X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/b17c8428073802aa78ccdd9d474b359260c346cc..d524be1c2d942affbe81fe35c08b4b7e4338fef3:/ssh.c?ds=inline

diff --git a/ssh.c b/ssh.c
index cc6ee309..ef573d42 100644
--- a/ssh.c
+++ b/ssh.c
@@ -942,23 +942,18 @@ static int s_wrpkt_prepare(void)
 
     pktout.body[-1] = pktout.type;
 
-#ifdef DUMP_PACKETS
-    debug(("Packet payload pre-compression:\n"));
-    dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
-
     if (ssh1_compressing) {
 	unsigned char *compblk;
 	int complen;
+#ifdef DUMP_PACKETS
+	debug(("Packet payload pre-compression:\n"));
+	dmemdump(pktout.body - 1, pktout.length + 1);
+#endif
 	zlib_compress_block(pktout.body - 1, pktout.length + 1,
 			    &compblk, &complen);
 	ssh1_pktout_size(complen - 1);
 	memcpy(pktout.body - 1, compblk, complen);
 	sfree(compblk);
-#ifdef DUMP_PACKETS
-	debug(("Packet payload post-compression:\n"));
-	dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
     }
 
     len = pktout.length + 5;	       /* type and CRC */
@@ -1241,13 +1236,15 @@ static int ssh2_pkt_construct(void)
     /*
      * Compress packet payload.
      */
-#ifdef DUMP_PACKETS
-    debug(("Pre-compression payload:\n"));
-    dmemdump(pktout.data + 5, pktout.length - 5);
-#endif
     {
 	unsigned char *newpayload;
 	int newlen;
+#ifdef DUMP_PACKETS
+	if (cscomp && cscomp != &ssh_comp_none) {
+	    debug(("Pre-compression payload:\n"));
+	    dmemdump(pktout.data + 5, pktout.length - 5);
+	}
+#endif
 	if (cscomp && cscomp->compress(pktout.data + 5, pktout.length - 5,
 				       &newpayload, &newlen)) {
 	    pktout.length = 5;
@@ -2526,19 +2523,29 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 void sshfwd_close(struct ssh_channel *c)
 {
     if (c && !c->closes) {
-	if (ssh_version == 1) {
-	    send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
-			PKT_END);
-	} else {
-	    ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
-	    ssh2_pkt_adduint32(c->remoteid);
-	    ssh2_pkt_send();
+	/*
+	 * If the channel's remoteid is -1, we have sent
+	 * CHANNEL_OPEN for this channel, but it hasn't even been
+	 * acknowledged by the server. So we must set a close flag
+	 * on it now, and then when the server acks the channel
+	 * open, we can close it then.
+	 */
+	if (c->remoteid != -1) {
+	    if (ssh_version == 1) {
+		send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+			    PKT_END);
+	    } else {
+		ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
+		ssh2_pkt_adduint32(c->remoteid);
+		ssh2_pkt_send();
+	    }
 	}
 	c->closes = 1;
 	if (c->type == CHAN_X11) {
 	    c->u.x11.s = NULL;
 	    logevent("Forwarded X11 connection terminated");
-	} else if (c->type == CHAN_SOCKDATA) {
+	} else if (c->type == CHAN_SOCKDATA ||
+		   c->type == CHAN_SOCKDATA_DORMANT) {
 	    c->u.pfd.s = NULL;
 	    logevent("Forwarded port closed");
 	}
@@ -2905,9 +2912,21 @@ static void ssh1_protocol(unsigned char *in, int inlen, int ispkt)
 		if (c && c->type == CHAN_SOCKDATA_DORMANT) {
 		    c->remoteid = localid;
 		    c->type = CHAN_SOCKDATA;
+		    c->v.v1.throttling = 0;
 		    pfd_confirm(c->u.pfd.s);
 		}
 
+		if (c && c->closes) {
+		    /*
+		     * We have a pending close on this channel,
+		     * which we decided on before the server acked
+		     * the channel open. So now we know the
+		     * remoteid, we can close it again.
+		     */
+		    send_packet(SSH1_MSG_CHANNEL_CLOSE, PKT_INT, c->remoteid,
+				PKT_END);
+		}
+
 	    } else if (pktin.type == SSH1_MSG_CHANNEL_OPEN_FAILURE) {
 		unsigned int remoteid = GET_32BIT(pktin.body);
 		unsigned int localid = GET_32BIT(pktin.body+4);
@@ -3334,6 +3353,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!cscipher_tobe) {
+	bombout(("Couldn't agree a client-to-server cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* server->client cipher */
     warn = 0;
     for (i = 0; i < n_preferred_ciphers; i++) {
@@ -3354,6 +3378,11 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
 	    break;
 	}
     }
+    if (!sccipher_tobe) {
+	bombout(("Couldn't agree a server-to-client cipher (available: %s)", str));
+	crReturn(0);
+    }
+
     ssh2_pkt_getstring(&str, &len);    /* client->server mac */
     for (i = 0; i < nmacs; i++) {
 	if (in_commasep_string(maclist[i]->name, str, len)) {
@@ -3481,15 +3510,6 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     }
 
