X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/2b7540a7ff9881394a7f344aa50aa4abd08c358c..b5af97b37d9461e607ebf6a11919c32b3260c140:/ssh.c

diff --git a/ssh.c b/ssh.c
index 268fc049..ee5a0894 100644
--- a/ssh.c
+++ b/ssh.c
@@ -460,7 +460,7 @@ struct ssh_channel {
 	struct ssh_agent_channel {
 	    unsigned char *message;
 	    unsigned char msglen[4];
-	    int lensofar, totallen;
+	    unsigned lensofar, totallen;
 	} a;
 	struct ssh_x11_channel {
 	    Socket s;
@@ -524,6 +524,9 @@ static void ssh_throttle_all(Ssh ssh, int enable, int bufsize);
 static void ssh2_set_window(struct ssh_channel *c, unsigned newwin);
 static int ssh_sendbuffer(void *handle);
 static void ssh_do_close(Ssh ssh);
+static unsigned long ssh_pkt_getuint32(Ssh ssh);
+static int ssh2_pkt_getbool(Ssh ssh);
+static void ssh_pkt_getstring(Ssh ssh, char **p, int *length);
 
 struct rdpkt1_state_tag {
     long len, pad, biglen, to_read;
@@ -972,15 +975,14 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
     }
 
     if (ssh->pktin.type == SSH1_MSG_DEBUG) {
-	/* log debug message */
-	char buf[512];
-	int stringlen = GET_32BIT(ssh->pktin.body);
-	strcpy(buf, "Remote debug message: ");
-	if (stringlen > 480)
-	    stringlen = 480;
-	memcpy(buf + 8, ssh->pktin.body + 4, stringlen);
-	buf[8 + stringlen] = '\0';
+        char *buf, *msg;
+        int msglen;
+
+        ssh_pkt_getstring(ssh, &msg, &msglen);
+        buf = dupprintf("Remote debug message: %.*s", msglen, msg);
 	logevent(buf);
+        sfree(buf);
+
 	goto next_packet;
     } else if (ssh->pktin.type == SSH1_MSG_IGNORE) {
 	/* do nothing */
@@ -989,17 +991,12 @@ static int ssh1_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
 
     if (ssh->pktin.type == SSH1_MSG_DISCONNECT) {
 	/* log reason code in disconnect message */
-	char buf[256];
-	unsigned msglen = GET_32BIT(ssh->pktin.body);
-	unsigned nowlen;
-	strcpy(buf, "Remote sent disconnect: ");
-	nowlen = strlen(buf);
-	if (msglen > sizeof(buf) - nowlen - 1)
-	    msglen = sizeof(buf) - nowlen - 1;
-	memcpy(buf + nowlen, ssh->pktin.body + 4, msglen);
-	buf[nowlen + msglen] = '\0';
-	/* logevent(buf); (this is now done within the bombout macro) */
-	bombout(("Server sent disconnect message:\n\"%s\"", buf+nowlen));
+	char *msg;
+	int msglen;
+
+        ssh_pkt_getstring(ssh, &msg, &msglen);
+
+	bombout(("Server sent disconnect message:\n\"%.*s\"", msglen, msg));
 	crStop(0);
     }
 
@@ -1168,10 +1165,11 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
       case SSH2_MSG_DISCONNECT:
         {
             /* log reason code in disconnect message */
-            char *buf;
-	    int nowlen;
-            int reason = GET_32BIT(ssh->pktin.data + 6);
-            unsigned msglen = GET_32BIT(ssh->pktin.data + 10);
+            char *buf, *msg;
+            int nowlen, reason, msglen;
+
+            reason = ssh_pkt_getuint32(ssh);
+            ssh_pkt_getstring(ssh, &msg, &msglen);
 
