u/mdw/putty
5 years agoSebastian Kuschel reports that pfd_closing can be called for a socket master
simon [Thu, 15 Aug 2013 06:42:36 +0000 (06:42 +0000)]
Sebastian Kuschel reports that pfd_closing can be called for a socket
error with pr->c NULL, in which case calling sshfwd_unclean_close on
it will dereference NULL and segfault. Write an alternative error
handling path for that possibility.

(I don't know if it's the only way, but one way this can happen is if
you're doing dynamic forwarding and the socket error occurs during
SOCKS negotiation, in which case no SSH channel has been set up yet
because we haven't yet found out what we want to put in the
direct-tcpip channel open message.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@10018 cda61777-01e9-0310-a592-d414129be87e

5 years agoIt turns out I was a little over-strict in my handling of EOF in
simon [Tue, 13 Aug 2013 06:46:51 +0000 (06:46 +0000)]
It turns out I was a little over-strict in my handling of EOF in
pscp.c when I did the big revamp in r9279: I assumed that in any SCP
connection we would be the first to send EOF, but in fact this isn't
true - doing downloads with old-SCP, EOF is initiated by the server,
so we were spuriously reporting an error for 'unexpected' EOF when
everything had gone fine. Thanks to Nathan Phelan for the report.

git-svn-id: svn://svn.tartarus.org/sgt/putty@10016 cda61777-01e9-0310-a592-d414129be87e

5 years agosbcsgen.pl uses 'select' to point Perl at a different default output
simon [Thu, 8 Aug 2013 17:22:07 +0000 (17:22 +0000)]
sbcsgen.pl uses 'select' to point Perl at a different default output
handle. Revert that when we hackily call it from mkfiles.pl, so that
if I have a need to insert diagnostics in the latter they won't go
into the end of sbcsdat.c.

git-svn-id: svn://svn.tartarus.org/sgt/putty@10013 cda61777-01e9-0310-a592-d414129be87e

5 years agoRevert the default for font bolding style back to using colours rather
simon [Wed, 7 Aug 2013 06:22:52 +0000 (06:22 +0000)]
Revert the default for font bolding style back to using colours rather
than fonts. I broke this in r9559 when I added the option for 'both',
because the internal representation got offset by one so as to change
from a boolean to two bitfields and I must have confused myself about
what the default should be.

git-svn-id: svn://svn.tartarus.org/sgt/putty@10008 cda61777-01e9-0310-a592-d414129be87e

5 years agoBump version number prior to tagging 0.63.
simon [Tue, 6 Aug 2013 17:09:07 +0000 (17:09 +0000)]
Bump version number prior to tagging 0.63.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9998 cda61777-01e9-0310-a592-d414129be87e

5 years agoOne more defensive assert, just to be sure.
simon [Tue, 6 Aug 2013 16:45:49 +0000 (16:45 +0000)]
One more defensive assert, just to be sure.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9997 cda61777-01e9-0310-a592-d414129be87e

5 years agoThe bignum code has two representations of zero, since
simon [Mon, 5 Aug 2013 19:50:51 +0000 (19:50 +0000)]
The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9996 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd some more precautionary assertions, just in case anything wildly
simon [Mon, 5 Aug 2013 19:50:47 +0000 (19:50 +0000)]
Add some more precautionary assertions, just in case anything wildly
out of range manages to get past other recent fixes.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9995 cda61777-01e9-0310-a592-d414129be87e

5 years agoBelatedly update the copyright year to 2013.
jacob [Mon, 5 Aug 2013 15:15:17 +0000 (15:15 +0000)]
Belatedly update the copyright year to 2013.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9993 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix memory leaks in the new error return from modinv.
simon [Sun, 4 Aug 2013 22:33:50 +0000 (22:33 +0000)]
Fix memory leaks in the new error return from modinv.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9992 cda61777-01e9-0310-a592-d414129be87e

5 years agoSpot when we didn't successfully create an RSA public key from a
simon [Sun, 4 Aug 2013 19:34:10 +0000 (19:34 +0000)]
Spot when we didn't successfully create an RSA public key from a
public blob, and return a proper error in that situation rather than a
struct with unhelpful NULLs in.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9991 cda61777-01e9-0310-a592-d414129be87e

5 years agoMake modinv able to return NULL if its inputs are not coprime, and
simon [Sun, 4 Aug 2013 19:34:07 +0000 (19:34 +0000)]
Make modinv able to return NULL if its inputs are not coprime, and
check for that return value everywhere it is used.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9990 cda61777-01e9-0310-a592-d414129be87e

