simon-git: putty (pre-0.79): Simon Tatham
Commits to Tartarus hosted VCS
tartarus-commits at lists.tartarus.org
Fri May 5 00:15:14 BST 2023
TL;DR:
7e8be5a2 Fix factor-of-1000 error in Unix bell overload config.
44272b53 Packet protocol layers: new 'final_output' method.
0dee0892 userauth: refactor banner handling.
d51b30ef userauth: ensure banner output is printed when connection closes.
70aabdc6 Fix segfault if SSH connection terminates very early.
cfe6fd95 userauth: fix replacement of embedded with detached RSA cert.
d6633566 Work around key algorithm naming change in OpenSSH <= 7.7.
Repository: https://git.tartarus.org/simon/putty.git
On the web: https://git.tartarus.org/?p=simon/putty.git
Branch updated: pre-0.79
Committer: Simon Tatham <anakin at pobox.com>
Date: 2023-05-05 00:15:14
commit 7e8be5a204330c0307e07a5a96844fc8fc65d6cb
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=7e8be5a204330c0307e07a5a96844fc8fc65d6cb;hp=aa87c20716ebf596bc27f12cd15891b25f337c4f
Author: Simon Tatham <anakin at pobox.com>
Date: Wed Apr 26 10:45:10 2023 +0100
Fix factor-of-1000 error in Unix bell overload config.
During the transition to cmake, commit b00e5fb12929da5 renamed
unix/unix.h to unix/platform.h, and for visual consistency, also
renamed the guard macro PUTTY_UNIX_H to PUTTY_UNIX_PLATFORM_H.
But I had failed to notice that that guard macro is re-tested in
settings.c, as a convenient method of knowing whether we're building
the Windows or Unix version of PuTTY in order to store some settings
differently. So all those '#ifdef PUTTY_UNIX_H' statements silently
became equivalent to '#if 0', because PUTTY_UNIX_H is _never_ defined
any more.
Specifically, these ifdefs were causing the time intervals relating to
bell overloads to be off by a factor of 1000, because for some reason
I can't remember, we were storing those intervals using a different
time unit on Unix and Windows. In my own configuration, for example,
~/.putty/sessions/Default%20Settings contains "BellOverloadT=2000000"
and "BellOverloadS=5000000", which originally meant that too many
bells within 2 seconds would silence the bell until there were 5
seconds of silence - but current PuTTY shows it in the configurer as
2000 and 5000 seconds!
This commit belatedly rewrites the ifdefs in settings.c, so that saved
sessions from before 0.77 will now be interpreted correctly. Saved
sessions from after that may need a rewrite. (But you have to have one
or the other.)
(cherry picked from commit 62b69a4f16875e75ece3c06fbe474104c5b5c089)
settings.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
commit 44272b53552100d6b562f351e9567aff5997c33a
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=44272b53552100d6b562f351e9567aff5997c33a;hp=7e8be5a204330c0307e07a5a96844fc8fc65d6cb
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Apr 29 11:35:20 2023 +0100
Packet protocol layers: new 'final_output' method.
This is called just before closing the connection, and gives every PPL
one last chance to output anything to the user that it might have
buffered.
No functional change: all implementations so far are trivial, except
that the transport layer passes the call on to its higher
layer (because otherwise nothing would do so).
(cherry picked from commit d6e6919f69c29cf4d2a0f19fc1c6eab51ba1ac61)
ssh/common.c | 4 ++++
ssh/connection1.c | 1 +
ssh/connection2.c | 1 +
ssh/login1-server.c | 1 +
ssh/login1.c | 1 +
ssh/ppl.h | 6 ++++++
ssh/ssh.c | 10 ++++++++++
ssh/transport2.c | 10 ++++++++++
ssh/userauth2-client.c | 1 +
ssh/userauth2-server.c | 1 +
10 files changed, 36 insertions(+)
commit 0dee0892520cd2338828ff086b25c7fa13a4ca39
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=0dee0892520cd2338828ff086b25c7fa13a4ca39;hp=44272b53552100d6b562f351e9567aff5997c33a
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Apr 29 11:36:13 2023 +0100
userauth: refactor banner handling.
No functional change: I've just pulled out into separate subroutines
the piece of code that process a USERAUTH_BANNER message and append
it to our banner bufchain, and the piece that prints the contents of
the bufchain as user output. This will enable them to be called from
additional places easily.
