simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Wed Oct 24 19:25:35 BST 2018 

TL;DR:
  cf8a421f Add a missing const in uint64_from_decimal.
  d1eb4095 wildcard.c: allow the matched string to be a ptrlen.
  c31e3cd4 Fix a couple of uninitialised variables.
  18d79980 pscp: extra security check in SCP mode.
  8a60fdaa Provide Uppity with a built-in old-style scp server.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-10-24 19:25:35

commit cf8a421fa23bd22b29a3cb7edada4ce4b478a94f
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=cf8a421fa23bd22b29a3cb7edada4ce4b478a94f;hp=76a32c514c1f8be6f117f86f26aba93e13147086
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Oct 21 13:19:54 2018 +0100

    Add a missing const in uint64_from_decimal.

 int64.c | 2 +-
 int64.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

commit d1eb40950c7b34690287b0a8ef05169904f5678c
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d1eb40950c7b34690287b0a8ef05169904f5678c;hp=cf8a421fa23bd22b29a3cb7edada4ce4b478a94f
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue Oct 23 18:02:35 2018 +0100

    wildcard.c: allow the matched string to be a ptrlen.
    
    The main wildcard matching code now doesn't depend on having a NUL
    terminator in the string to be matched; instead it works with a pair
    of pointers, one working along the string as we match, and the other
    identifying the end of the string, and tests that p < target_end
    before dereferencing p. User-facing entry points now allow you to pass
    either an ordinary ASCIZ const char * or a ptrlen, and set up
    target_end accordingly.
    
    For the moment, the _wildcard_ parameter still has to be an ordinary
    null-terminated string, but who knows, maybe that will have to change
    too at some later point.

 putty.h    |  1 +
 wildcard.c | 33 +++++++++++++++++++++++----------
 2 files changed, 24 insertions(+), 10 deletions(-)

commit c31e3cd43764172f073fe6b5872f7e33616e7a7b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=c31e3cd43764172f073fe6b5872f7e33616e7a7b;hp=d1eb40950c7b34690287b0a8ef05169904f5678c
Author: Simon Tatham <anakin at pobox.com>
Date:   Wed Oct 24 19:14:13 2018 +0100

    Fix a couple of uninitialised variables.
    
    throttled_by_backlog is quite new, so it's not too surprising that I
    hadn't already noticed it wasn't initialised. But the failure to null
    out the final 'next' pointer in the callbacks list when it's rewritten
    as a result of delete_callbacks_for_context is a great deal older, so
    I'm a lot more puzzled about how it hasn't come up until now!

 callback.c       | 1 +
 ssh2connection.c | 1 +
 2 files changed, 2 insertions(+)

commit 18d7998008f210b4b90118c0a982b9f7974a77f7
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=18d7998008f210b4b90118c0a982b9f7974a77f7;hp=c31e3cd43764172f073fe6b5872f7e33616e7a7b
Author: Simon Tatham <anakin at pobox.com>
Date:   Tue Oct 23 18:05:58 2018 +0100

    pscp: extra security check in SCP mode.
    
    When you don't specify -r, we now check whether the server is sending
    a whole subdirectory in place of a single file, and abort if it does.
    Previously we'd accept the subdirectory download regardless.
    
    The new error message labels this as a security violation, just on the
    grounds that it involves the server doing something other than what
    the implicit contract suggested it ought to, but I don't think it's a
    really serious violation in the same sense as letting the server cd
    into ".." or overwrite files of arbitrary name would be. In this case
    it can only leave a downloaded thing in the specific place you already
    authorised it to put _some_ downloaded thing - it's just returned you
    a directory in place of a file.

 pscp.c | 4 ++++
 1 file changed, 4 insertions(+)

commit 8a60fdaa57e6e6691cfcf661152e151d63dd498b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=8a60fdaa57e6e6691cfcf661152e151d63dd498b;hp=18d7998008f210b4b90118c0a982b9f7974a77f7
Author: Simon Tatham <anakin at pobox.com>
Date:   Sat Oct 20 11:19:17 2018 +0100

    Provide Uppity with a built-in old-style scp server.
    
    Like the SFTP server, this is implemented in-process rather than by
    invoking a separate scp server binary.
    
    It also uses the internal SftpServer abstraction for access to the
    server's filesystem, which means that when (or if) I implement an
    alternative SftpServer implementing a dummy file system for test suite
    purposes, this scp server should automatically start using it too.
    
    As a bonus, the new scpserver.c contains a large comment documenting
    my understanding of the SCP protocol, which I previously didn't have
    even a de-facto or post-hoc spec for. I don't claim it's authoritative
    - it's all reverse-engineered from my own code and observing other
    implementations in action - but at least it'll make it easier to
    refresh my own memory of what's going on the next time I need to do
    something to either this code or PSCP.

 Recipe      |    2 +-
 scpserver.c | 1407 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 sesschan.c  |   67 +++
 sftp.h      |   40 ++
 4 files changed, 1515 insertions(+), 1 deletion(-)

More information about the tartarus-commits mailing list