git.distorted.org.uk Git - u/mdw/putty/log

Fix a mishandling of error returns from makekey() in the SSH-1 private
key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9905 cda61777-01e9-0310-a592-d414129be87e

Add another missing bounds check in the SSH-1 private key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9904 cda61777-01e9-0310-a592-d414129be87e

Get rid of the fixed-size 'hostname' buffer in every port-forwarded
connection, and replace it with sensible dynamically allocated
storage. While I'm at it, get rid of the disgusting dual use between
storing an actual hostname and storing an incoming SOCKS request; we
now have a separate pointer variable for each.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9903 cda61777-01e9-0310-a592-d414129be87e

Add an assortment of extra safety checks.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9896 cda61777-01e9-0310-a592-d414129be87e

Move the SSH-1 servkey and hostkey variables into the coroutine state,
since there is a theoretical code path (via the crReturn loop after
asking an interactive question about a host key or crypto algorithm)
on which we can leave and return to do_ssh1_login between allocating
and freeing those keys.

(In practice it shouldn't come up anyway with any of the current
implementations of the interactive question functions, not to mention
the unlikelihood of anyone non-specialist still using SSH-1, but
better safe than sorry.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9895 cda61777-01e9-0310-a592-d414129be87e

Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.

To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.

While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9894 cda61777-01e9-0310-a592-d414129be87e

A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9889 cda61777-01e9-0310-a592-d414129be87e

Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9868 cda61777-01e9-0310-a592-d414129be87e

Update docs for change to UTF-8 by default, and emphasise UTF-8 more generally.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9846 cda61777-01e9-0310-a592-d414129be87e

It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9843 cda61777-01e9-0310-a592-d414129be87e

Fix a bug in which terminal output received from the session could be
buffered in terminal.c indefinitely and only released when further
output turned up.

Arose because we suppress the call to term_out from term_data if a
drag-select is in progress, but when the drag-select ends we weren't
proactively calling term_out to release the buffered data. So if your
session generated some terminal output while you were in mid-select,
_and had stopped by the time you let go of the mouse button_, then the
output would just sit there until released by the next call to
term_data.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9768 cda61777-01e9-0310-a592-d414129be87e

Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9766 cda61777-01e9-0310-a592-d414129be87e

Don't forget to check the return values of setuid and friends.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9764 cda61777-01e9-0310-a592-d414129be87e

Give a better error message if a PuTTY private key file has a version
number we don't understand. It's nicer to report 'format too new' than
'not a PuTTY key file'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9763 cda61777-01e9-0310-a592-d414129be87e

Add support for HMAC-SHA-256 as an SSH-2 MAC algorithm ("hmac-sha2-256")
as specified in RFC 6668. This is not so much because I think it's
necessary, but because scrypt uses HMAC-SHA-256 and once we've got it we
may as well use it.

Code very closely derived from the HMAC-SHA-1 code.

Tested against OpenSSH 5.9p1 Debian-5ubuntu1.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9759 cda61777-01e9-0310-a592-d414129be87e

Take advantage of PUT_32BIT_MSB_FIRST when constructing sequence numbers
to MAC.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9758 cda61777-01e9-0310-a592-d414129be87e

Patch from Egmont Koblinger to implement two extended variants of
xterm mouse tracking, both supported by the current up-to-date xterm
(288). They take the form of two new DEC terminal modes, 1006 and
1015, which do not in themselves _enable_ mouse tracking but they
modify the escape sequences sent if mouse tracking is enabled in the
usual way.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9752 cda61777-01e9-0310-a592-d414129be87e

Adjust comments around split_into_argv() to clarify that it's not
*Windows's* command-line splitting rules we're mimicking here; it's
VC7's, and they're not the same as VC10's.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9748 cda61777-01e9-0310-a592-d414129be87e

Reorganise setup_fonts_ucs so that in case of error it does nothing
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9745 cda61777-01e9-0310-a592-d414129be87e

Move the -I options for all our source subdirectories out of AM_CFLAGS
and into AM_CPPFLAGS. This is more conceptually sensible according to
my reading of the automake manual, and also has the specific desirable
effect that they move to the front of the command line, ahead of any
'system' type -I options that autoconf might have felt a need for.