5 years agoAvoid trying to take the modular inverse of zero in response to a
simon [Sun, 4 Aug 2013 19:34:00 +0000 (19:34 +0000)]
Avoid trying to take the modular inverse of zero in response to a
sufficiently silly DSA signature.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9989 cda61777-01e9-0310-a592-d414129be87e

5 years agoAnother couple of memory leaks.
simon [Sun, 4 Aug 2013 19:33:57 +0000 (19:33 +0000)]
Another couple of memory leaks.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9988 cda61777-01e9-0310-a592-d414129be87e

5 years agoMore consistently defend against division by zero with assertions. We
simon [Sun, 4 Aug 2013 19:33:53 +0000 (19:33 +0000)]
More consistently defend against division by zero with assertions. We
now check that all the modular functions (modpow, modinv, modmul,
bigdivmod) have nonzero moduli, and that modinv also has a nonzero
thing to try to invert.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9987 cda61777-01e9-0310-a592-d414129be87e

5 years agoValidate newly created DSA keys more carefully. Don't want a structure
simon [Sun, 4 Aug 2013 19:33:49 +0000 (19:33 +0000)]
Validate newly created DSA keys more carefully. Don't want a structure
half-filled with null pointers.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9986 cda61777-01e9-0310-a592-d414129be87e

5 years agoRemove some redundant null-pointer checks from code that must have
simon [Sun, 4 Aug 2013 19:33:46 +0000 (19:33 +0000)]
Remove some redundant null-pointer checks from code that must have
been written before I wrote a never-failing snew.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9985 cda61777-01e9-0310-a592-d414129be87e

5 years agoSanitise freeing of DSA keys.
simon [Sun, 4 Aug 2013 19:33:43 +0000 (19:33 +0000)]
Sanitise freeing of DSA keys.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9984 cda61777-01e9-0310-a592-d414129be87e

5 years agoReinstate a piece of code accidentally removed in r9214, where Windows
simon [Sun, 4 Aug 2013 19:32:10 +0000 (19:32 +0000)]
Reinstate a piece of code accidentally removed in r9214, where Windows
PuTTY does not trim a colon suffix off the hostname if it contains
_more than one_ colon. This allows IPv6 literals to be entered.

(Really we need to do a much bigger revamp of all uses of hostnames to
arrange that square-bracketed IPv6 literals work consistently, but
this at least removes a regression over 0.62.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9983 cda61777-01e9-0310-a592-d414129be87e

5 years agoRaise the default scrollback from 200 to 2000 lines. The former was
simon [Fri, 2 Aug 2013 22:33:40 +0000 (22:33 +0000)]
Raise the default scrollback from 200 to 2000 lines. The former was
not so silly in the 1990s and before I implemented scrollback
compression, but it's been a ridiculously low default for a while now.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9982 cda61777-01e9-0310-a592-d414129be87e

5 years agoFound a lot of places in sshbn.c where for-loops zeroing out memory
simon [Fri, 2 Aug 2013 19:51:36 +0000 (19:51 +0000)]
Found a lot of places in sshbn.c where for-loops zeroing out memory
just before freeing it really ought to be smemclrs.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9981 cda61777-01e9-0310-a592-d414129be87e

5 years agoVerify RSA keys created by rsa2_openssh_createkey.
simon [Fri, 2 Aug 2013 06:28:05 +0000 (06:28 +0000)]
Verify RSA keys created by rsa2_openssh_createkey.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9980 cda61777-01e9-0310-a592-d414129be87e

5 years agoReplace some 'sfree' calls of bignums with the proper 'freebn'.
simon [Fri, 2 Aug 2013 06:28:00 +0000 (06:28 +0000)]
Replace some 'sfree' calls of bignums with the proper 'freebn'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9979 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd some missing bounds checks in signature verification routines.
simon [Fri, 2 Aug 2013 06:27:56 +0000 (06:27 +0000)]
Add some missing bounds checks in signature verification routines.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9978 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix an array-size bug in modmul, and add some tests for it.
simon [Fri, 2 Aug 2013 06:27:54 +0000 (06:27 +0000)]
Fix an array-size bug in modmul, and add some tests for it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9977 cda61777-01e9-0310-a592-d414129be87e

