mdw@git.distorted.org.uk Git

Fix a null-dereference introduced by another mis-fix in r9919.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9946 cda61777-01e9-0310-a592-d414129be87e

Fix leak of 'fname' introduced by the rewrite of write_random_seed in
r9933.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9945 cda61777-01e9-0310-a592-d414129be87e

Another two mis-fixes from r9919: when we sfree(line) on exit from the
ssh.com and OpenSSH key import loops, we should also null it out so
that the cleanup path doesn't try to re-free the same pointer.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9944 cda61777-01e9-0310-a592-d414129be87e

Redo a mis-fix of a memory leak in r9919: I added sfree(data)
immediately after conf_deserialise in the Duplicate Session receiver,
whereas I should have put it after the subsequent loop that extracts
the pty argv if any.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9943 cda61777-01e9-0310-a592-d414129be87e

Switch to translating keystrokes using ToUnicodeEx rather than
ToAsciiEx, where possible.

This enables support for keys which generate Unicode characters that
aren't in the system code page, which seems to me like a perverse way
for Windows to have set up the system code page but apparently does
happen, e.g. (I'm told) U+0219 and U+021B on Romanian keyboards.

Patch mostly due to Andrei Damian-Fekete.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9942 cda61777-01e9-0310-a592-d414129be87e

Been meaning to get round to this for a while: use CryptGenRandom to
gather extra entropy at Windows PuTTY startup time. (It's only used as
one of the inputs to PuTTY's internal entropy pool, so nobody is
required to trust it.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9941 cda61777-01e9-0310-a592-d414129be87e

Centralise calls to fcntl into functions that carefully check the
error returns.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9940 cda61777-01e9-0310-a592-d414129be87e

Add an error check to every setsockopt call in uxnet.c.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9939 cda61777-01e9-0310-a592-d414129be87e

Add some conditionally-compilable diagnostics to the RNG. I got
briefly worried that it might not be doing what I thought it was
doing, but examining these diagnostics shows that it is after all, and
now I've written them it would be a shame not to keep them for future
use.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9938 cda61777-01e9-0310-a592-d414129be87e

Better error reporting when failing to save a session.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9937 cda61777-01e9-0310-a592-d414129be87e

Add some missing calls to cleanup_exit.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9936 cda61777-01e9-0310-a592-d414129be87e

Run the random pool setup and teardown functions with random_active
nonzero rather than zero.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9935 cda61777-01e9-0310-a592-d414129be87e

Report errors in store_host_key too.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9934 cda61777-01e9-0310-a592-d414129be87e

Add proper error reports in write_random_seed, via the new 'nonfatal'
error reporting function.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9933 cda61777-01e9-0310-a592-d414129be87e

Add a nonfatal() function everywhere, to be used for reporting things
that the user really ought to know but that are not actually fatal to
continued operation of PuTTY or a single network connection.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9932 cda61777-01e9-0310-a592-d414129be87e

Add a missing error check in pterm's child-process setup. Shouldn't
really fail, but might as well be careful.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9931 cda61777-01e9-0310-a592-d414129be87e

It suddenly strikes me as probably a good idea to enforce that anyone
calling random_byte has previously called random_ref.

(I'm not aware of any current code getting this wrong! It just seems
to me to be the sort of thing you'd want to be really sure of.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9930 cda61777-01e9-0310-a592-d414129be87e

Fix a build failure: r9924 thoughtlessly put an assert before some
declarations, and gcc didn't complain but VC did.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9928 cda61777-01e9-0310-a592-d414129be87e

In the various channel request mini-coroutines, replace
crWaitUntilV(pktin) with plain crReturnV, because those coroutines can
be called back either with a response packet from the channel request
_or_ with NULL by ssh_free meaning 'please just clean yourself up'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9927 cda61777-01e9-0310-a592-d414129be87e

Remove a redundant while-loop condition when reading RFC822-style
header text from a PuTTY key file.