A user reported that autoconf had added -I/usr/local/include to their
command line for the sake of a required header file, but their
/usr/local/include also turned out to include a thing called 'proxy.h'
(from libproxy, nothing to do with us) which shadowed our own proxy.h
and caused a build failure. This should fix that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9736 cda61777-01e9-0310-a592-d414129be87e

Update the suggested compile command in sshbn.c's test rig.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9732 cda61777-01e9-0310-a592-d414129be87e

Fix two gcc warnings about confused printf format strings in the
bignum code's test harness. Thanks to Sup Yut Sum for fixing this in
TortoisePlink and Sven Strickroth for bringing it to my attention.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9731 cda61777-01e9-0310-a592-d414129be87e

Ronald Landheer-Cieslak points out that the various back ends which
treat all socket closures as clean exits (because the protocol doesn't
provide for transferring a process exit code) could usefully at least
treat _socket errors_ as unclean exits. Patch the Telnet, Rlogin and
Raw backends to retain that information and return INT_MAX to the
frontend.

I wasn't sure whether it was better to solve this by modifying each
affected frontend, or each affected backend. Neither is really ideal;
this is the sort of thing that makes me wish we had a piece of fixed
middleware in between, independent of both platform and protocol.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9730 cda61777-01e9-0310-a592-d414129be87e

Switch round a bogus if statement I've just noticed. Both the write to
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!

git-svn-id: svn://svn.tartarus.org/sgt/putty@9729 cda61777-01e9-0310-a592-d414129be87e

Patch from Brad Smith to use posix_openpt() instead of
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9728 cda61777-01e9-0310-a592-d414129be87e

Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any
OS doesn't automatically assume it.

(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9727 cda61777-01e9-0310-a592-d414129be87e

Add a bounds check in the word-by-word selection code to prevent
attempting to call lineptr() with a y-coordinate off the bottom of the
screen and triggering the dreaded 'line==NULL' message box.

This crash can only occur if the bottommost line of the screen has the
LATTR_WRAPPED flag set, which as far as I can see you can only
contrive by constructing a LATTR_WRAPPED line further up the screen
and then moving it down using an insert-line escape sequence. That's
probably why this bug has been around forever without anyone coming
across it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9726 cda61777-01e9-0310-a592-d414129be87e

Patch from Hideki Eiraku to make PuTTY call GetScrollInfo, so it can
use 32-bit scrollbar position data instead of being limited to the
16-bit version that comes in scrollbar messages' wParam.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9720 cda61777-01e9-0310-a592-d414129be87e

Fix another error-reporting bug, in which sk_newlistener would fail to
capture the error code if listen() returned an error, and instead pass
0 (saved from the previous successful bind) to winsock_error_string.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9708 cda61777-01e9-0310-a592-d414129be87e

When manually initialising a 'struct RSAKey' due to loading an SSH1
public key but not the private half, NULL out all the CRT-optimisation
fields as well as the private exponent pointer. Otherwise segfaults -
security-harmless, but annoying - can happen in freersakey() when we
notice they aren't null and try to free them.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9705 cda61777-01e9-0310-a592-d414129be87e

Add a fallback case to winsock_error_string() which makes it call
FormatMessage to get the OS's text for any error not in our own
translation table. Should eliminate the frustrating 'unknown error'.

(I haven't chosen to use FormatMessage unconditionally, because it
comes out with enormous messages along the lines of "No connection
could be made because the target machine actively refused it" in place
of "Connection refused" and I'm Unixy enough to prefer the latter.
Also, on older Windowses, Winsock error codes are in a separate API
segment and don't work with FormatMessage anyway.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9704 cda61777-01e9-0310-a592-d414129be87e

Windows's sk_address_is_local() was returning the wrong answers for
IPv6 addresses, because I'd mistakenly cast an ai_addr to the low-
level 'struct in6_addr' instead of the correct 'struct sockaddr_in6'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9690 cda61777-01e9-0310-a592-d414129be87e

When a proxy negotiation function is called with PROXY_CHANGE_NEW, it
should not call plug functions, because it's being called from within
new_connection(), and the state on which the plug functions depend
will not have been set up until new_connection() returns success.
Instead, we set the error string in the Proxy_Socket, which will cause
the same error message to be returned as a failure of new_connection().

git-svn-id: svn://svn.tartarus.org/sgt/putty@9689 cda61777-01e9-0310-a592-d414129be87e

If you configure Unix PuTTY to use a proxy, tell it to even proxy
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9688 cda61777-01e9-0310-a592-d414129be87e