             if (reason > 0 && reason < lenof(ssh2_disconnect_reasons)) {
                 buf = dupprintf("Received disconnect message (%s)",
@@ -1183,7 +1181,7 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
             logevent(buf);
 	    sfree(buf);
             buf = dupprintf("Disconnection message text: %n%.*s",
-			    &nowlen, msglen, ssh->pktin.data + 14);
+			    &nowlen, msglen, msg);
             logevent(buf);
             bombout(("Server sent disconnect message\ntype %d (%s):\n\"%s\"",
                      reason,
@@ -1199,19 +1197,19 @@ static int ssh2_rdpkt(Ssh ssh, unsigned char **data, int *datalen)
       case SSH2_MSG_DEBUG:
 	{
 	    /* log the debug message */
-	    char buf[512];
-	    /* int display = ssh->pktin.body[6]; */
-	    int stringlen = GET_32BIT(ssh->pktin.data+7);
-	    int prefix;
-	    strcpy(buf, "Remote debug message: ");
-	    prefix = strlen(buf);
-	    if (stringlen > (int)(sizeof(buf)-prefix-1))
-		stringlen = sizeof(buf)-prefix-1;
-	    memcpy(buf + prefix, ssh->pktin.data + 11, stringlen);
-	    buf[prefix + stringlen] = '\0';
+	    char *buf, *msg;
+	    int msglen;
+	    int always_display;
+
+	    /* XXX maybe we should actually take notice of this */
+            always_display = ssh2_pkt_getbool(ssh);
+            ssh_pkt_getstring(ssh, &msg, &msglen);
+
+            buf = dupprintf("Remote debug message: %.*s", msglen, msg);
 	    logevent(buf);
+            sfree(buf);
 	}
-        goto next_packet;              /* FIXME: print the debug message */
+        goto next_packet;
 
         /*
          * These packets we need do nothing about here.
@@ -2759,7 +2757,7 @@ static int do_ssh1_login(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 
     fflush(stdout);
     {
-	if ((flags & FLAG_INTERACTIVE) && !*ssh->cfg.username) {
+	if (!*ssh->cfg.username) {
 	    if (ssh_get_line && !ssh_getline_pw_only) {
 		if (!ssh_get_line("login as: ",
 				  s->username, sizeof(s->username), FALSE)) {
@@ -3584,7 +3582,8 @@ static void ssh1_protocol(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	    }
 	    if (sport && dport) {
 		/* Set up a description of the source port. */
-		char *sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
+		static char *sportdesc;
+		sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
 			(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
 			(int)(*saddr?1:0), ":",
 			(int)(sserv ? strlen(sports) : 0), sports,
@@ -4842,7 +4841,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	     * with change_username turned off we don't try to get
 	     * it again.
 	     */
-	} else if ((flags & FLAG_INTERACTIVE) && !*ssh->cfg.username) {
+	} else if (!*ssh->cfg.username) {
 	    if (ssh_get_line && !ssh_getline_pw_only) {
 		if (!ssh_get_line("login as: ",
 				  s->username, sizeof(s->username), FALSE)) {
@@ -5254,7 +5253,7 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 		    ssh2_pkt_addstring_data(ssh, (char *)pub_blob,
 					    pub_blob_len);
 		    ssh2_pkt_send(ssh);
-		    logevent("Offered public key");	/* FIXME */
+		    logevent("Offered public key");
 
 		    crWaitUntilV(ispkt);
 		    if (ssh->pktin.type != SSH2_MSG_USERAUTH_PK_OK) {
@@ -5772,7 +5771,8 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 	    }
 	    if (sport && dport) {
 		/* Set up a description of the source port. */
-		char *sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
+		static char *sportdesc;
+		sportdesc = dupprintf("%.*s%.*s%.*s%.*s%d%.*s",
 			(int)(*saddr?strlen(saddr):0), *saddr?saddr:NULL,
 			(int)(*saddr?1:0), ":",
 			(int)(sserv ? strlen(sports) : 0), sports,
@@ -5825,12 +5825,13 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 			ssh2_pkt_init(ssh, SSH2_MSG_GLOBAL_REQUEST);
 			ssh2_pkt_addstring(ssh, "tcpip-forward");
 			ssh2_pkt_addbool(ssh, 1);/* want reply */
-			if (*saddr)
+			if (*saddr) {
 			    ssh2_pkt_addstring(ssh, saddr);
-			if (ssh->cfg.rport_acceptall)
+			} else if (ssh->cfg.rport_acceptall) {
 			    ssh2_pkt_addstring(ssh, "0.0.0.0");
-			else
+			} else {
 			    ssh2_pkt_addstring(ssh, "127.0.0.1");
+			}
 			ssh2_pkt_adduint32(ssh, sport);
 			ssh2_pkt_send(ssh);
 
@@ -6424,9 +6425,10 @@ static void do_ssh2_authconn(Ssh ssh, unsigned char *in, int inlen, int ispkt)
 #define CHECK_HYPOTHESIS(offset, result) \
     do { \
 	long q = offset; \
-	if (q+4 <= len) { \
+	if (q >= 0 && q+4 <= len) { \
 	    q = q + 4 + GET_32BIT(p+q); \
-	    if (q+4 <= len && (q = q + 4 + GET_32BIT(p+q)) && q == len) \
+	    if (q >= 0 && q+4 <= len && \
+		    (q = q + 4 + GET_32BIT(p+q)) && q == len) \
 		result = TRUE; \
 	} \
     } while(0)