simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Mon Dec 31 14:26:28 GMT 2018 

TL;DR:
  1270d445 Fix crash if key exchange fails.
  869ce886 Fix use after free in ssh1login.
  55cea187 Fix some minor memory leaks in cmdgen.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-12-31 14:26:28

commit 1270d445e8360e02f96364fe5392b2ebf5477c30
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=1270d445e8360e02f96364fe5392b2ebf5477c30;hp=85fbb4216e37f96a67267106dfe77d9e377b34f3
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Dec 29 12:00:03 2018 +0000

    Fix crash if key exchange fails.
    
    In the new modular SSH architecture, ssh2transport.c delegates the
    actual KEX packet exchange to ssh2kex_coroutine, which has different
    implementations for client and server. The KEX code actually in
    ssh2transport.c consists of looping on the coroutine until it zeroes
    out its state field in the ssh2transport state.
    
    But if something goes wrong enough during KEX that we call
    ssh_proto_error or any other fatal connection-terminating function,
    then when we return to ssh2transport.c, the ssh2transport state won't
    even exist for it to check that flag. Address Sanitiser pointed that
    out to me recently, so here's a fix in which we set an 'aborted' flag
    to tell the caller that its state has already been freed.

 ssh2kex-client.c | 28 +++++++++++++++++++++++++++-
 ssh2kex-server.c | 11 ++++++++++-
 ssh2transport.c  |  7 +++++--
 ssh2transport.h  |  7 +++++--
 4 files changed, 47 insertions(+), 6 deletions(-)

commit 869ce8867ee445bf904f0130d7ef6788bc9538a5
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=869ce8867ee445bf904f0130d7ef6788bc9538a5;hp=1270d445e8360e02f96364fe5392b2ebf5477c30
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Dec 30 13:16:28 2018 +0000

    Fix use after free in ssh1login.
    
    I was freeing the textual key fingerprint _before_ passing it to
    seat_verify_ssh_host_key. Ahem.

 ssh1login.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

commit 55cea187e9bc5b504c57be991fde3e3a10c6f54c
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=55cea187e9bc5b504c57be991fde3e3a10c6f54c;hp=869ce8867ee445bf904f0130d7ef6788bc9538a5
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Dec 30 14:14:59 2018 +0000

    Fix some minor memory leaks in cmdgen.
    
    I happened to run cmdgen under Leak Sanitiser, and found it was
    _almost_ clean - clean enough that if I fix the last few leaks then it
    might be worth running it again from time to time.

 cmdgen.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

More information about the tartarus-commits mailing list