(It's silly to have both while (len > 0) at the top of the loop _and_
an if (len == 0) return in the middle, and in fact the former was the
erroneous one since it would have prohibited a 39-character header,
which I intended to be permitted.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9926 cda61777-01e9-0310-a592-d414129be87e

Remove a pointless assignment in setup_config_box.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9925 cda61777-01e9-0310-a592-d414129be87e

Remove a return path from sshcom_write() which was both unreachable
(it would trigger if !type==RSA and !type==DSA, but one of those must
have been true to get there in the first place) and erroneous (it
would return NULL without going through the cleanup code). Since the
code's internal structure guarantees that path isn't reached, replace
it with an assert.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9924 cda61777-01e9-0310-a592-d414129be87e

Use the new ctrl_alloc_with_free to clean up a long-standing FIXME in
the session saving code, in which the contents of the edit box giving
the current saved session name was stored in a horrid place with a
fixed length. Now it's dangling off sessionsaver_data as it always
ought to have been, and it's dynamically reallocated to the
appropriate length, and there's a free function that cleans it up at
the end of the dialog's lifetime.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9923 cda61777-01e9-0310-a592-d414129be87e

Add an extended version of ctrl_alloc which permits you to provide a
custom free function, in case you need to ctrl_alloc a structure which
then has additional dynamically allocated things dangling off it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9922 cda61777-01e9-0310-a592-d414129be87e

Move the calculation of the exchange hash to above the various
warnings about insecure crypto components. The latter may crReturn
(though not in any current implementation, I believe), which
invalidates pktin, which is used by the former.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9921 cda61777-01e9-0310-a592-d414129be87e

Add a missing null pointer check in wc_unescape, to bring it in line
with the usage comment saying you're allowed to pass NULL to find out
only the return value. No caller actually does pass NULL at the
moment.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9920 cda61777-01e9-0310-a592-d414129be87e

Fix another giant batch of resource leaks. (Mostly memory, but there's
one missing fclose too.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9919 cda61777-01e9-0310-a592-d414129be87e

Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9918 cda61777-01e9-0310-a592-d414129be87e

Fix an always-false if statement which was causing the window border
not to be redrawn when the user reconfigured the background colour.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9917 cda61777-01e9-0310-a592-d414129be87e

Add an assortment of missing frees, and one missing file close. Mostly
on error paths, although the one in PSFTP's wildcard_iterate will come
up in normal usage.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9916 cda61777-01e9-0310-a592-d414129be87e

xfer_{up,down}load_gotpkt free their input sftp_packet as a side
effect of handling it, but they do not free it if it isn't a packet
they recognise as part of their upload/download. Invent a return value
that specifically signals this, and consistently free pktin at every
call site if that return value comes back. Also, ensure that that
return value also always comes with something meaningful in fxp_error.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9915 cda61777-01e9-0310-a592-d414129be87e

Fix a collection of calls to tell_user so that they don't add their
own newline before the one tell_user puts on the end anyway. Also,
while I'm here, make up my mind about whether to prefix messages with
"scp:" or "pscp:" - I choose the latter.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9914 cda61777-01e9-0310-a592-d414129be87e

Fix a couple of code paths on which, if fxp_readdir returned an error,
we would return without first closing the directory handle we had used
as an argument.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9913 cda61777-01e9-0310-a592-d414129be87e

It's not actually legal by the C standard to call qsort with a null
array pointer, _even_ if you're asking it to sort zero elements so
that in principle it should never dereference that pointer. Fix the
four instances in PSCP/PSFTP where this was previously occurring.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9912 cda61777-01e9-0310-a592-d414129be87e

Fixes for the tree234 unit test: break its dependencies on half of the
rest of PuTTY, and fix a couple of format string type mismatches
pointed out by gcc.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9911 cda61777-01e9-0310-a592-d414129be87e

Add missing checks in update_for_intended_size() in the font selector
code, which would have coped badly if ever asked to select the first
font in the list at a size smaller than it supported. Luckily the
first font tended to be one of the X numeric aliases (e.g. 10x20)
which was stored with size zero, so this probably didn't actually come
up for anyone, but better safe than sorry.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9910 cda61777-01e9-0310-a592-d414129be87e