     /*
-     * Expect SSH2_MSG_NEWKEYS from server.
-     */
-    crWaitUntil(ispkt);
-    if (pktin.type != SSH2_MSG_NEWKEYS) {
-	bombout(("expected new-keys packet from server"));
-	crReturn(0);
-    }
-
-    /*
      * Authenticate remote host: verify host key. (We've already
      * checked the signature of the exchange hash.)
      */
@@ -3512,6 +3532,15 @@ static int do_ssh2_transport(unsigned char *in, int inlen, int ispkt)
     ssh2_pkt_send();
 
     /*
+     * Expect SSH2_MSG_NEWKEYS from server.
+     */
+    crWaitUntil(ispkt);
+    if (pktin.type != SSH2_MSG_NEWKEYS) {
+	bombout(("expected new-keys packet from server"));
+	crReturn(0);
+    }
+
+    /*
      * Create and initialise session keys.
      */
     cscipher = cscipher_tobe;
@@ -4778,8 +4807,6 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		ssh_state = SSH_STATE_CLOSED;
 		logevent("Received disconnect message");
 		crReturnV;
-	    } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) {
-		continue;	       /* exit status et al; ignore (FIXME?) */
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_EOF) {
 		unsigned i = ssh2_pkt_getuint32();
 		struct ssh_channel *c;
@@ -4867,11 +4894,22 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 		    continue;	       /* dunno why they're confirming this */
 		c->remoteid = ssh2_pkt_getuint32();
 		c->type = CHAN_SOCKDATA;
-		c->closes = 0;
 		c->v.v2.remwindow = ssh2_pkt_getuint32();
 		c->v.v2.remmaxpkt = ssh2_pkt_getuint32();
 		bufchain_init(&c->v.v2.outbuffer);
-		pfd_confirm(c->u.pfd.s);
+		if (c->u.pfd.s)
+		    pfd_confirm(c->u.pfd.s);
+		if (c->closes) {
+		    /*
+		     * We have a pending close on this channel,
+		     * which we decided on before the server acked
+		     * the channel open. So now we know the
+		     * remoteid, we can close it again.
+		     */
+		    ssh2_pkt_init(SSH2_MSG_CHANNEL_CLOSE);
+		    ssh2_pkt_adduint32(c->remoteid);
+		    ssh2_pkt_send();
+		}
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN_FAILURE) {
 		unsigned i = ssh2_pkt_getuint32();
 		struct ssh_channel *c;
@@ -4887,6 +4925,46 @@ static void do_ssh2_authconn(unsigned char *in, int inlen, int ispkt)
 
 		del234(ssh_channels, c);
 		sfree(c);
+	    } else if (pktin.type == SSH2_MSG_CHANNEL_REQUEST) {
+ 		unsigned localid;
+		char *type;
+		int typelen, want_reply;
+		struct ssh_channel *c;
+
+		localid = ssh2_pkt_getuint32();
+		ssh2_pkt_getstring(&type, &typelen);
+		want_reply = ssh2_pkt_getbool();
+
+		/*
+		 * First, check that the channel exists. Otherwise,
+		 * we can instantly disconnect with a rude message.
+		 */
+		c = find234(ssh_channels, &localid, ssh_channelfind);
+		if (!c) {
+		    char buf[80];
+		    sprintf(buf, "Received channel request for nonexistent"
+			    " channel %d", localid);
+		    logevent(buf);
+		    ssh2_pkt_init(SSH2_MSG_DISCONNECT);
+		    ssh2_pkt_adduint32(SSH2_DISCONNECT_BY_APPLICATION);
+		    ssh2_pkt_addstring(buf);
+		    ssh2_pkt_addstring("en");	/* language tag */
+		    ssh2_pkt_send();
+		    connection_fatal(buf);
+		    ssh_state = SSH_STATE_CLOSED;
+		    crReturnV;
+		}
+
+		/*
+		 * We don't recognise any form of channel request,
+		 * so we now either ignore the request or respond
+		 * with CHANNEL_FAILURE, depending on want_reply.
+		 */
+		if (want_reply) {
+		    ssh2_pkt_init(SSH2_MSG_CHANNEL_FAILURE);
+		    ssh2_pkt_adduint32(c->remoteid);
+		    ssh2_pkt_send();
+		}
 	    } else if (pktin.type == SSH2_MSG_CHANNEL_OPEN) {
 		char *type;
 		int typelen;