5 years agoRemove one of the frees added in r9916. stat_name points to somewhere
simon [Mon, 29 Jul 2013 17:47:33 +0000 (17:47 +0000)]
Remove one of the frees added in r9916. stat_name points to somewhere
within the same string that destfname points to the start of, so
freeing it causes at best a double-free of destfname and more likely a
free of something that isn't even the start of an allocated block.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9974 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd an assortment of missing consts I've just noticed.
simon [Sat, 27 Jul 2013 18:35:48 +0000 (18:35 +0000)]
Add an assortment of missing consts I've just noticed.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9972 cda61777-01e9-0310-a592-d414129be87e

5 years agoGet rid of the variable 'advapi' in Pageant's WinMain, which was never
simon [Wed, 24 Jul 2013 19:18:06 +0000 (19:18 +0000)]
Get rid of the variable 'advapi' in Pageant's WinMain, which was never
actually used for anything sensible and could have been freed while
containing nonsense at program end.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9971 cda61777-01e9-0310-a592-d414129be87e

5 years agoBack out r9964. I wasn't paying attention: every control is in the
simon [Mon, 22 Jul 2013 19:56:04 +0000 (19:56 +0000)]
Back out r9964. I wasn't paying attention: every control is in the
byid tree but not all of them are in the byctrl tree.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9970 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd a bob script to do Coverity scanning.
simon [Mon, 22 Jul 2013 19:56:00 +0000 (19:56 +0000)]
Add a bob script to do Coverity scanning.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9969 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix a few more memory and resource leaks.
simon [Mon, 22 Jul 2013 19:55:55 +0000 (19:55 +0000)]
Fix a few more memory and resource leaks.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9968 cda61777-01e9-0310-a592-d414129be87e

5 years agoRemove the variable 'bufused', which came over from winnet.c in
simon [Mon, 22 Jul 2013 19:55:53 +0000 (19:55 +0000)]
Remove the variable 'bufused', which came over from winnet.c in
mistaken cut and paste and is just a bug.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9967 cda61777-01e9-0310-a592-d414129be87e

5 years agoIncrease FONT_MAXNO from 0x2f to 0x40, to ensure the fonts[] array
simon [Mon, 22 Jul 2013 07:12:31 +0000 (07:12 +0000)]
Increase FONT_MAXNO from 0x2f to 0x40, to ensure the fonts[] array
includes every possible combination of the font bitfields, in
particular ATTR_OEM|ATTR_NARROW.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9966 cda61777-01e9-0310-a592-d414129be87e

5 years agoCorrect an inequality sign causing the bounds check in Windows
simon [Mon, 22 Jul 2013 07:12:26 +0000 (07:12 +0000)]
Correct an inequality sign causing the bounds check in Windows
palette_set() to be bogus. Fortunately, this isn't exploitable through
the terminal emulator, because the palette escape sequence parser
contains its own bounds check before even calling palette_set().

While I'm at it, fix the same goof in the OS X version! That port is
more or less abandoned, but that's no excuse for leaving obviously
wrong code lying around.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9965 cda61777-01e9-0310-a592-d414129be87e

5 years agoMissing assert.
simon [Mon, 22 Jul 2013 07:12:21 +0000 (07:12 +0000)]
Missing assert.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9964 cda61777-01e9-0310-a592-d414129be87e

5 years agoReplace the type-checking COMPTR macro with my current idea of best
simon [Mon, 22 Jul 2013 07:12:15 +0000 (07:12 +0000)]
Replace the type-checking COMPTR macro with my current idea of best
practice in type-check macros.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9963 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd missing casts in arguments to ctype functions.
simon [Mon, 22 Jul 2013 07:12:10 +0000 (07:12 +0000)]
Add missing casts in arguments to ctype functions.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9962 cda61777-01e9-0310-a592-d414129be87e

5 years agoRationalise null pointer checks in both decode_codepage functions, so
simon [Mon, 22 Jul 2013 07:12:05 +0000 (07:12 +0000)]
Rationalise null pointer checks in both decode_codepage functions, so
that decode_codepage(NULL) and decode_codepage("") both return the
default character set.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9961 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix a double error handling goof in the winstore side of the jump list
simon [Mon, 22 Jul 2013 07:11:58 +0000 (07:11 +0000)]
Fix a double error handling goof in the winstore side of the jump list
support: transform_jumplist_registry should give its caller
dynamically allocated data if and only if it returns JUMPLISTREG_OK,
and get_jumplist_registry_entries should test the return value against
JUMPLISTREG_OK rather than a value from a totally different enum.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9960 cda61777-01e9-0310-a592-d414129be87e