Fix a pty-freeing error which caused a segfault if you attempted to
use Restart Session in a post-not-close-on-exit pterm.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9909 cda61777-01e9-0310-a592-d414129be87e

Add some missing null checks for inst->ldisc, which were causing
segfaults if a PuTTY or pterm did not close on exit and then you
either typed something via input_method_commit_event or changed the
line editing or echo settings.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9908 cda61777-01e9-0310-a592-d414129be87e

Remove another pointless null check, this time of inst->back in the
function which has just dereferenced it to get the exit code.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9907 cda61777-01e9-0310-a592-d414129be87e

Remove redundant null checks for arguments to sftp_{get,put}_file
which are (a) never NULL anyway, and (b) have already been
dereferenced by the time we make those checks so it would be too late
if they were.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9906 cda61777-01e9-0310-a592-d414129be87e

Fix a mishandling of error returns from makekey() in the SSH-1 private
key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9905 cda61777-01e9-0310-a592-d414129be87e

Add another missing bounds check in the SSH-1 private key loader.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9904 cda61777-01e9-0310-a592-d414129be87e

Get rid of the fixed-size 'hostname' buffer in every port-forwarded
connection, and replace it with sensible dynamically allocated
storage. While I'm at it, get rid of the disgusting dual use between
storing an actual hostname and storing an incoming SOCKS request; we
now have a separate pointer variable for each.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9903 cda61777-01e9-0310-a592-d414129be87e

Add an assortment of extra safety checks.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9896 cda61777-01e9-0310-a592-d414129be87e

Move the SSH-1 servkey and hostkey variables into the coroutine state,
since there is a theoretical code path (via the crReturn loop after
asking an interactive question about a host key or crypto algorithm)
on which we can leave and return to do_ssh1_login between allocating
and freeing those keys.

(In practice it shouldn't come up anyway with any of the current
implementations of the interactive question functions, not to mention
the unlikelihood of anyone non-specialist still using SSH-1, but
better safe than sorry.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9895 cda61777-01e9-0310-a592-d414129be87e

Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.

To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.

While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9894 cda61777-01e9-0310-a592-d414129be87e

A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9889 cda61777-01e9-0310-a592-d414129be87e

Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.

(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9868 cda61777-01e9-0310-a592-d414129be87e

Update docs for change to UTF-8 by default, and emphasise UTF-8 more generally.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9846 cda61777-01e9-0310-a592-d414129be87e

It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9843 cda61777-01e9-0310-a592-d414129be87e

Fix a bug in which terminal output received from the session could be
buffered in terminal.c indefinitely and only released when further
output turned up.

Arose because we suppress the call to term_out from term_data if a
drag-select is in progress, but when the drag-select ends we weren't
proactively calling term_out to release the buffered data. So if your
session generated some terminal output while you were in mid-select,
_and had stopped by the time you let go of the mouse button_, then the
output would just sit there until released by the next call to
term_data.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9768 cda61777-01e9-0310-a592-d414129be87e

Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9766 cda61777-01e9-0310-a592-d414129be87e

Don't forget to check the return values of setuid and friends.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9764 cda61777-01e9-0310-a592-d414129be87e

Give a better error message if a PuTTY private key file has a version
number we don't understand. It's nicer to report 'format too new' than
'not a PuTTY key file'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9763 cda61777-01e9-0310-a592-d414129be87e

Add support for HMAC-SHA-256 as an SSH-2 MAC algorithm ("hmac-sha2-256")
as specified in RFC 6668. This is not so much because I think it's
necessary, but because scrypt uses HMAC-SHA-256 and once we've got it we
may as well use it.

Code very closely derived from the HMAC-SHA-1 code.