(cherry picked from commit 99bbbd8d327e5b8e8dc22657dfcdced02225ad75)
ssh/userauth2-client.c | 110 +++++++++++++++++++++++++++----------------------
1 file changed, 61 insertions(+), 49 deletions(-)
commit d51b30ef490b2df48dfe44c4c0c68888f4ce1619
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d51b30ef490b2df48dfe44c4c0c68888f4ce1619;hp=0dee0892520cd2338828ff086b25c7fa13a4ca39
Author: Simon Tatham <anakin at pobox.com>
Date: Sat Apr 29 11:37:17 2023 +0100
userauth: ensure banner output is printed when connection closes.
This should fix the bug mentioned three commits ago: if an SSH server
sends a userauth banner and then immediately slams the connection
shut (with or without SSH_MSG_DISCONNECT), the banner message should
now be reliably printed to the user, which is important if that's
where the server put its explanation for the disconnection (e.g. "Your
account has expired").
(cherry picked from commit e8becb45b540767c6bf04d20c384340e258cc301)
ssh/userauth2-client.c | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
commit 70aabdc67c495af452f13fadb42ae3a1cbb5e43b
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=70aabdc67c495af452f13fadb42ae3a1cbb5e43b;hp=d51b30ef490b2df48dfe44c4c0c68888f4ce1619
Author: Simon Tatham <anakin at pobox.com>
Date: Thu May 4 17:49:11 2023 +0100
Fix segfault if SSH connection terminates very early.
Introduced in the previous commit. The new ssh_ppl_final_output method
shouldn't be called in any of the error cleanup functions if
ssh->base_layer is NULL, which it can be if we haven't got far enough
through the connection to set up any packet protocol layers at
all. (For example, ECONNREFUSED would do it.)
ssh/ssh.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
commit cfe6fd95a77202a77ba552437ab0ead5ebd11316
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=cfe6fd95a77202a77ba552437ab0ead5ebd11316;hp=70aabdc67c495af452f13fadb42ae3a1cbb5e43b
Author: Simon Tatham <anakin at pobox.com>
Date: Thu May 4 17:59:37 2023 +0100
userauth: fix replacement of embedded with detached RSA cert.
If you specify a detached certificate, it's supposed to completely
replace any certificate that might have been embedded in the input PPK
file. But one thing wasn't working: if the key was RSA, and the server
was using new SHA-2 based RSA, and the user provided both an embedded
_and_ detached certificate, then the initial call to
ssh2_userauth_signflags would upgrade the ssh-rsa-cert-... key type to
rsa-sha2-NNN-cert-..., which ssh2_userauth_add_alg_and_publickey's
call to ssh_keyalg_related_alg would not recognise as any of the base
RSA types while trying to decide on the key algorithm string _after_
replacing the certificate.
Fixed by reverting to the the uncertified base algorithm before
calling ssh_keyalg_related_alg.
ssh/userauth2-client.c | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
commit d66335663406b70391f6e08c941c7cee2f07eea4
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d66335663406b70391f6e08c941c7cee2f07eea4;hp=cfe6fd95a77202a77ba552437ab0ead5ebd11316
Author: Simon Tatham <anakin at pobox.com>
Date: Thu May 4 18:24:18 2023 +0100
Work around key algorithm naming change in OpenSSH <= 7.7.
When you send a "publickey" USERAUTH_REQUEST containing a certified
RSA key, and you want to use a SHA-2 based RSA algorithm, modern
OpenSSH expects you to send the algorithm string as
rsa-sha2-NNN-cert-v01 at openssh.com. But 7.7 and earlier didn't
recognise those names, and expected the algorithm string in the
userauth request packet to be ssh-rsa-cert-v01 at ... and would then
follow it with an rsa-sha2-NNN signature.
OpenSSH itself has a bug workaround for its own older versions. Follow
suit.
config.c | 5 +++++
doc/config.but | 17 +++++++++++++++++
putty.h | 1 +
settings.c | 2 ++
ssh.h | 1 +
ssh/userauth2-client.c | 35 +++++++++++++++++++++++++++++++++--
ssh/verstring.c | 22 ++++++++++++++++++++++
windows/help.h | 1 +
8 files changed, 82 insertions(+), 2 deletions(-)
More information about the tartarus-commits
mailing list