5 years agoAnother big batch of memory leak fixes, again mostly on error paths.
simon [Mon, 22 Jul 2013 07:11:54 +0000 (07:11 +0000)]
Another big batch of memory leak fixes, again mostly on error paths.
The most interesting one is printer_add_enum, which I've modified to
take a char ** rather than a char * so that it can both realloc its
input buffer _and_ return NULL to indicate error.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9959 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd a missing null pointer check in one of the dialog box functions.
simon [Mon, 22 Jul 2013 07:11:48 +0000 (07:11 +0000)]
Add a missing null pointer check in one of the dialog box functions.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9958 cda61777-01e9-0310-a592-d414129be87e

5 years agoReport an error if deleting a random seed file fails.
simon [Mon, 22 Jul 2013 07:11:44 +0000 (07:11 +0000)]
Report an error if deleting a random seed file fails.

(This has also required me to add a currently unused nonfatal() to
PuTTYgen, since although PuTTYgen won't actually try to delete
putty.rnd, it does link in winstore.c as a whole.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9957 cda61777-01e9-0310-a592-d414129be87e

5 years agoInvent a win_strerror() function which behaves as much like Unix
simon [Mon, 22 Jul 2013 07:11:39 +0000 (07:11 +0000)]
Invent a win_strerror() function which behaves as much like Unix
strerror as I can arrange, wrapping up all the ugly FormatMessage
nonsense and caching previously looked-up messages for reuse so that
callers can treat them as static.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9956 cda61777-01e9-0310-a592-d414129be87e

5 years agoRework keylist_update() to fix both a buffer-size limitation and a
simon [Mon, 22 Jul 2013 07:11:35 +0000 (07:11 +0000)]
Rework keylist_update() to fix both a buffer-size limitation and a
memory leak.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9955 cda61777-01e9-0310-a592-d414129be87e

5 years agoInitialise 'psa' to NULL on every code path in the Pageant client
simon [Sun, 21 Jul 2013 11:01:22 +0000 (11:01 +0000)]
Initialise 'psa' to NULL on every code path in the Pageant client
code, fixing a potential segfault when compiling with -DNO_SECURITY.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9954 cda61777-01e9-0310-a592-d414129be87e

5 years agoIf the SSH server sends us CHANNEL_CLOSE for a channel on which we're
simon [Sun, 21 Jul 2013 10:12:58 +0000 (10:12 +0000)]
If the SSH server sends us CHANNEL_CLOSE for a channel on which we're
sitting on a pile of buffered data waiting for WINDOW_ADJUSTs, we
should throw away that buffered data, because the CHANNEL_CLOSE tells
us that we won't be receiving those WINDOW_ADJUSTs, and if we hang on
to the data and keep trying then it'll prevent ssh_channel_try_eof
from sending the CHANNEL_EOF which is a prerequisite of sending our
own CHANNEL_CLOSE.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9953 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd '.so' to the list of file extensions cleared up by 'make clean' in
simon [Sun, 21 Jul 2013 09:16:37 +0000 (09:16 +0000)]
Add '.so' to the list of file extensions cleared up by 'make clean' in
Makefile.cyg, since if you're building against Winelib it will
generate one of those alongside each .exe file.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9952 cda61777-01e9-0310-a592-d414129be87e

5 years agoCompletely remove the 'frozen_readable' mechanism from uxnet.c. It
simon [Sun, 21 Jul 2013 07:40:36 +0000 (07:40 +0000)]
Completely remove the 'frozen_readable' mechanism from uxnet.c. It
parallels a similar mechanism in winnet.c and came over by copy and
paste, but is pointless in the Unix networking API.

On Windows, if you're using a mechanism such as WSAAsyncSelect which
delivers readability notifications as messages rather than return
values from a system call, you only get notified that a socket is
readable once - it remembers that it's told you, and doesn't tell you
again until after you've done a read. So in the case where we
intentionally stop reading from a socket because our local buffer is
full, and later want to start reading again, we do a read from the
socket with MSG_PEEK set, and that clears Windows's flag and tells it
to start sending us readability notifications again.