Tested against OpenSSH 5.9p1 Debian-5ubuntu1.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9759 cda61777-01e9-0310-a592-d414129be87e

Take advantage of PUT_32BIT_MSB_FIRST when constructing sequence numbers
to MAC.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9758 cda61777-01e9-0310-a592-d414129be87e

Patch from Egmont Koblinger to implement two extended variants of
xterm mouse tracking, both supported by the current up-to-date xterm
(288). They take the form of two new DEC terminal modes, 1006 and
1015, which do not in themselves _enable_ mouse tracking but they
modify the escape sequences sent if mouse tracking is enabled in the
usual way.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9752 cda61777-01e9-0310-a592-d414129be87e

Adjust comments around split_into_argv() to clarify that it's not
*Windows's* command-line splitting rules we're mimicking here; it's
VC7's, and they're not the same as VC10's.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9748 cda61777-01e9-0310-a592-d414129be87e

Reorganise setup_fonts_ucs so that in case of error it does nothing
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9745 cda61777-01e9-0310-a592-d414129be87e

Move the -I options for all our source subdirectories out of AM_CFLAGS
and into AM_CPPFLAGS. This is more conceptually sensible according to
my reading of the automake manual, and also has the specific desirable
effect that they move to the front of the command line, ahead of any
'system' type -I options that autoconf might have felt a need for.

A user reported that autoconf had added -I/usr/local/include to their
command line for the sake of a required header file, but their
/usr/local/include also turned out to include a thing called 'proxy.h'
(from libproxy, nothing to do with us) which shadowed our own proxy.h
and caused a build failure. This should fix that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9736 cda61777-01e9-0310-a592-d414129be87e

Update the suggested compile command in sshbn.c's test rig.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9732 cda61777-01e9-0310-a592-d414129be87e

Fix two gcc warnings about confused printf format strings in the
bignum code's test harness. Thanks to Sup Yut Sum for fixing this in
TortoisePlink and Sven Strickroth for bringing it to my attention.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9731 cda61777-01e9-0310-a592-d414129be87e

Ronald Landheer-Cieslak points out that the various back ends which
treat all socket closures as clean exits (because the protocol doesn't
provide for transferring a process exit code) could usefully at least
treat _socket errors_ as unclean exits. Patch the Telnet, Rlogin and
Raw backends to retain that information and return INT_MAX to the
frontend.

I wasn't sure whether it was better to solve this by modifying each
affected frontend, or each affected backend. Neither is really ideal;
this is the sort of thing that makes me wish we had a piece of fixed
middleware in between, independent of both platform and protocol.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9730 cda61777-01e9-0310-a592-d414129be87e

Switch round a bogus if statement I've just noticed. Both the write to
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!

git-svn-id: svn://svn.tartarus.org/sgt/putty@9729 cda61777-01e9-0310-a592-d414129be87e

Patch from Brad Smith to use posix_openpt() instead of
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9728 cda61777-01e9-0310-a592-d414129be87e

Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any
OS doesn't automatically assume it.

(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9727 cda61777-01e9-0310-a592-d414129be87e

Add a bounds check in the word-by-word selection code to prevent
attempting to call lineptr() with a y-coordinate off the bottom of the
screen and triggering the dreaded 'line==NULL' message box.

This crash can only occur if the bottommost line of the screen has the
LATTR_WRAPPED flag set, which as far as I can see you can only
contrive by constructing a LATTR_WRAPPED line further up the screen
and then moving it down using an insert-line escape sequence. That's
probably why this bug has been around forever without anyone coming
across it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9726 cda61777-01e9-0310-a592-d414129be87e

Patch from Hideki Eiraku to make PuTTY call GetScrollInfo, so it can
use 32-bit scrollbar position data instead of being limited to the
16-bit version that comes in scrollbar messages' wParam.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9720 cda61777-01e9-0310-a592-d414129be87e

Fix another error-reporting bug, in which sk_newlistener would fail to
capture the error code if listen() returned an error, and instead pass
0 (saved from the previous successful bind) to winsock_error_string.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9708 cda61777-01e9-0310-a592-d414129be87e

When manually initialising a 'struct RSAKey' due to loading an SSH1
public key but not the private half, NULL out all the CRT-optimisation
fields as well as the private exponent pointer. Otherwise segfaults -
security-harmless, but annoying - can happen in freersakey() when we
notice they aren't null and try to free them.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9705 cda61777-01e9-0310-a592-d414129be87e

Add a fallback case to winsock_error_string() which makes it call
FormatMessage to get the OS's text for any error not in our own
translation table. Should eliminate the frustrating 'unknown error'.

