X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/6e1ebb76bc65c074b780b303a1f1550f5ae4dd3c..9bc81a2c80570fd9141d83f921b9bb1ef99a631b:/ssh.c

diff --git a/ssh.c b/ssh.c
index e120c152..a41e3bf4 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1322,7 +1322,7 @@ static void ssh_detect_bugs(char *vstring)
 
 static int do_ssh_init(unsigned char c)
 {
-    static char vslen;
+    static int vslen;
     static char version[10];
     static char *vstring;
     static int vstrsize;
@@ -1478,8 +1478,10 @@ static int ssh_closing(Plug plug, char *error_msg, int error_code,
 		       int calling_back)
 {
     ssh_state = SSH_STATE_CLOSED;
-    sk_close(s);
-    s = NULL;
+    if (s) {
+        sk_close(s);
+        s = NULL;
+    }
     if (error_msg) {
 	/* A socket error has occurred. */
 	connection_fatal(error_msg);
@@ -1574,15 +1576,16 @@ static char *connect_to_host(char *host, int port, char **realhost)
  */
 static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 {
-    int i, j, len;
-    unsigned char *rsabuf, *keystr1, *keystr2;
+    int i, j;
+    static int len;
+    static unsigned char *rsabuf, *keystr1, *keystr2;
     unsigned char cookie[8];
     struct RSAKey servkey, hostkey;
     struct MD5Context md5c;
     static unsigned long supported_ciphers_mask, supported_auths_mask;
     static int tried_publickey;
     static unsigned char session_id[16];
-    int cipher_type;
+    static int cipher_type;
     static char username[100];
 
     crBegin;
@@ -1783,7 +1786,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
-				 ((unsigned char) c >= 160)) && pos < 40) {
+				 ((unsigned char) c >= 160))
+				&& pos < sizeof(username)-1) {
 				username[pos++] = c;
 				c_write(&c, 1);
 			    }
@@ -1883,6 +1887,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		    ssh1_read_bignum(pktin.body, &challenge);
 		    {
 			char *agentreq, *q, *ret;
+			void *vret;
 			int len, retlen;
 			len = 1 + 4;   /* message type, bit count */
 			len += ssh1_bignum_length(key.exponent);
@@ -1902,7 +1907,8 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			memcpy(q, session_id, 16);
 			q += 16;
 			PUT_32BIT(q, 1);	/* response format */
-			agent_query(agentreq, len + 4, &ret, &retlen);
+			agent_query(agentreq, len + 4, &vret, &retlen);
+			ret = vret;
 			sfree(agentreq);
 			if (ret) {
 			    if (ret[4] == SSH1_AGENT_RSA_RESPONSE) {
@@ -2018,7 +2024,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		 * because one was supplied on the command line
 		 * which has already failed to work). Terminate.
 		 */
-		logevent("No more passwords to try");
+		send_packet(SSH1_MSG_DISCONNECT,
+			    PKT_STR, "No more passwords available to try",
+			    PKT_END);
+		connection_fatal("Unable to authenticate");
 		ssh_state = SSH_STATE_CLOSED;
 		crReturn(1);
 	    }
@@ -2050,9 +2059,7 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 			exit(0);
 			break;
 		      default:
-			if (((c >= ' ' && c <= '~') ||
-			     ((unsigned char) c >= 160))
-			    && pos < sizeof(password))
+			if (pos < sizeof(password)-1)
 			    password[pos++] = c;
 			break;
 		    }
@@ -2948,8 +2955,9 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 #endif
 
     hkey = hostkey->newkey(hostkeydata, hostkeylen);
-    if (!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
-	bombout(("Server failed host key check"));
+    if (!hkey ||
+	!hostkey->verifysig(hkey, sigdata, siglen, exchange_hash, 20)) {
+	bombout(("Server's host key did not match the signature supplied"));
 	crReturn(0);
     }
 
@@ -3083,8 +3091,6 @@ static void ssh2_try_send(struct ssh_channel *c)
  */
 static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 {
-    static unsigned long remote_winsize;
-    static unsigned long remote_maxpkt;
     static enum {
 	AUTH_INVALID, AUTH_PUBLICKEY_AGENT, AUTH_PUBLICKEY_FILE,
 	AUTH_PASSWORD
@@ -3194,7 +3200,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			    break;
 			  default:
 			    if (((c >= ' ' && c <= '~') ||
-				 ((unsigned char) c >= 160)) && pos < 40) {
+				 ((unsigned char) c >= 160))
+				&& pos < sizeof(username)-1) {
 				username[pos++] = c;
 				c_write(&c, 1);
 			    }
@@ -3363,6 +3370,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			static int pklen, alglen, commentlen;
 			static int siglen, retlen, len;
 			static char *q, *agentreq, *ret;
+			void *vret;
 
 			{
 			    char buf[64];
@@ -3441,7 +3449,8 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			q += pktout.length - 5;
 			/* And finally the (zero) flags word. */
 			PUT_32BIT(q, 0);
-			agent_query(agentreq, len + 4, &ret, &retlen);
+			agent_query(agentreq, len + 4, &vret, &retlen);
+			ret = vret;
 			sfree(agentreq);
 			if (ret) {
 			    if (ret[4] == SSH2_AGENT_SIGN_RESPONSE) {
@@ -3537,7 +3546,13 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 			 * command line which has already failed to
 			 * work). Terminate.
 			 */
-			logevent("No more passwords to try");
+			ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+			ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+			ssh2_pkt_addstring
+			    ("No more passwords available to try");
+			ssh2_pkt_addstring("en");	/* language tag */
+			ssh2_pkt_send();
+			connection_fatal("Unable to authenticate");
 			ssh_state = SSH_STATE_CLOSED;
 			crReturnV;
 		    }
@@ -3573,9 +3588,7 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 				exit(0);
 				break;
 			      default:
-				if (((c >= ' ' && c <= '~') ||
-				     ((unsigned char) c >= 160))
-				    && pos < 40)
+				if (pos < sizeof(password)-1)
 				    password[pos++] = c;
 				break;
 			    }