X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/edd0cb8aef57080ae884e06731a7892ca8cdba44..4a693cfc5c3ee0e639bbee0215345e921715ab04:/unix/uxcons.c

diff --git a/unix/uxcons.c b/unix/uxcons.c
index d4848a6a..0468f3f0 100644
--- a/unix/uxcons.c
+++ b/unix/uxcons.c
@@ -18,6 +18,31 @@ int console_batch_mode = FALSE;
 
 static void *console_logctx = NULL;
 
+static struct termios orig_termios_stderr;
+static int stderr_is_a_tty;
+
+void stderr_tty_init()
+{
+    /* Ensure that if stderr is a tty, we can get it back to a sane state. */
+    if ((flags & FLAG_STDERR_TTY) && isatty(STDERR_FILENO)) {
+	stderr_is_a_tty = TRUE;
+	tcgetattr(STDERR_FILENO, &orig_termios_stderr);
+    }
+}
+
+void premsg(struct termios *cf)
+{
+    if (stderr_is_a_tty) {
+	tcgetattr(STDERR_FILENO, cf);
+	tcsetattr(STDERR_FILENO, TCSADRAIN, &orig_termios_stderr);
+    }
+}
+void postmsg(struct termios *cf)
+{
+    if (stderr_is_a_tty)
+	tcsetattr(STDERR_FILENO, TCSADRAIN, cf);
+}
+
 /*
  * Clean up and exit.
  */
@@ -101,6 +126,7 @@ int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
     static const char abandoned[] = "Connection abandoned.\n";
 
     char line[32];
+    struct termios cf;
 
     /*
      * Verify the key.
@@ -110,6 +136,7 @@ int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
     if (ret == 0)		       /* success - key matched OK */
 	return 1;
 
+    premsg(&cf);
     if (ret == 2) {		       /* key was different */
 	if (console_batch_mode) {
 	    fprintf(stderr, wrongmsg_batch, keytype, fingerprint);
@@ -134,16 +161,19 @@ int verify_ssh_host_key(void *frontend, char *host, int port, char *keytype,
 	newmode.c_lflag |= ECHO | ISIG | ICANON;
 	tcsetattr(0, TCSANOW, &newmode);
 	line[0] = '\0';
-	read(0, line, sizeof(line) - 1);
+	if (read(0, line, sizeof(line) - 1) <= 0)
+	    /* handled below */;
 	tcsetattr(0, TCSANOW, &oldmode);
     }
 
     if (line[0] != '\0' && line[0] != '\r' && line[0] != '\n') {
 	if (line[0] == 'y' || line[0] == 'Y')
 	    store_host_key(host, port, keytype, keystr);
+	postmsg(&cf);
         return 1;
     } else {
 	fprintf(stderr, abandoned);
+	postmsg(&cf);
         return 0;
     }
 }
@@ -166,7 +196,9 @@ int askalg(void *frontend, const char *algtype, const char *algname,
     static const char abandoned[] = "Connection abandoned.\n";
 
     char line[32];
+    struct termios cf;
 
+    premsg(&cf);
     if (console_batch_mode) {
 	fprintf(stderr, msg_batch, algtype, algname);
 	return 0;
@@ -182,14 +214,17 @@ int askalg(void *frontend, const char *algtype, const char *algname,
 	newmode.c_lflag |= ECHO | ISIG | ICANON;
 	tcsetattr(0, TCSANOW, &newmode);
 	line[0] = '\0';
-	read(0, line, sizeof(line) - 1);
+	if (read(0, line, sizeof(line) - 1) <= 0)
+	    /* handled below */;
 	tcsetattr(0, TCSANOW, &oldmode);
     }
 
     if (line[0] == 'y' || line[0] == 'Y') {
+	postmsg(&cf);
 	return 1;
     } else {
 	fprintf(stderr, abandoned);
+	postmsg(&cf);
 	return 0;
     }
 }
@@ -215,7 +250,9 @@ int askappend(void *frontend, Filename filename,
 	"Logging will not be enabled.\n";
 
     char line[32];
+    struct termios cf;
 
+    premsg(&cf);
     if (console_batch_mode) {
 	fprintf(stderr, msgtemplate_batch, FILENAME_MAX, filename.path);
 	fflush(stderr);
@@ -231,10 +268,12 @@ int askappend(void *frontend, Filename filename,
 	newmode.c_lflag |= ECHO | ISIG | ICANON;
 	tcsetattr(0, TCSANOW, &newmode);
 	line[0] = '\0';
-	read(0, line, sizeof(line) - 1);
+	if (read(0, line, sizeof(line) - 1) <= 0)
+	    /* handled below */;
 	tcsetattr(0, TCSANOW, &oldmode);
     }
 