(I haven't chosen to use FormatMessage unconditionally, because it
comes out with enormous messages along the lines of "No connection
could be made because the target machine actively refused it" in place
of "Connection refused" and I'm Unixy enough to prefer the latter.
Also, on older Windowses, Winsock error codes are in a separate API
segment and don't work with FormatMessage anyway.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9704 cda61777-01e9-0310-a592-d414129be87e

Windows's sk_address_is_local() was returning the wrong answers for
IPv6 addresses, because I'd mistakenly cast an ai_addr to the low-
level 'struct in6_addr' instead of the correct 'struct sockaddr_in6'.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9690 cda61777-01e9-0310-a592-d414129be87e

When a proxy negotiation function is called with PROXY_CHANGE_NEW, it
should not call plug functions, because it's being called from within
new_connection(), and the state on which the plug functions depend
will not have been set up until new_connection() returns success.
Instead, we set the error string in the Proxy_Socket, which will cause
the same error message to be returned as a failure of new_connection().

git-svn-id: svn://svn.tartarus.org/sgt/putty@9689 cda61777-01e9-0310-a592-d414129be87e

If you configure Unix PuTTY to use a proxy, tell it to even proxy
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9688 cda61777-01e9-0310-a592-d414129be87e

Add timestamps to the 'SSH raw data' logging mode.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9687 cda61777-01e9-0310-a592-d414129be87e

A user points out that we should free the 'hProcess' and 'hThread'
handles returned in the PROCESS_INFORMATION structure after we call
CreateProcess.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9686 cda61777-01e9-0310-a592-d414129be87e

Sumudu Fernando points out that in the big r9214 destabilisation I
mistakenly rearranged the logic in an if statement in window.c, with
the effect that scroll-wheel events are no longer sent via xterm mouse
tracking. Put it back to the way it was.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9679 cda61777-01e9-0310-a592-d414129be87e

Clip the 'lines' parameter to scroll() at the size of the scroll
window. scroll() iterates that many times, so this prevents a tedious
wait if you give a very large parameter to ESC[L or ESC[M, for
example.

A side effect is that very large requests for upward scrolling in a
context that affects the scrollback will not actually wipe out the
whole scrollback: instead they push just the current lines of the
screen into the scrollback, and don't continue on to fill it up with
endless boring blank lines. I think this is likely to be more useful
in general, since it avoids wiping out lots of useful scrollback data
by mistake. I can imagine that people might have been using it
precisely _to_ wipe the scrollback in some situations, but if so then
they should use CSI 3 J instead.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9677 cda61777-01e9-0310-a592-d414129be87e

Windows PSFTP has two places that call run_timers and I'd only updated
one of them. Correct that.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9676 cda61777-01e9-0310-a592-d414129be87e

Fix indentation mess in my timing overhaul.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9675 cda61777-01e9-0310-a592-d414129be87e

Fix a stupid sign bug in run_timers() that broke Windows Plink (and
should really have broken everything else too).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9674 cda61777-01e9-0310-a592-d414129be87e

Make --help and --version work consistently across all tools.

Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)

git-svn-id: svn://svn.tartarus.org/sgt/putty@9673 cda61777-01e9-0310-a592-d414129be87e

Better document the various environments with which Makefile.cyg works.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9670 cda61777-01e9-0310-a592-d414129be87e

Add a new COMPAT option for environments lacking SecureZeroMemory(),
rather than explicitly checking for Winelib. It seems that w32api is
lacking it as well.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9669 cda61777-01e9-0310-a592-d414129be87e

Allow remote-to-local forwardings to use IPv6.

RFC 4245 section 7.1 specifies the meaning of the "address to bind"
parameter in a "tcpip-forward" request. "0.0.0.0" and "127.0.0.1" are
specified to be all interfaces and the loopback interface respectively
in IPv4, while "" and "localhost" are the address-family-agnostic
equivalents. Switch PuTTY to using the latter, since it doesn't seem
right to force IPv4.

