X-Git-Url: https://git.distorted.org.uk/~mdw/sgt/putty/blobdiff_plain/bd358db116eb6c3bf56a0b9a154f8eee0cf28761..ca35e638d722fb2ac315d9a9ac27b4de946f487b:/ssh.c?ds=sidebyside

diff --git a/ssh.c b/ssh.c
index 737871ad..67ae0d42 100644
--- a/ssh.c
+++ b/ssh.c
@@ -942,23 +942,18 @@ static int s_wrpkt_prepare(void)
 
     pktout.body[-1] = pktout.type;
 
-#ifdef DUMP_PACKETS
-    debug(("Packet payload pre-compression:\n"));
-    dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
-
     if (ssh1_compressing) {
 	unsigned char *compblk;
 	int complen;
+#ifdef DUMP_PACKETS
+	debug(("Packet payload pre-compression:\n"));
+	dmemdump(pktout.body - 1, pktout.length + 1);
+#endif
 	zlib_compress_block(pktout.body - 1, pktout.length + 1,
 			    &compblk, &complen);
 	ssh1_pktout_size(complen - 1);
 	memcpy(pktout.body - 1, compblk, complen);
 	sfree(compblk);
-#ifdef DUMP_PACKETS
-	debug(("Packet payload post-compression:\n"));
-	dmemdump(pktout.body - 1, pktout.length + 1);
-#endif
     }
 
     len = pktout.length + 5;	       /* type and CRC */
@@ -1241,13 +1236,15 @@ static int ssh2_pkt_construct(void)
     /*
      * Compress packet payload.
      */
-#ifdef DUMP_PACKETS
-    debug(("Pre-compression payload:\n"));
-    dmemdump(pktout.data + 5, pktout.length - 5);
-#endif
     {
 	unsigned char *newpayload;
 	int newlen;
+#ifdef DUMP_PACKETS
+	if (cscomp && cscomp != &ssh_comp_none) {
+	    debug(("Pre-compression payload:\n"));
+	    dmemdump(pktout.data + 5, pktout.length - 5);
+	}
+#endif
 	if (cscomp && cscomp->compress(pktout.data + 5, pktout.length - 5,
 				       &newpayload, &newlen)) {
 	    pktout.length = 5;
@@ -2422,6 +2419,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		 * against password length sniffing.
 		 */
 		if (!(ssh_remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
+		    /*
+		     * The server can deal with SSH1_MSG_IGNORE, so
+		     * we can use the primary defence.
+		     */
 		    int bottom, top, pwlen, i;
 		    char *randomstr;
 
@@ -2457,6 +2458,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
 		    ssh_pkt_defersend();
 		} 
 		else if (!(ssh_remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
+		    /*
+		     * The server can't deal with SSH1_MSG_IGNORE
+		     * but can deal with padded passwords, so we
+		     * can use the secondary defence.
+		     */
 		    char string[64];
 		    char *s;
 		    int len;