     /*
@@ -1573,15 +1574,16 @@ static char *connect_to_host(char *host, int port, char **realhost)
  */
 static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 {
-    int i, j, len;
-    unsigned char *rsabuf, *keystr1, *keystr2;
+    int i, j;
+    static int len;
+    static unsigned char *rsabuf, *keystr1, *keystr2;
     unsigned char cookie[8];
     struct RSAKey servkey, hostkey;
     struct MD5Context md5c;
     static unsigned long supported_ciphers_mask, supported_auths_mask;
     static int tried_publickey;
     static unsigned char session_id[16];
-    int cipher_type;
+    static int cipher_type;
     static char username[100];
 
     crBegin;
@@ -1782,7 +1784,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
-				 ((unsigned char) c >= 160)) && pos < 40) {
+				 ((unsigned char) c >= 160))
+				&& pos < sizeof(username)-1) {
 				username[pos++] = c;
 				c_write(&c, 1);
 			    }
@@ -1882,6 +1885,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		    ssh1_read_bignum(pktin.body, &challenge);
 		    {
 			char *agentreq, *q, *ret;
+			void *vret;
 			int len, retlen;
 			len = 1 + 4;   /* message type, bit count */
 			len += ssh1_bignum_length(key.exponent);
@@ -1901,7 +1905,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			memcpy(q, session_id, 16);
 			q += 16;
 			PUT_32BIT(q, 1);	/* response format */
-			agent_query(agentreq, len + 4, &ret, &retlen);
+			agent_query(agentreq, len + 4, &vret, &retlen);
+			ret = vret;
 			sfree(agentreq);
 			if (ret) {
 			    if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
@@ -2017,7 +2022,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		 * because one was supplied on the command line
 		 * which has already failed to work). Terminate.
 		 */
-		logevent("No more passwords to try");
+		send_packet(SSH1_MSG_DISCONNECT,
+			    PKT_STR, "No more passwords available to try",
+			    PKT_END);
+		connection_fatal("Unable to authenticate");
 		ssh_state = SSH_STATE_CLOSED;
 		crReturn(1);
 	    }
@@ -2049,9 +2057,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			exit(0);
 			break;
 		      default:
-			if (((c >= ' ' && c <= '~') ||
-			     ((unsigned char) c >= 160))
-			    && pos < sizeof(password))
+			if (pos < sizeof(password)-1)
 			    password[pos++] = c;
 			break;
 		    }
@@ -3082,8 +3088,6 @@ static void ssh2_try_send(struct ssh_channel *c)
  */
 static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 {
-    static unsigned long remote_winsize;
-    static unsigned long remote_maxpkt;
     static enum {
 	AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE,
 	AUTH_PASSWORD
@@ -3193,7 +3197,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
-				 ((unsigned char) c >= 160)) && pos < 40) {
+				 ((unsigned char) c >= 160))
+				&& pos < sizeof(username)-1) {
 				username[pos++] = c;
 				c_write(&c, 1);
 			    }
@@ -3362,6 +3367,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			static int pklen, alglen, commentlen;
 			static int siglen, retlen, len;
 			static char *q, *agentreq, *ret;
+			void *vret;
 
 			{
 			    char buf[64];
@@ -3440,7 +3446,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			q += pktout.length - 5;
 			/* And finally the (zero) flags word. */
 			PUT_32BIT(q, 0);
-			agent_query(agentreq, len + 4, &ret, &retlen);
+			agent_query(agentreq, len + 4, &vret, &retlen);
+			ret = vret;
 			sfree(agentreq);
 			if (ret) {
 			    if (ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
@@ -3536,7 +3543,13 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			 * command line which has already failed to
 			 * work). Terminate.
 			 */
-			logevent("No more passwords to try");
+			ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+			ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+			ssh2_pkt_addstring
+			    ("No more passwords available to try");
+			ssh2_pkt_addstring("en");	/* language tag */
+			ssh2_pkt_send();
+			connection_fatal("Unable to authenticate");
 			ssh_state = SSH_STATE_CLOSED;
 			crReturnV;
 		    }
@@ -3572,9 +3585,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 				exit(0);
 				break;
 			      default:
-				if (((c >= ' ' && c <= '~') ||
-				     ((unsigned char) c >= 160))
-				    && pos < 40)
+				if (pos < sizeof(password)-1)
 				    password[pos++] = c;
 				break;
 			    }