There's an argument that PuTTY should provide a means of configuring the
address family used for remote forwardings like it does for local ones.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9668 cda61777-01e9-0310-a592-d414129be87e

Two related changes to timing code:

First, make absolute times unsigned. This means that it's safe to
depend on their overflow behaviour (which is undefined for signed
integers). This requires a little extra care in handling comparisons,
but I think I've correctly adjusted them all.

Second, functions registered with schedule_timer() are guaranteed to be
called with precisely the time that was returned by schedule_timer().
Thus, it's only necessary to check these values for equality rather than
doing risky range checks, so do that.

The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9667 cda61777-01e9-0310-a592-d414129be87e

Quell a (correct) GCC warning in the NO_HTMLHELP case.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9666 cda61777-01e9-0310-a592-d414129be87e

Should have been part of r9663: do use the platform-independent version
of smemclr when compiling with Winelib.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9665 cda61777-01e9-0310-a592-d414129be87e

Tweak comment in Recipe that had become separated from its code.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9664 cda61777-01e9-0310-a592-d414129be87e

Don't try to use SecureZeroMemory under Winelib, since it isn't available
there (yet).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9663 cda61777-01e9-0310-a592-d414129be87e

Define SECURITY_WIN32 for Winelib/Cygwin builds as well as for VC.

This should perhaps go into winmisc.c: it's caused problems for
other people too:

<http://stackoverflow.com/questions/8530159/vs2010-build-error-at-putty-source>

git-svn-id: svn://svn.tartarus.org/sgt/putty@9662 cda61777-01e9-0310-a592-d414129be87e

In the cygwin Makefile, use "-o" on the windres command line to specify
the output file. This appears to be supported by windres, and is
required by wrc (the Winelib resource compiler).

git-svn-id: svn://svn.tartarus.org/sgt/putty@9661 cda61777-01e9-0310-a592-d414129be87e

Most of the code for "nc" mode duplicated that for opening a session or
a fowarded port. Arrange that this code is shared instead. The main
visible change is a slight change of log messages.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9655 cda61777-01e9-0310-a592-d414129be87e

Hiroshi Oota points out that PuTTY's agent forwarding sockets can get
confused if they receive a request followed by immediate EOF, since we
currently send outgoing EOF as soon as we see the incoming one - and
then, when the response comes back from the real SSH agent, we send it
along anyway as channel data in spite of having sent EOF.

To fix this, I introduce a new field for each agent channel which
counts the number of calls to ssh_agentf_callback that are currently
expected, and we don't send EOF on an agent channel until we've both
received EOF and that value drops to zero.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9651 cda61777-01e9-0310-a592-d414129be87e

Factor out some common code for constructing SSH2_CHANNEL_OPEN.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9649 cda61777-01e9-0310-a592-d414129be87e

struct winadj is unused now. G/c it.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9648 cda61777-01e9-0310-a592-d414129be87e

All of the initial CHANNEL_REQUESTs are conditional on (ssh->mainchan &&
!ssh->ncmode), so bundle them up in a big block conditional on this rather
than checking it five times.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9647 cda61777-01e9-0310-a592-d414129be87e

do_ssh2_authconn() now installs the standard handlers for CHANNEL_SUCCESS
and CHANNEL_FAILURE as soon as it's opened a channel, so there's no need
for it to set them again later.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9646 cda61777-01e9-0310-a592-d414129be87e

Memory leak fixes reported by Balazs Domjan.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9645 cda61777-01e9-0310-a592-d414129be87e

Rename the various ssh2_maybe_setup_* functions to ssh2_setup_*, and
move the primary conditions out of them into their callers. Fixes a
crash in 'plink -N', since those functions would be called with a NULL
channel parameter and immediately dereference it to try to get c->ssh.

git-svn-id: svn://svn.tartarus.org/sgt/putty@9644 cda61777-01e9-0310-a592-d414129be87e