On Unix, select() and friends didn't do anything so strange in the
first place, so the whole mechanism is unnecessary.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9951 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix error checking in uxstore.c: add a missing check, and fix a
simon [Sun, 21 Jul 2013 07:40:30 +0000 (07:40 +0000)]
Fix error checking in uxstore.c: add a missing check, and fix a
mis-cut-and-pasted one.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9950 cda61777-01e9-0310-a592-d414129be87e

5 years agoWhen I turned fcntls into noncloexecs in r9940, I missed one.
simon [Sun, 21 Jul 2013 07:40:28 +0000 (07:40 +0000)]
When I turned fcntls into noncloexecs in r9940, I missed one.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9949 cda61777-01e9-0310-a592-d414129be87e

5 years agoTwo more memory leak fixes, on error paths I didn't spot in r9919.
simon [Sun, 21 Jul 2013 07:40:26 +0000 (07:40 +0000)]
Two more memory leak fixes, on error paths I didn't spot in r9919.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9948 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix a null-dereference introduced by another mis-fix in r9919.
simon [Sat, 20 Jul 2013 13:15:20 +0000 (13:15 +0000)]
Fix a null-dereference introduced by another mis-fix in r9919.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9946 cda61777-01e9-0310-a592-d414129be87e

5 years agoFix leak of 'fname' introduced by the rewrite of write_random_seed in
simon [Sat, 20 Jul 2013 13:15:16 +0000 (13:15 +0000)]
Fix leak of 'fname' introduced by the rewrite of write_random_seed in
r9933.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9945 cda61777-01e9-0310-a592-d414129be87e

5 years agoAnother two mis-fixes from r9919: when we sfree(line) on exit from the
simon [Sat, 20 Jul 2013 13:15:11 +0000 (13:15 +0000)]
Another two mis-fixes from r9919: when we sfree(line) on exit from the
ssh.com and OpenSSH key import loops, we should also null it out so
that the cleanup path doesn't try to re-free the same pointer.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9944 cda61777-01e9-0310-a592-d414129be87e

5 years agoRedo a mis-fix of a memory leak in r9919: I added sfree(data)
simon [Sat, 20 Jul 2013 13:15:10 +0000 (13:15 +0000)]
Redo a mis-fix of a memory leak in r9919: I added sfree(data)
immediately after conf_deserialise in the Duplicate Session receiver,
whereas I should have put it after the subsequent loop that extracts
the pty argv if any.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9943 cda61777-01e9-0310-a592-d414129be87e

5 years agoSwitch to translating keystrokes using ToUnicodeEx rather than
simon [Sat, 20 Jul 2013 11:31:24 +0000 (11:31 +0000)]
Switch to translating keystrokes using ToUnicodeEx rather than
ToAsciiEx, where possible.

This enables support for keys which generate Unicode characters that
aren't in the system code page, which seems to me like a perverse way
for Windows to have set up the system code page but apparently does
happen, e.g. (I'm told) U+0219 and U+021B on Romanian keyboards.

Patch mostly due to Andrei Damian-Fekete.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9942 cda61777-01e9-0310-a592-d414129be87e

5 years agoBeen meaning to get round to this for a while: use CryptGenRandom to
simon [Sat, 20 Jul 2013 08:34:54 +0000 (08:34 +0000)]
Been meaning to get round to this for a while: use CryptGenRandom to
gather extra entropy at Windows PuTTY startup time. (It's only used as
one of the inputs to PuTTY's internal entropy pool, so nobody is
required to trust it.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9941 cda61777-01e9-0310-a592-d414129be87e

5 years agoCentralise calls to fcntl into functions that carefully check the
simon [Fri, 19 Jul 2013 18:10:02 +0000 (18:10 +0000)]
Centralise calls to fcntl into functions that carefully check the
error returns.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9940 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd an error check to every setsockopt call in uxnet.c.
simon [Fri, 19 Jul 2013 17:45:01 +0000 (17:45 +0000)]
Add an error check to every setsockopt call in uxnet.c.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9939 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd some conditionally-compilable diagnostics to the RNG. I got
simon [Fri, 19 Jul 2013 17:44:58 +0000 (17:44 +0000)]
Add some conditionally-compilable diagnostics to the RNG. I got
briefly worried that it might not be doing what I thought it was
doing, but examining these diagnostics shows that it is after all, and
now I've written them it would be a shame not to keep them for future
use.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9938 cda61777-01e9-0310-a592-d414129be87e

5 years agoBetter error reporting when failing to save a session.
simon [Fri, 19 Jul 2013 17:44:53 +0000 (17:44 +0000)]
Better error reporting when failing to save a session.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9937 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd some missing calls to cleanup_exit.
simon [Fri, 19 Jul 2013 17:44:47 +0000 (17:44 +0000)]
Add some missing calls to cleanup_exit.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9936 cda61777-01e9-0310-a592-d414129be87e