Add timestamps to the 'SSH raw data' logging mode.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9687 cda61777-01e9-0310-a592-d414129be87e

A user points out that we should free the 'hProcess' and 'hThread'
handles returned in the PROCESS_INFORMATION structure after we call
CreateProcess.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9686 cda61777-01e9-0310-a592-d414129be87e

Sumudu Fernando points out that in the big r9214 destabilisation I
mistakenly rearranged the logic in an if statement in window.c, with
the effect that scroll-wheel events are no longer sent via xterm mouse
tracking. Put it back to the way it was.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9679 cda61777-01e9-0310-a592-d414129be87e

Clip the 'lines' parameter to scroll() at the size of the scroll
window. scroll() iterates that many times, so this prevents a tedious
wait if you give a very large parameter to ESC[L or ESC[M, for
example.

A side effect is that very large requests for upward scrolling in a
context that affects the scrollback will not actually wipe out the
whole scrollback: instead they push just the current lines of the
screen into the scrollback, and don't continue on to fill it up with
endless boring blank lines. I think this is likely to be more useful
in general, since it avoids wiping out lots of useful scrollback data
by mistake. I can imagine that people might have been using it
precisely _to_ wipe the scrollback in some situations, but if so then
they should use CSI 3 J instead.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9677 cda61777-01e9-0310-a592-d414129be87e

Windows PSFTP has two places that call run_timers and I'd only updated
one of them. Correct that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9676 cda61777-01e9-0310-a592-d414129be87e

Fix indentation mess in my timing overhaul.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9675 cda61777-01e9-0310-a592-d414129be87e

Fix a stupid sign bug in run_timers() that broke Windows Plink (and
should really have broken everything else too).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9674 cda61777-01e9-0310-a592-d414129be87e

Make --help and --version work consistently across all tools.

Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9673 cda61777-01e9-0310-a592-d414129be87e

Better document the various environments with which Makefile.cyg works.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9670 cda61777-01e9-0310-a592-d414129be87e

Add a new COMPAT option for environments lacking SecureZeroMemory(),
rather than explicitly checking for Winelib. It seems that w32api is
lacking it as well.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9669 cda61777-01e9-0310-a592-d414129be87e

Allow remote-to-local forwardings to use IPv6.

RFC 4245 section 7.1 specifies the meaning of the "address to bind"
parameter in a "tcpip-forward" request. "0.0.0.0" and "127.0.0.1" are
specified to be all interfaces and the loopback interface respectively
in IPv4, while "" and "localhost" are the address-family-agnostic
equivalents. Switch PuTTY to using the latter, since it doesn't seem
right to force IPv4.

There's an argument that PuTTY should provide a means of configuring the
address family used for remote forwardings like it does for local ones.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9668 cda61777-01e9-0310-a592-d414129be87e

Two related changes to timing code:

First, make absolute times unsigned. This means that it's safe to
depend on their overflow behaviour (which is undefined for signed
integers). This requires a little extra care in handling comparisons,
but I think I've correctly adjusted them all.

Second, functions registered with schedule_timer() are guaranteed to be
called with precisely the time that was returned by schedule_timer().
Thus, it's only necessary to check these values for equality rather than
doing risky range checks, so do that.

The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9667 cda61777-01e9-0310-a592-d414129be87e

Quell a (correct) GCC warning in the NO_HTMLHELP case.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9666 cda61777-01e9-0310-a592-d414129be87e

Should have been part of r9663: do use the platform-independent version
of smemclr when compiling with Winelib.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9665 cda61777-01e9-0310-a592-d414129be87e

Tweak comment in Recipe that had become separated from its code.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9664 cda61777-01e9-0310-a592-d414129be87e

Don't try to use SecureZeroMemory under Winelib, since it isn't available
there (yet).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9663 cda61777-01e9-0310-a592-d414129be87e

Define SECURITY_WIN32 for Winelib/Cygwin builds as well as for VC.

This should perhaps go into winmisc.c: it's caused problems for
other people too:

<http://stackoverflow.com/questions/8530159/vs2010-build-error-at-putty-source>

git-svn-id: svn://svn.tartarus.org/sgt/putty@9662 cda61777-01e9-0310-a592-d414129be87e

In the cygwin Makefile, use "-o" on the windres command line to specify
the output file. This appears to be supported by windres, and is
required by wrc (the Winelib resource compiler).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9661 cda61777-01e9-0310-a592-d414129be87e

Most of the code for "nc" mode duplicated that for opening a session or
a fowarded port. Arrange that this code is shared instead. The main
visible change is a slight change of log messages.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9655 cda61777-01e9-0310-a592-d414129be87e

Hiroshi Oota points out that PuTTY's agent forwarding sockets can get
confused if they receive a request followed by immediate EOF, since we
currently send outgoing EOF as soon as we see the incoming one - and
then, when the response comes back from the real SSH agent, we send it
along anyway as channel data in spite of having sent EOF.

