simon-git: putty (master): Simon Tatham

Commits to Tartarus CVS repository. tartarus-commits at lists.tartarus.org
Sun Jun 7 21:27:05 BST 2015 

TL;DR:
  0b2f283 Clean up downstream sockets when upstream loses its SSH connection.
  7366fde Don't try sending on sharing channels.

Repository:     git://git.tartarus.org/simon/putty.git
On the web:     http://tartarus.org/~simon-git/gitweb/?p=putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2015-06-07 21:27:04

commit 0b2f283622603242d8bce295e42342649aebbb97
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=0b2f283622603242d8bce295e42342649aebbb97;hp=8581676ee9c4ebd6365444d3d98973bf8fe33ccb
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Jun 7 21:09:41 2015 +0100

    Clean up downstream sockets when upstream loses its SSH connection.
    
    If the real SSH connection goes away and we call sharestate_free with
    downstreams still active, then that in turn calls share_connstate_free
    on all those downstreams, freeing the things their sockets are using
    as Plugs but not actually closing the sockets, so further data coming
    in from downstream gives rise to a use-after-free bug.
    
    (Thanks to Timothe Litt for a great deal of help debugging this.)

 sshshare.c |    3 +++
 1 file changed, 3 insertions(+)

commit 7366fde1d4831dcc701bc31e9de1113636fba1c5
web diff http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=7366fde1d4831dcc701bc31e9de1113636fba1c5;hp=0b2f283622603242d8bce295e42342649aebbb97
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Jun 7 21:14:09 2015 +0100

    Don't try sending on sharing channels.
    
    The final main loop in do_ssh2_authconn will sometimes loop over all
    currently open channels calling ssh2_try_send_and_unthrottle. If the
    channel is a sharing one, however, that will reference fields of the
    channel structure like 'remwindow', which were never initialised in
    the first place (thanks, valgrind). Fix by excluding CHAN_SHARING
    channels from that loop.

 ssh.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

More information about the tartarus-commits mailing list