5 years agoRun the random pool setup and teardown functions with random_active
simon [Fri, 19 Jul 2013 17:44:42 +0000 (17:44 +0000)]
Run the random pool setup and teardown functions with random_active
nonzero rather than zero.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9935 cda61777-01e9-0310-a592-d414129be87e

5 years agoReport errors in store_host_key too.
simon [Fri, 19 Jul 2013 17:44:38 +0000 (17:44 +0000)]
Report errors in store_host_key too.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9934 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd proper error reports in write_random_seed, via the new 'nonfatal'
simon [Fri, 19 Jul 2013 17:44:33 +0000 (17:44 +0000)]
Add proper error reports in write_random_seed, via the new 'nonfatal'
error reporting function.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9933 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd a nonfatal() function everywhere, to be used for reporting things
simon [Fri, 19 Jul 2013 17:44:28 +0000 (17:44 +0000)]
Add a nonfatal() function everywhere, to be used for reporting things
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9932 cda61777-01e9-0310-a592-d414129be87e

5 years agoAdd a missing error check in pterm's child-process setup. Shouldn't
simon [Fri, 19 Jul 2013 17:44:22 +0000 (17:44 +0000)]
Add a missing error check in pterm's child-process setup. Shouldn't
really fail, but might as well be careful.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9931 cda61777-01e9-0310-a592-d414129be87e

5 years agoIt suddenly strikes me as probably a good idea to enforce that anyone
simon [Fri, 19 Jul 2013 17:44:20 +0000 (17:44 +0000)]
It suddenly strikes me as probably a good idea to enforce that anyone
calling random_byte has previously called random_ref.

(I'm not aware of any current code getting this wrong! It just seems
to me to be the sort of thing you'd want to be really sure of.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9930 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix a build failure: r9924 thoughtlessly put an assert before some
simon [Mon, 15 Jul 2013 06:40:59 +0000 (06:40 +0000)]
Fix a build failure: r9924 thoughtlessly put an assert before some
declarations, and gcc didn't complain but VC did.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9928 cda61777-01e9-0310-a592-d414129be87e

6 years agoIn the various channel request mini-coroutines, replace
simon [Sun, 14 Jul 2013 17:08:35 +0000 (17:08 +0000)]
In the various channel request mini-coroutines, replace
crWaitUntilV(pktin) with plain crReturnV, because those coroutines can
be called back either with a response packet from the channel request
_or_ with NULL by ssh_free meaning 'please just clean yourself up'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9927 cda61777-01e9-0310-a592-d414129be87e

6 years agoRemove a redundant while-loop condition when reading RFC822-style
simon [Sun, 14 Jul 2013 10:46:55 +0000 (10:46 +0000)]
Remove a redundant while-loop condition when reading RFC822-style
header text from a PuTTY key file.

(It's silly to have both while (len > 0) at the top of the loop _and_
an if (len == 0) return in the middle, and in fact the former was the
erroneous one since it would have prohibited a 39-character header,
which I intended to be permitted.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9926 cda61777-01e9-0310-a592-d414129be87e

6 years agoRemove a pointless assignment in setup_config_box.
simon [Sun, 14 Jul 2013 10:46:42 +0000 (10:46 +0000)]
Remove a pointless assignment in setup_config_box.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9925 cda61777-01e9-0310-a592-d414129be87e

6 years agoRemove a return path from sshcom_write() which was both unreachable
simon [Sun, 14 Jul 2013 10:46:39 +0000 (10:46 +0000)]
Remove a return path from sshcom_write() which was both unreachable
(it would trigger if !type==RSA and !type==DSA, but one of those must
have been true to get there in the first place) and erroneous (it
would return NULL without going through the cleanup code). Since the
code's internal structure guarantees that path isn't reached, replace
it with an assert.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9924 cda61777-01e9-0310-a592-d414129be87e