To fix this, I introduce a new field for each agent channel which
counts the number of calls to ssh_agentf_callback that are currently
expected, and we don't send EOF on an agent channel until we've both
received EOF and that value drops to zero.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9651 cda61777-01e9-0310-a592-d414129be87e

Factor out some common code for constructing SSH2_CHANNEL_OPEN.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9649 cda61777-01e9-0310-a592-d414129be87e

struct winadj is unused now. G/c it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9648 cda61777-01e9-0310-a592-d414129be87e

All of the initial CHANNEL_REQUESTs are conditional on (ssh->mainchan &&
!ssh->ncmode), so bundle them up in a big block conditional on this rather
than checking it five times.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9647 cda61777-01e9-0310-a592-d414129be87e

do_ssh2_authconn() now installs the standard handlers for CHANNEL_SUCCESS
and CHANNEL_FAILURE as soon as it's opened a channel, so there's no need
for it to set them again later.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9646 cda61777-01e9-0310-a592-d414129be87e

Memory leak fixes reported by Balazs Domjan.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9645 cda61777-01e9-0310-a592-d414129be87e

Rename the various ssh2_maybe_setup_* functions to ssh2_setup_*, and
move the primary conditions out of them into their callers. Fixes a
crash in 'plink -N', since those functions would be called with a NULL
channel parameter and immediately dereference it to try to get c->ssh.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9644 cda61777-01e9-0310-a592-d414129be87e

In openssh_read(), we shouldn't ever return SSH2_WRONG_PASSPHRASE for
an unencrypted key. (The other import function, sshcom_read(), already
got this right.) Thanks to David Wedderwille for the report.

This is more than just an error-reporting mistake; it actually causes
Windows PuTTYgen to tight-loop on attempting to load a corrupt OpenSSH
key, because the 'wrong passphrase' return value causes the caller to
loop round and try again, but of course it knows the key is
unencrypted so it doesn't prompt for a different passphrase and just
tries again with no change...

git-svn-id: svn://svn.tartarus.org/sgt/putty@9643 cda61777-01e9-0310-a592-d414129be87e

Avoid leaking file handles in load_openssh_key(), as reported by David
Wedderwille.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9642 cda61777-01e9-0310-a592-d414129be87e

Fix a controlling-terminal bug reported by Anthony Heading: Cygwin
doesn't have TIOCSCTTY, so my attempt to set the ctty of the child
process isn't doing anything, and only works by chance when you run
bash because bash does the thing that _will_ set the ctty, namely
opening the terminal file again without O_NOCTTY. So now we do that
too.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9638 cda61777-01e9-0310-a592-d414129be87e

Partially revert r9636. It is true that we can directly return the
result of memcmp, but untrue that we can do so _unconditionally_: if
memcmp returns zero, we still need to fall through to the next
comparison.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9637 cda61777-01e9-0310-a592-d414129be87e

Clang, like LCC, objects to using '<' and '>' on function pointers.

I'm not entirely sure that using memcmp() is any more defined by the C
standard, but at least Clang doesn't complain about it. While I'm
here, tree234 doesn't require that comparison functions return
precisely +1 or -1, so we can use the return value of memcmp()
directly.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9636 cda61777-01e9-0310-a592-d414129be87e

Change return type of do_ssh2_transport() to void.

Nothing pays attention to it any more, anyway.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9635 cda61777-01e9-0310-a592-d414129be87e

Make bombout() less of a macro and more of a function.

This gives GCC slightly fewer opportunities to gratuitously inflate
its output.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9634 cda61777-01e9-0310-a592-d414129be87e

Fix a memory leak in parse_ttymodes() (found by Memcheck/Valgrind).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9633 cda61777-01e9-0310-a592-d414129be87e

Slightly simplify crFinishFree{,V}.