+    postmsg(&cf);
     if (line[0] == 'y' || line[0] == 'Y')
 	return 2;
     else if (line[0] == 'n' || line[0] == 'N')
@@ -266,7 +305,10 @@ void old_keyfile_warning(void)
 	"Once the key is loaded into PuTTYgen, you can perform\n"
 	"this conversion simply by saving it again.\n";
 
+    struct termios cf;
+    premsg(&cf);
     fputs(message, stderr);
+    postmsg(&cf);
 }
 
 void console_provide_logctx(void *logctx)
@@ -276,22 +318,39 @@ void console_provide_logctx(void *logctx)
 
 void logevent(void *frontend, const char *string)
 {
+    struct termios cf;
+    premsg(&cf);
     if (console_logctx)
 	log_eventlog(console_logctx, string);
+    postmsg(&cf);
 }
 
-static void console_data_untrusted(const char *data, int len)
+/*
+ * Special function to print text to the console for password
+ * prompts and the like. Uses /dev/tty or stderr, in that order of
+ * preference; also sanitises escape sequences out of the text, on
+ * the basis that it might have been sent by a hostile SSH server
+ * doing malicious keyboard-interactive.
+ */
+static void console_prompt_text(FILE **confp, const char *data, int len)
 {
     int i;
+
+    if (!*confp) {
+	if ((*confp = fopen("/dev/tty", "w")) == NULL)
+	    *confp = stderr;
+    }
+
     for (i = 0; i < len; i++)
 	if ((data[i] & 0x60) || (data[i] == '\n'))
-	    fputc(data[i], stdout);
-    fflush(stdout);
+	    fputc(data[i], *confp);
+    fflush(*confp);
 }
 
 int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
 {
     size_t curr_prompt;
+    FILE *confp = NULL;
 
     /*
      * Zero all the results, in case we abort half-way through.
@@ -302,7 +361,7 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
 	    memset(p->prompts[i]->result, 0, p->prompts[i]->result_len);
     }
 
-    if (console_batch_mode)
+    if (p->n_prompts && console_batch_mode)
 	return 0;
 
     /*
@@ -311,16 +370,16 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
     /* We only print the `name' caption if we have to... */
     if (p->name_reqd && p->name) {
 	size_t l = strlen(p->name);
-	console_data_untrusted(p->name, l);
+	console_prompt_text(&confp, p->name, l);
 	if (p->name[l-1] != '\n')
-	    console_data_untrusted("\n", 1);
+	    console_prompt_text(&confp, "\n", 1);
     }
     /* ...but we always print any `instruction'. */
     if (p->instruction) {
 	size_t l = strlen(p->instruction);
-	console_data_untrusted(p->instruction, l);
+	console_prompt_text(&confp, p->instruction, l);
 	if (p->instruction[l-1] != '\n')
-	    console_data_untrusted("\n", 1);
+	    console_prompt_text(&confp, "\n", 1);
     }
 
     for (curr_prompt = 0; curr_prompt < p->n_prompts; curr_prompt++) {
@@ -338,7 +397,7 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
 	    newmode.c_lflag |= ECHO;
 	tcsetattr(0, TCSANOW, &newmode);
 
-	console_data_untrusted(pr->prompt, strlen(pr->prompt));
+	console_prompt_text(&confp, pr->prompt, strlen(pr->prompt));
 
 	i = read(0, pr->result, pr->result_len - 1);
 
@@ -349,12 +408,14 @@ int console_get_userpass_input(prompts_t *p, unsigned char *in, int inlen)
 	pr->result[i] = '\0';
 
 	if (!pr->echo)
-	    fputs("\n", stdout);
+	    console_prompt_text(&confp, "\n", 1);
 
     }
 
-    return 1; /* success */
+    if (confp && confp != stderr)
+	fclose(confp);
 
+    return 1; /* success */
 }
 
 void frontend_keypress(void *handle)
@@ -374,8 +435,6 @@ int is_interactive(void)
  * X11-forwarding-related things suitable for console.
  */
 
-const char platform_x11_best_transport[] = "unix";
-
 char *platform_get_x_display(void) {
     return dupstr(getenv("DISPLAY"));
 }