6 years agoUse the new ctrl_alloc_with_free to clean up a long-standing FIXME in
simon [Sun, 14 Jul 2013 10:46:34 +0000 (10:46 +0000)]
Use the new ctrl_alloc_with_free to clean up a long-standing FIXME in
the session saving code, in which the contents of the edit box giving
the current saved session name was stored in a horrid place with a
fixed length. Now it's dangling off sessionsaver_data as it always
ought to have been, and it's dynamically reallocated to the
appropriate length, and there's a free function that cleans it up at
the end of the dialog's lifetime.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9923 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd an extended version of ctrl_alloc which permits you to provide a
simon [Sun, 14 Jul 2013 10:46:29 +0000 (10:46 +0000)]
Add an extended version of ctrl_alloc which permits you to provide a
custom free function, in case you need to ctrl_alloc a structure which
then has additional dynamically allocated things dangling off it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9922 cda61777-01e9-0310-a592-d414129be87e

6 years agoMove the calculation of the exchange hash to above the various
simon [Sun, 14 Jul 2013 10:46:27 +0000 (10:46 +0000)]
Move the calculation of the exchange hash to above the various
warnings about insecure crypto components. The latter may crReturn
(though not in any current implementation, I believe), which
invalidates pktin, which is used by the former.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9921 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd a missing null pointer check in wc_unescape, to bring it in line
simon [Sun, 14 Jul 2013 10:46:17 +0000 (10:46 +0000)]
Add a missing null pointer check in wc_unescape, to bring it in line
with the usage comment saying you're allowed to pass NULL to find out
only the return value. No caller actually does pass NULL at the
moment.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9920 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix another giant batch of resource leaks. (Mostly memory, but there's
simon [Sun, 14 Jul 2013 10:46:07 +0000 (10:46 +0000)]
Fix another giant batch of resource leaks. (Mostly memory, but there's
one missing fclose too.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9919 cda61777-01e9-0310-a592-d414129be87e

6 years agoTighten up a lot of casts from unsigned to int which are read by one
simon [Sun, 14 Jul 2013 10:45:54 +0000 (10:45 +0000)]
Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9918 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix an always-false if statement which was causing the window border
simon [Sun, 14 Jul 2013 10:45:48 +0000 (10:45 +0000)]
Fix an always-false if statement which was causing the window border
not to be redrawn when the user reconfigured the background colour.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9917 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd an assortment of missing frees, and one missing file close. Mostly
simon [Thu, 11 Jul 2013 17:43:41 +0000 (17:43 +0000)]
Add an assortment of missing frees, and one missing file close. Mostly
on error paths, although the one in PSFTP's wildcard_iterate will come
up in normal usage.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9916 cda61777-01e9-0310-a592-d414129be87e

6 years agoxfer_{up,down}load_gotpkt free their input sftp_packet as a side
simon [Thu, 11 Jul 2013 17:24:53 +0000 (17:24 +0000)]
xfer_{up,down}load_gotpkt free their input sftp_packet as a side
effect of handling it, but they do not free it if it isn't a packet
they recognise as part of their upload/download. Invent a return value
that specifically signals this, and consistently free pktin at every
call site if that return value comes back. Also, ensure that that
return value also always comes with something meaningful in fxp_error.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9915 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix a collection of calls to tell_user so that they don't add their
simon [Thu, 11 Jul 2013 17:24:47 +0000 (17:24 +0000)]
Fix a collection of calls to tell_user so that they don't add their
own newline before the one tell_user puts on the end anyway. Also,
while I'm here, make up my mind about whether to prefix messages with
"scp:" or "pscp:" - I choose the latter.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9914 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix a couple of code paths on which, if fxp_readdir returned an error,
simon [Thu, 11 Jul 2013 17:24:44 +0000 (17:24 +0000)]
Fix a couple of code paths on which, if fxp_readdir returned an error,
we would return without first closing the directory handle we had used
as an argument.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9913 cda61777-01e9-0310-a592-d414129be87e

6 years agoIt's not actually legal by the C standard to call qsort with a null
simon [Thu, 11 Jul 2013 17:24:39 +0000 (17:24 +0000)]
It's not actually legal by the C standard to call qsort with a null
array pointer, _even_ if you're asking it to sort zero elements so
that in principle it should never dereference that pointer. Fix the
four instances in PSCP/PSFTP where this was previously occurring.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9912 cda61777-01e9-0310-a592-d414129be87e