They're only likely to be useful for freeing a coroutine state
structure, in which case there's no need to reset the line number
(since all such coroutines keep their line number in the state
structure) and the state structure pointer is always called "s".

git-svn-id: svn://svn.tartarus.org/sgt/putty@9632 cda61777-01e9-0310-a592-d414129be87e

Don't close SSH-2 channels with outstanding channel requests on local error.

In sshfwd_unclean_close(), get ssh2_check_close() to handle sending
SSH_MSG_CHANNEL_CLOSE. That way, it can hold off doing so until any
outstanding channel requests are processed.

Also add event log message for unclean channel closures.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9631 cda61777-01e9-0310-a592-d414129be87e

It's not legal to free a coroutine's state structure before invoking
crFinish or crFinishV, since they will attempt to write to the
coroutine state variable contained in that structure. Introduced some
new all-in-one macros crFinishFree and crFinishFreeV, and used those
instead. Should fix today's report of a crash just after authentication.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9630 cda61777-01e9-0310-a592-d414129be87e

Fix markup error introduced in r9626.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9627 cda61777-01e9-0310-a592-d414129be87e

Remove documentation for "Out of space for port forwardings" error.

It no longer exists in the code, and should have been obsoleted by
r9214 at the latest.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9626 cda61777-01e9-0310-a592-d414129be87e

Improve window-size handling in Unix Plink.

Unconditionally override the configured terminal size with the one
from stdin if it's available. This avoids the silliness whereby if
Default Settings had a terminal size set, Plink used this and thus
caused the server to use the wrong size.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9624 cda61777-01e9-0310-a592-d414129be87e

Better handling of outstanding CHANNEL_REQUESTS on channel destruction.

Part the first: make sure that all structures describing channel
requests are freed when the SSH connection is freed. This involves
adding a means to ask a response handler to free any memory it holds.

Part the second: in ssh_channel_try_eof(), call
ssh2_channel_check_close() rather than emitting an SSH_MSG_CHANNEL_EOF
directly. This avoids the possibility of closing the channel while a
CHANNEL_REQUEST is outstanding.

Also add some assertions that helped with tracking down the latter
problem.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9623 cda61777-01e9-0310-a592-d414129be87e

Factor out common code to construct CHANNEL_REQUESTS.

This reduces code size a little and also makes it harder to
accidentally request a reply without putting in place a handler for
it or vice versa.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9620 cda61777-01e9-0310-a592-d414129be87e

Simplify handling of responses to channel requests.

The various setup routines can only receive CHANNEL_SUCCESS or
CHANNEL_FAILURE, so there's no need for the to worry about receiving
anything else. Strange packets will end up in do_ssh2_authconn
instead.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9619 cda61777-01e9-0310-a592-d414129be87e

Add some kind of window tracking to logparse.pl.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9618 cda61777-01e9-0310-a592-d414129be87e

Fix matching of channel and global requests with replies in logparse.pl.

In each case, want_reply was being treated as true even when it wasn't,
because it got decoded into "yes"/"no", both of which are true in
Perl.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9617 cda61777-01e9-0310-a592-d414129be87e

Handle all replies to CHANNEL_REQUESTs through the per-channel queue.

Each of the minor start-of-session requests is now dealt with by its own
little co-routine, while the shell/command is done in do_ssh2_authconn()
itself. This eliminates one more round-trip in session setup: PuTTY gets
all the way up to sending a shell request before worrying about any
replies.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9616 cda61777-01e9-0310-a592-d414129be87e

Generalise SSH_MSG_CHANNEL_{SUCCESS,FAILURE} handling.

Now each channel has a queue of arbitrary handlers for those messages,
with anything that sends a CHANNEL_REQUEST with want_reply true pushing
a new entry onto the queue, and a shared handler that dispatches
responses appropriately.

Currently, this is only used for winadj@putty.projects.tartarus.org, but
extending it to cover the initial requests as well shouldn't be too
painful.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9615 cda61777-01e9-0310-a592-d414129be87e

Fix a bug in the PSFTP command parser which would cause it to
hallucinate an extra empty argument word at the end of a line if the
line ended in more than one whitespace character.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9613 cda61777-01e9-0310-a592-d414129be87e

Enhance logparse.pl so that it detects channels running SFTP and
decodes the SFTP message layer in addition to the underlying SSH.
Requests and responses are matched up via their ids.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9612 cda61777-01e9-0310-a592-d414129be87e

Fix recently-introduced memory leak in ssh2_msg_unexpected().

git-svn-id: svn://svn.tartarus.org/sgt/putty@9611 cda61777-01e9-0310-a592-d414129be87e

De-duplicate code in KEXINIT generation.

