Add remaining comments to the last checkin (gah, remember to hit

Save in the editor _before_ running cvs commit).

git-svn-id: svn://svn.tartarus.org/sgt/putty@1333 cda61777-01e9-0310-a592-d414129be87e

diff --git a/ssh.c b/ssh.c
index 737871a..cc6ee30 100644 (file)
--- a/ssh.c
+++ b/ssh.c
@@ -2422,6 +2422,10 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
                 * against password length sniffing.
                 */
                if (!(ssh_remote_bugs & BUG_CHOKES_ON_SSH1_IGNORE)) {
+                   /*
+                    * The server can deal with SSH1_MSG_IGNORE, so
+                    * we can use the primary defence.
+                    */
                    int bottom, top, pwlen, i;
                    char *randomstr;
 
@@ -2457,6 +2461,11 @@ static int do_ssh1_login(unsigned char *in, int inlen, int ispkt)
                    ssh_pkt_defersend();
                } 
                else if (!(ssh_remote_bugs & BUG_NEEDS_SSH1_PLAIN_PASSWORD)) {
+                   /*
+                    * The server can't deal with SSH1_MSG_IGNORE
+                    * but can deal with padded passwords, so we
+                    * can use the secondary defence.
+                    */
                    char string[64];
                    char *s;
                    int len;