X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/839f10dbef33ef2982689a05f8305690aba92734..f85e6f6edb2c9415bc10bd2015479d72ea8c5ae2:/ssh.c

diff --git a/ssh.c b/ssh.c
index 81ca0c87..23602f6d 100644
--- a/ssh.c
+++ b/ssh.c
@@ -662,7 +662,7 @@ struct ssh_tag {
 #define logevent(s) logevent(ssh->frontend, s)
 
 /* logevent, only printf-formatted. */
-static void logeventf(Ssh ssh, char *fmt, ...)
+static void logeventf(Ssh ssh, const char *fmt, ...)
 {
     va_list ap;
     char *buf;
@@ -856,7 +856,7 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
     if (ssh->cipher)
 	ssh->cipher->decrypt(ssh->v1_cipher_ctx, ssh->pktin.data, st->biglen);
 
-    st->realcrc = crc32(ssh->pktin.data, st->biglen - 4);
+    st->realcrc = crc32_compute(ssh->pktin.data, st->biglen - 4);
     st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4);
     if (st->gotcrc != st->realcrc) {
 	bombout(("Incorrect CRC received on packet"));
@@ -868,9 +868,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
     if (ssh->v1_compressing) {
 	unsigned char *decompblk;
 	int decomplen;
-	zlib_decompress_block(ssh->sc_comp_ctx,
-			      ssh->pktin.body - 1, ssh->pktin.length + 1,
-			      &decompblk, &decomplen);
+	if (!zlib_decompress_block(ssh->sc_comp_ctx,
+				   ssh->pktin.body - 1, ssh->pktin.length + 1,
+				   &decompblk, &decomplen)) {
+	    bombout(("Zlib decompression encountered invalid data"));
+	    crStop(0);
+	}
 
 	if (ssh->pktin.maxlen < st->pad + decomplen) {
 	    ssh->pktin.maxlen = st->pad + decomplen;
@@ -1244,7 +1247,7 @@ static int s_wrpkt_prepare(Ssh ssh)
 
     for (i = 0; i < pad; i++)
 	ssh->pktout.data[i + 4] = random_byte();
-    crc = crc32(ssh->pktout.data + 4, biglen - 4);
+    crc = crc32_compute(ssh->pktout.data + 4, biglen - 4);
     PUT_32BIT(ssh->pktout.data + biglen, crc);
     PUT_32BIT(ssh->pktout.data, len);
 
@@ -1777,7 +1780,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 	(ssh->cfg.sshbug_ignore1 == AUTO &&
 	 (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") ||
 	  !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") ||
-	  !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) {
+	  !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") ||
+	  !strcmp(imp, "OSU_1.4alpha3")))) {
 	/*
 	 * These versions don't support SSH1_MSG_IGNORE, so we have
 	 * to use a different defence against password length
@@ -1789,7 +1793,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 
     if (ssh->cfg.sshbug_plainpw1 == FORCE_ON ||
 	(ssh->cfg.sshbug_plainpw1 == AUTO &&
-	 (!strcmp(imp, "Cisco-1.25")))) {
+	 (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) {
 	/*
 	 * These versions need a plain password sent; they can't
 	 * handle having a null and a random length of data after
@@ -1813,6 +1817,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 
     if (ssh->cfg.sshbug_hmac2 == FORCE_ON ||
 	(ssh->cfg.sshbug_hmac2 == AUTO &&
+	 !wc_match("* VShell", imp) &&
 	 (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) ||
 	  wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) ||
 	  wc_match("2.1 *", imp)))) {
@@ -1825,6 +1830,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring)
 
     if (ssh->cfg.sshbug_derivekey2 == FORCE_ON ||
 	(ssh->cfg.sshbug_derivekey2 == AUTO &&
+	 !wc_match("* VShell", imp) &&
 	 (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) {
 	/*
 	 * These versions have the key-derivation bug (failing to
@@ -2077,7 +2083,7 @@ static void ssh_do_close(Ssh ssh)
     }
 }
 