There's no need to have identical code generating server-to-client and
client-to-server versions of the cipher and MAC lists; a couple of
twice-around loops will do fine.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9610 cda61777-01e9-0310-a592-d414129be87e

Reworking of packet delivery to coroutines in SSH-2.

Before, NULL in the dispatch table meant "send to the appropriate one of
do_ssh2_transport() and do_ssh2_authconn()". Now those (via small
shims) are specified directly in the dispatch table, so ssh2_protocol()
is much simpler.

In the process, this has somewhat centralised the handling of gross
server protocol violations. PuTTY will now disconnect with a rude
message when (e.g.) OpenSSH sends us an SSH_MSG_UNIMPLEMENTED when we
try to KEXINIT during authentication.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9609 cda61777-01e9-0310-a592-d414129be87e

Fix an erroneous "case" fallthrough in ssh1_msg_channel_close, which was
causing assertion failures when closing X11 channels in SSH-1. Also fix
another pasto.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9608 cda61777-01e9-0310-a592-d414129be87e

Tweak to SSH coroutine code: put line number in the coroutine state
structure, which is consistent with Simon's canonical version of the
macros.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9607 cda61777-01e9-0310-a592-d414129be87e

Use a single sftp_senddata() to send each SFTP packet, rather than
using one for the length field and one for the rest of the packet
contents. Since sftp_senddata() has no queuing or deferral mechanism
but instead constructs and sends an SSH2_MSG_CHANNEL_DATA message
immediately, this change has the effect of ceasing to split every SFTP
packet across two SSH messages.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9603 cda61777-01e9-0310-a592-d414129be87e

Rework bufchain code to allow for variable-sized granules.
bufchain_add() now allocates at most one new granule. Granules still
have a minimum size, so small adds still get coalesced.

The main practical consequence of this is that PSCP and PSFTP now
generate 4K SSH packets rather than 512-byte ones. Also, the compiled
code (on my Ubuntu box) is fractionally smaller.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9602 cda61777-01e9-0310-a592-d414129be87e

Reduce the number of round-trips involved in opening an SSH-2 session
by sending most of the initial SSH_MSG_CHANNEL_REQUEST messages before
waiting for any replies. The initial version of this code was a clever
thing with a two-pass loop, but that got hairy so I went for the simpler
approach of separating the request and reply code and having flags to
keep track of which requests have been sent.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9599 cda61777-01e9-0310-a592-d414129be87e

Add a missing \define I accidentally assumed was there in r9592.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9593 cda61777-01e9-0310-a592-d414129be87e

Add a bug-compatibility flag to disable the
winadj@putty.projects.tartarus.org request. Not currently enabled
automatically, but should be usable as a manual workaround.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9592 cda61777-01e9-0310-a592-d414129be87e

Fix an embarrassing mistake in config box handling which was causing
changes to any SSH bug config option to be lost when the config box
switched to a different panel, at least on GTK.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9591 cda61777-01e9-0310-a592-d414129be87e

Move the declaration of smemclr() out of putty.h into misc.h, because
one of its uses (in sshaes.c) wasn't picking up the former. Thanks to
Ubuntu's gcc for spotting that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9590 cda61777-01e9-0310-a592-d414129be87e

Remove an unused variable.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9589 cda61777-01e9-0310-a592-d414129be87e

Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9586 cda61777-01e9-0310-a592-d414129be87e

Remove a bashism in mksrcarc.sh, without which bob builds fail on
Ubuntu (whose /bin/sh is not bash).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9585 cda61777-01e9-0310-a592-d414129be87e

Add '-Wall -Werror' to the compile options in the autotools makefile,
having just noticed that Makefile.gtk had it and this one doesn't. (Of
course, this being autoconf, we can easily enough make it conditional
on the compiler actually being gcc.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9583 cda61777-01e9-0310-a592-d414129be87e

Rework the new type-check in sresize so that it doesn't cause a
compile warning ('left-hand operand of comma expression has no
effect'), which of course becomes fatal under -Werror.

(This would have been instantly noticeable to people compiling with
the old-fashioned Makefile.gtk, which does include -Wall -Werror, but
those of us using the new autoconf makefile hadn't noticed.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9582 cda61777-01e9-0310-a592-d414129be87e