6 years agoFixes for the tree234 unit test: break its dependencies on half of the
simon [Thu, 11 Jul 2013 17:24:32 +0000 (17:24 +0000)]
Fixes for the tree234 unit test: break its dependencies on half of the
rest of PuTTY, and fix a couple of format string type mismatches
pointed out by gcc.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9911 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd missing checks in update_for_intended_size() in the font selector
simon [Thu, 11 Jul 2013 17:24:28 +0000 (17:24 +0000)]
Add missing checks in update_for_intended_size() in the font selector
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9910 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix a pty-freeing error which caused a segfault if you attempted to
simon [Thu, 11 Jul 2013 17:24:23 +0000 (17:24 +0000)]
Fix a pty-freeing error which caused a segfault if you attempted to
use Restart Session in a post-not-close-on-exit pterm.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9909 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd some missing null checks for inst->ldisc, which were causing
simon [Thu, 11 Jul 2013 17:24:20 +0000 (17:24 +0000)]
Add some missing null checks for inst->ldisc, which were causing
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9908 cda61777-01e9-0310-a592-d414129be87e

6 years agoRemove another pointless null check, this time of inst->back in the
simon [Thu, 11 Jul 2013 17:24:14 +0000 (17:24 +0000)]
Remove another pointless null check, this time of inst->back in the
function which has just dereferenced it to get the exit code.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9907 cda61777-01e9-0310-a592-d414129be87e

6 years agoRemove redundant null checks for arguments to sftp_{get,put}_file
simon [Thu, 11 Jul 2013 17:24:10 +0000 (17:24 +0000)]
Remove redundant null checks for arguments to sftp_{get,put}_file
which are (a) never NULL anyway, and (b) have already been
dereferenced by the time we make those checks so it would be too late
if they were.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9906 cda61777-01e9-0310-a592-d414129be87e

6 years agoFix a mishandling of error returns from makekey() in the SSH-1 private
simon [Thu, 11 Jul 2013 17:24:04 +0000 (17:24 +0000)]
Fix a mishandling of error returns from makekey() in the SSH-1 private
key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9905 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd another missing bounds check in the SSH-1 private key loader.
simon [Thu, 11 Jul 2013 17:24:01 +0000 (17:24 +0000)]
Add another missing bounds check in the SSH-1 private key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9904 cda61777-01e9-0310-a592-d414129be87e

6 years agoGet rid of the fixed-size 'hostname' buffer in every port-forwarded
simon [Thu, 11 Jul 2013 17:23:56 +0000 (17:23 +0000)]
Get rid of the fixed-size 'hostname' buffer in every port-forwarded
connection, and replace it with sensible dynamically allocated
storage. While I'm at it, get rid of the disgusting dual use between
storing an actual hostname and storing an incoming SOCKS request; we
now have a separate pointer variable for each.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9903 cda61777-01e9-0310-a592-d414129be87e

6 years agoAdd an assortment of extra safety checks.
simon [Mon, 8 Jul 2013 22:36:04 +0000 (22:36 +0000)]
Add an assortment of extra safety checks.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9896 cda61777-01e9-0310-a592-d414129be87e

6 years agoMove the SSH-1 servkey and hostkey variables into the coroutine state,
simon [Sun, 7 Jul 2013 14:34:37 +0000 (14:34 +0000)]
Move the SSH-1 servkey and hostkey variables into the coroutine state,
since there is a theoretical code path (via the crReturn loop after
asking an interactive question about a host key or crypto algorithm)
on which we can leave and return to do_ssh1_login between allocating
and freeing those keys.

(In practice it shouldn't come up anyway with any of the current
implementations of the interactive question functions, not to mention
the unlikelihood of anyone non-specialist still using SSH-1, but
better safe than sorry.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9895 cda61777-01e9-0310-a592-d414129be87e

6 years agoClean up handling of the return value from sftp_find_request. In many
simon [Sat, 6 Jul 2013 20:43:21 +0000 (20:43 +0000)]
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.

To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.

While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9894 cda61777-01e9-0310-a592-d414129be87e

6 years agoA collection of small bug fixes from Chris West, apparently spotted by
simon [Mon, 1 Jul 2013 17:56:33 +0000 (17:56 +0000)]
A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9889 cda61777-01e9-0310-a592-d414129be87e

6 years agoFallback for manual setup of GTK 1, if autoconf is run on a system
simon [Sat, 15 Jun 2013 19:58:10 +0000 (19:58 +0000)]
Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9868 cda61777-01e9-0310-a592-d414129be87e

6 years agoUpdate docs for change to UTF-8 by default, and emphasise UTF-8 more generally.
jacob [Tue, 28 May 2013 23:46:44 +0000 (23:46 +0000)]
Update docs for change to UTF-8 by default, and emphasise UTF-8 more generally.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9846 cda61777-01e9-0310-a592-d414129be87e