X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/cbe2d68fd7c7c7bac692b3a2d200a5d2429ab201..f85e6f6edb2c9415bc10bd2015479d72ea8c5ae2:/ssh.c diff --git a/ssh.c b/ssh.c index 337cfa8b..23602f6d 100644 --- a/ssh.c +++ b/ssh.c @@ -856,7 +856,7 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) if (ssh->cipher) ssh->cipher->decrypt(ssh->v1_cipher_ctx, ssh->pktin.data, st->biglen); - st->realcrc = crc32(ssh->pktin.data, st->biglen - 4); + st->realcrc = crc32_compute(ssh->pktin.data, st->biglen - 4); st->gotcrc = GET_32BIT(ssh->pktin.data + st->biglen - 4); if (st->gotcrc != st->realcrc) { bombout(("Incorrect CRC received on packet")); @@ -868,9 +868,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen) if (ssh->v1_compressing) { unsigned char *decompblk; int decomplen; - zlib_decompress_block(ssh->sc_comp_ctx, - ssh->pktin.body - 1, ssh->pktin.length + 1, - &decompblk, &decomplen); + if (!zlib_decompress_block(ssh->sc_comp_ctx, + ssh->pktin.body - 1, ssh->pktin.length + 1, + &decompblk, &decomplen)) { + bombout(("Zlib decompression encountered invalid data")); + crStop(0); + } if (ssh->pktin.maxlen < st->pad + decomplen) { ssh->pktin.maxlen = st->pad + decomplen; @@ -1244,7 +1247,7 @@ static int s_wrpkt_prepare(Ssh ssh) for (i = 0; i < pad; i++) ssh->pktout.data[i + 4] = random_byte(); - crc = crc32(ssh->pktout.data + 4, biglen - 4); + crc = crc32_compute(ssh->pktout.data + 4, biglen - 4); PUT_32BIT(ssh->pktout.data + biglen, crc); PUT_32BIT(ssh->pktout.data, len); @@ -1777,7 +1780,8 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring) (ssh->cfg.sshbug_ignore1 == AUTO && (!strcmp(imp, "1.2.18") || !strcmp(imp, "1.2.19") || !strcmp(imp, "1.2.20") || !strcmp(imp, "1.2.21") || - !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25")))) { + !strcmp(imp, "1.2.22") || !strcmp(imp, "Cisco-1.25") || + !strcmp(imp, "OSU_1.4alpha3")))) { /* * These versions don't support SSH1_MSG_IGNORE, so we have * to use a different defence against password length @@ -1789,7 +1793,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring) if (ssh->cfg.sshbug_plainpw1 == FORCE_ON || (ssh->cfg.sshbug_plainpw1 == AUTO && - (!strcmp(imp, "Cisco-1.25")))) { + (!strcmp(imp, "Cisco-1.25") || !strcmp(imp, "OSU_1.4alpha3")))) { /* * These versions need a plain password sent; they can't * handle having a null and a random length of data after @@ -1813,6 +1817,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring) if (ssh->cfg.sshbug_hmac2 == FORCE_ON || (ssh->cfg.sshbug_hmac2 == AUTO && + !wc_match("* VShell", imp) && (wc_match("2.1.0*", imp) || wc_match("2.0.*", imp) || wc_match("2.2.0*", imp) || wc_match("2.3.0*", imp) || wc_match("2.1 *", imp)))) { @@ -1825,6 +1830,7 @@ static void ssh_detect_bugs(Ssh ssh, char *vstring) if (ssh->cfg.sshbug_derivekey2 == FORCE_ON || (ssh->cfg.sshbug_derivekey2 == AUTO && + !wc_match("* VShell", imp) && (wc_match("2.0.0*", imp) || wc_match("2.0.10*", imp) ))) { /* * These versions have the key-derivation bug (failing to @@ -2147,8 +2153,10 @@ static const char *connect_to_host(Ssh ssh, char *host, int port, */ logeventf(ssh, "Looking up host \"%s\"", host); addr = name_lookup(host, port, realhost, &ssh->cfg); - if ((err = sk_addr_error(addr)) != NULL) + if ((err = sk_addr_error(addr)) != NULL) { + sk_addr_free(addr); return err; + } /* * Open socket. @@ -2291,7 +2299,7 @@ static int process_userpass_input(Ssh ssh, unsigned char *in, int inlen) return 0; } -void ssh_agent_callback(void *sshv, void *reply, int replylen) +static void ssh_agent_callback(void *sshv, void *reply, int replylen) { Ssh ssh = (Ssh) sshv; @@ -2304,7 +2312,7 @@ void ssh_agent_callback(void *sshv, void *reply, int replylen) do_ssh2_authconn(ssh, NULL, -1, 0); } -void ssh_agentf_callback(void *cv, void *reply, int replylen) +static void ssh_agentf_callback(void *cv, void *reply, int replylen) { struct ssh_channel *c = (struct ssh_channel *)cv; Ssh ssh = c->ssh;