-static int ssh_closing(Plug plug, char *error_msg, int error_code,
+static int ssh_closing(Plug plug, const char *error_msg, int error_code,
 		       int calling_back)
 {
     Ssh ssh = (Ssh) plug;
@@ -2085,7 +2091,7 @@ static int ssh_closing(Plug plug, char *error_msg, int error_code,
     if (error_msg) {
 	/* A socket error has occurred. */
 	logevent(error_msg);
-	connection_fatal(ssh->frontend, error_msg);
+	connection_fatal(ssh->frontend, "%s", error_msg);
     } else {
 	/* Otherwise, the remote side closed the connection normally. */
     }
@@ -2120,8 +2126,8 @@ static void ssh_sent(Plug plug, int bufsize)
  * Also places the canonical host name into `realhost'. It must be
  * freed by the caller.
  */
-static char *connect_to_host(Ssh ssh, char *host, int port,
-			     char **realhost, int nodelay)
+static const char *connect_to_host(Ssh ssh, char *host, int port,
+				   char **realhost, int nodelay)
 {
     static const struct plug_function_table fn_table = {
 	ssh_closing,
@@ -2131,7 +2137,7 @@ static char *connect_to_host(Ssh ssh, char *host, int port,
     };
 
     SockAddr addr;
-    char *err;
+    const char *err;
 
     ssh->savedhost = snewn(1 + strlen(host), char);
     if (!ssh->savedhost)
@@ -2147,8 +2153,10 @@ static char *connect_to_host(Ssh ssh, char *host, int port,
      */
     logeventf(ssh, "Looking up host \"%s\"", host);
     addr = name_lookup(host, port, realhost, &ssh->cfg);
-    if ((err = sk_addr_error(addr)) != NULL)
+    if ((err = sk_addr_error(addr)) != NULL) {
+	sk_addr_free(addr);
 	return err;
+    }
 
     /*
      * Open socket.
@@ -2291,7 +2299,7 @@ static int process_userpass_input(Ssh ssh, unsigned char *in, int inlen)
     return 0;
 }
 
-void ssh_agent_callback(void *sshv, void *reply, int replylen)
+static void ssh_agent_callback(void *sshv, void *reply, int replylen)
 {
     Ssh ssh = (Ssh) sshv;
 
@@ -2304,7 +2312,7 @@ void ssh_agent_callback(void *sshv, void *reply, int replylen)
 	do_ssh2_authconn(ssh, NULL, -1, 0);
 }
 
-void ssh_agentf_callback(void *cv, void *reply, int replylen)
+static void ssh_agentf_callback(void *cv, void *reply, int replylen)
 {
     struct ssh_channel *c = (struct ssh_channel *)cv;
     Ssh ssh = c->ssh;
@@ -3528,7 +3536,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		struct ssh_rportfwd pf;
 		int hostsize, port;
 		char host[256], buf[1024];
-		char *p, *h, *e;
+		char *p, *h;
+		const char *e;
 		c = snew(struct ssh_channel);
 		c->ssh = ssh;
 
@@ -6000,8 +6009,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		    if (realpf == NULL) {
 			error = "Remote port is not recognised";
 		    } else {
-			char *e = pfd_newconnect(&c->u.pfd.s, realpf->dhost,
-						 realpf->dport, c, &ssh->cfg);
+			const char *e = pfd_newconnect(&c->u.pfd.s,
+						       realpf->dhost,
+						       realpf->dport, c,
+						       &ssh->cfg);
 			logeventf(ssh, "Received remote port open request"
 				  " for %s:%d", realpf->dhost, realpf->dport);
 			if (e != NULL) {
@@ -6110,11 +6121,11 @@ static void ssh2_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
  *
  * Returns an error message, or NULL on success.
  */
-static char *ssh_init(void *frontend_handle, void **backend_handle,
-		      Config *cfg,
-		      char *host, int port, char **realhost, int nodelay)
+static const char *ssh_init(void *frontend_handle, void **backend_handle,
+			    Config *cfg,
+			    char *host, int port, char **realhost, int nodelay)
 {
-    char *p;
+    const char *p;
     Ssh ssh;
 
     ssh = snew(struct ssh_tag);