simon-git: putty (main): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Mon Oct 25 18:18:10 BST 2021 

TL;DR:
  efa89573 Reorganise host key checking and confirmation.
  e24444db Fix manual host key validation.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: main
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2021-10-25 18:18:10

commit efa89573ae2b737146c4e3d8348d1ecfc5433685
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=efa89573ae2b737146c4e3d8348d1ecfc5433685;hp=f1746d69b172f8ab196ed52ec1941f374130eb57
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Oct 25 18:12:17 2021 +0100

    Reorganise host key checking and confirmation.
    
    Previously, checking the host key against the persistent cache managed
    by the storage.h API was done as part of the seat_verify_ssh_host_key
    method, i.e. separately by each Seat.
    
    Now that check is done by verify_ssh_host_key(), which is a new
    function in ssh/common.c that centralises all the parts of host key
    checking that don't need an interactive prompt. It subsumes the
    previous verify_ssh_manual_host_key() that checked against the Conf,
    and it does the check against the storage API that each Seat was
    previously doing separately. If it can't confirm or definitively
    reject the host key by itself, _then_ it calls out to the Seat, once
    an interactive prompt is definitely needed.
    
    The main point of doing this is so that when SshProxy forwards a Seat
    call from the proxy SSH connection to the primary Seat, it won't print
    an announcement of which connection is involved unless it's actually
    going to do something interactive. (Not that we're printing those
    announcements _yet_ anyway, but this is a piece of groundwork that
    works towards doing so.)
    
    But while I'm at it, I've also taken the opportunity to clean things
    up a bit by renaming functions sensibly. Previously we had three very
    similarly named functions verify_ssh_manual_host_key(), SeatVtable's
    'verify_ssh_host_key' method, and verify_host_key() in storage.h. Now
    the Seat method is called 'confirm' rather than 'verify' (since its
    job is now always to print an interactive prompt, so it looks more
    like the other confirm_foo methods), and the storage.h function is
    called check_stored_host_key(), which goes better with store_host_key
    and avoids having too many functions with similar names. And the
    'manual' function is subsumed into the new centralised code, so
    there's now just *one* host key function with 'verify' in the name.
    
    Several functions are reindented in this commit. Best viewed with
    whitespace changes ignored.

 pscp.c             |   2 +-
 psftp.c            |   2 +-
 psocks.c           |   4 +-
 putty.h            |  47 ++++++++++++++--------
 ssh.h              |   5 ++-
 ssh/common.c       | 116 +++++++++++++++++++++++++++++++++++------------------
 ssh/kex2-client.c  |  46 +++++++++------------
 ssh/login1.c       |  47 ++++++++--------------
 ssh/server.c       |   2 +-
 ssh/sesschan.c     |   2 +-
 sshproxy.c         |  44 +++++---------------
 storage.h          |   4 +-
 unix/console.c     |  16 ++------
 unix/dialog.c      |  37 +++++++----------
 unix/platform.h    |   4 +-
 unix/plink.c       |   2 +-
 unix/storage.c     |   8 ++--
 unix/window.c      |   2 +-
 utils/nullseat.c   |   4 +-
 utils/tempseat.c   |   8 ++--
 windows/console.c  |  15 ++-----
 windows/dialog.c   |  71 ++++++++++++++------------------
 windows/platform.h |   4 +-
 windows/plink.c    |   2 +-
 windows/storage.c  |   8 ++--
 windows/window.c   |   2 +-
 26 files changed, 239 insertions(+), 265 deletions(-)

commit e24444dba81ef960b02bd7aa666ca5c6d46f03eb
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=e24444dba81ef960b02bd7aa666ca5c6d46f03eb;hp=efa89573ae2b737146c4e3d8348d1ecfc5433685
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Oct 25 18:12:21 2021 +0100

    Fix manual host key validation.
    
    When the user tries to add a string to the CONF_ssh_manual_hostkeys
    list box, we call a validation function which is supposed to look
    along the string for either a valid-looking SSH key fingerprint, or a
    base64 public key blob, and after it finds it, move that key alone to
    the start of the input string and delete all the surrounding cruft.
    
    SHA-256 key fingerprints were being detected all right, but not moved
    to the start of the string sensibly - we just returned true without
    rewriting anything. (Probably inadequate testing when I added SHA-256
    fairly recently.)
    
    And the code that moved a full public-key blob to the front of the
    string triggered an ASan error on the grounds that it used strcpy with
    the source and destination overlapping. I actually hadn't known that
    was supposed to be a bad thing these days! But it's easily fixed by
    making it a memmove instead.

 utils/validate_manual_hostkey.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

More information about the tartarus-commits mailing list