simon-git: putty (pre-0.64): Simon Tatham

Commits to Tartarus CVS repository. tartarus-commits at lists.tartarus.org
Sat Feb 28 09:05:55 GMT 2015 

TL;DR:
  1744768 Enforce acceptable range for Diffie-Hellman server value.
  1f75792 Fix an erroneous length field in SSH-1 key load.
  65f69bc Add some missing smemclrs and sfrees.
  2713396 Bump version number for 0.64 release.

Repository:     git://git.tartarus.org/simon/putty.git
On the web:     http://tartarus.org/~simon-git/gitweb/?p=putty.git
Branch updated: pre-0.64
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2015-02-28 09:05:55

commit 174476813f0ed94337aecc3e2d13a202a1dc2fa8
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=174476813f0ed94337aecc3e2d13a202a1dc2fa8;hp=db9385b3ce08c211c3e2b950aa1a0f656ba3ab01
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Feb 5 19:39:17 2015 +0000

    Enforce acceptable range for Diffie-Hellman server value.
    
    Florent Daigniere of Matta points out that RFC 4253 actually
    _requires_ us to refuse to accept out-of-range values, though it isn't
    completely clear to me why this should be a MUST on the receiving end.
    
    Matta considers this to be a security vulnerability, on the grounds
    that if a server should accidentally send an obviously useless value
    such as 1 then we will fail to reject it and agree a key that an
    eavesdropper could also figure out. Their id for this vulnerability is
    MATTA-2015-002.

 ssh.c   |    7 +++++++
 ssh.h   |    1 +
 sshdh.c |   23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+)

commit 1f757928051b6d6ff231b2265bad2d263b0fe3ea
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=1f757928051b6d6ff231b2265bad2d263b0fe3ea;hp=174476813f0ed94337aecc3e2d13a202a1dc2fa8
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Feb 19 20:05:10 2015 +0000

    Fix an erroneous length field in SSH-1 key load.
    
    We incremented buf by a few bytes, so we must decrement the
    corresponding length by the same amount, or else makekey() could
    overrun.
    
    Thanks to Patrick Coleman for the patch.

 sshpubk.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

commit 65f69bca7363ceceeac515ae2a82b8f8adc6404d
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=65f69bca7363ceceeac515ae2a82b8f8adc6404d;hp=1f757928051b6d6ff231b2265bad2d263b0fe3ea
Author: Simon Tatham <anakin at pobox.com>
Date:   Thu Feb 19 20:08:18 2015 +0000

    Add some missing smemclrs and sfrees.
    
    The absence of these could have prevented sensitive private key
    information from being properly cleared out of memory that PuTTY tools
    had finished with.
    
    Thanks to Patrick Coleman for spotting this and sending a patch.

 sshpubk.c |   18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

commit 2713396c91fa6ba00c40940450ffcc3953aba4ee
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=2713396c91fa6ba00c40940450ffcc3953aba4ee;hp=65f69bca7363ceceeac515ae2a82b8f8adc6404d
Author: Simon Tatham <anakin at pobox.com>
Date:   Fri Feb 27 22:42:03 2015 +0000

    Bump version number for 0.64 release.

 Buildscr          |    2 +-
 LATEST.VER        |    2 +-
 doc/plink.but     |    2 +-
 doc/pscp.but      |    2 +-
 windows/putty.iss |    8 ++++----
 5 files changed, 8 insertions(+), 8 deletions(-)

More information about the tartarus-commits mailing list