Simon Tatham [Sun, 7 Jul 2013 14:34:37 +0000 (14:34 +0000)]
Move the SSH-1 servkey and hostkey variables into the coroutine state,
since there is a theoretical code path (via the crReturn loop after
asking an interactive question about a host key or crypto algorithm)
on which we can leave and return to do_ssh1_login between allocating
and freeing those keys.
(In practice it shouldn't come up anyway with any of the current
implementations of the interactive question functions, not to mention
the unlikelihood of anyone non-specialist still using SSH-1, but
better safe than sorry.)
Simon Tatham [Sat, 6 Jul 2013 20:43:21 +0000 (20:43 +0000)]
Clean up handling of the return value from sftp_find_request. In many
places we simply enforce by assertion that it will match the request
we sent out a moment ago: in fact it can also return NULL, so it makes
more sense to report a proper error message if it doesn't return the
expected value, and while we're at it, have that error message
whatever message was helpfully left in fxp_error() by
sftp_find_request when it failed.
To do this, I've written a centralised function in psftp.c called
sftp_wait_for_reply, which is handed a request that's just been sent
out and deals with the mechanics of waiting for its reply, returning
the reply when it arrives, and aborting with a sensible error if
anything else arrives instead. The numerous sites in psftp.c which
called sftp_find_request have all been rewritten to do this instead,
and as a side effect they now look more sensible. The only other uses
of sftp_find_request were in xfer_*load_gotpkt, which had to be
tweaked in its own way.
While I'm here, also fix memory management in sftp_find_request, which
was freeing its input packet on some but not all error return paths.
Simon Tatham [Mon, 1 Jul 2013 17:56:33 +0000 (17:56 +0000)]
A collection of small bug fixes from Chris West, apparently spotted by
Coverity: assorted language-use goofs like freeing the wrong thing or
forgetting to initialise a string on all code paths.
Simon Tatham [Sat, 15 Jun 2013 19:58:10 +0000 (19:58 +0000)]
Fallback for manual setup of GTK 1, if autoconf is run on a system
where the GTK1 detection function AM_PATH_GTK hasn't been provided by
/usr/share/aclocal/gtk.m4 or equivalent.
(Systems without gtk.m4 are becoming more common, but on the other
hand I know at least one person is still using GTK 1 PuTTY since the
0.62 release.)
Simon Tatham [Sat, 25 May 2013 14:03:19 +0000 (14:03 +0000)]
It's probably well past time for this: change PuTTY's default
character set configuration to UTF-8, on both Windows and Unix, and
reorganise the dropdown lists in the Translation menu so that UTF-8
appears at the top (and Unix's odd "use font encoding" is relegated to
the bottom of the list like the special-purpose oddity it is).
Simon Tatham [Sun, 10 Mar 2013 11:04:07 +0000 (11:04 +0000)]
Fix a bug in which terminal output received from the session could be
buffered in terminal.c indefinitely and only released when further
output turned up.
Arose because we suppress the call to term_out from term_data if a
drag-select is in progress, but when the drag-select ends we weren't
proactively calling term_out to release the buffered data. So if your
session generated some terminal output while you were in mid-select,
_and had stopped by the time you let go of the mouse button_, then the
output would just sit there until released by the next call to
term_data.
Simon Tatham [Sun, 24 Feb 2013 19:28:13 +0000 (19:28 +0000)]
Remove the half-hearted attempt to make the utmp helper process drop
privileges just before dying of a fatal signal. I'm not sure what I
intended it for in the first place; it certainly isn't doing its job
properly (no setgid), it's causing compiler warnings due to not
checking the setuid return code, and we can't think of any useful
purpose for it.
Simon Tatham [Fri, 22 Feb 2013 21:39:02 +0000 (21:39 +0000)]
Give a better error message if a PuTTY private key file has a version
number we don't understand. It's nicer to report 'format too new' than
'not a PuTTY key file'.
Ben Harris [Wed, 20 Feb 2013 23:30:55 +0000 (23:30 +0000)]
Add support for HMAC-SHA-256 as an SSH-2 MAC algorithm ("hmac-sha2-256")
as specified in RFC 6668. This is not so much because I think it's
necessary, but because scrypt uses HMAC-SHA-256 and once we've got it we
may as well use it.
Code very closely derived from the HMAC-SHA-1 code.
Simon Tatham [Wed, 23 Jan 2013 22:59:17 +0000 (22:59 +0000)]
Patch from Egmont Koblinger to implement two extended variants of
xterm mouse tracking, both supported by the current up-to-date xterm
(288). They take the form of two new DEC terminal modes, 1006 and
1015, which do not in themselves _enable_ mouse tracking but they
modify the escape sequences sent if mouse tracking is enabled in the
usual way.
Simon Tatham [Sat, 19 Jan 2013 17:17:44 +0000 (17:17 +0000)]
Adjust comments around split_into_argv() to clarify that it's not
*Windows's* command-line splitting rules we're mimicking here; it's
VC7's, and they're not the same as VC10's.
Simon Tatham [Sun, 13 Jan 2013 21:59:10 +0000 (21:59 +0000)]
Reorganise setup_fonts_ucs so that in case of error it does nothing
and returns its error message as a string, instead of actually
printing it on standard error and exiting. Now we can preserve the
previous error behaviour when we get a nonexistent font name at
startup time, but no longer rudely terminate in mid-session if the
user configures a bogus font name in Change Settings.
Simon Tatham [Mon, 7 Jan 2013 19:08:33 +0000 (19:08 +0000)]
Move the -I options for all our source subdirectories out of AM_CFLAGS
and into AM_CPPFLAGS. This is more conceptually sensible according to
my reading of the automake manual, and also has the specific desirable
effect that they move to the front of the command line, ahead of any
'system' type -I options that autoconf might have felt a need for.
A user reported that autoconf had added -I/usr/local/include to their
command line for the sake of a required header file, but their
/usr/local/include also turned out to include a thing called 'proxy.h'
(from libproxy, nothing to do with us) which shadowed our own proxy.h
and caused a build failure. This should fix that.
Simon Tatham [Sat, 22 Dec 2012 18:09:02 +0000 (18:09 +0000)]
Fix two gcc warnings about confused printf format strings in the
bignum code's test harness. Thanks to Sup Yut Sum for fixing this in
TortoisePlink and Sven Strickroth for bringing it to my attention.
Simon Tatham [Sat, 22 Dec 2012 09:40:47 +0000 (09:40 +0000)]
Ronald Landheer-Cieslak points out that the various back ends which
treat all socket closures as clean exits (because the protocol doesn't
provide for transferring a process exit code) could usefully at least
treat _socket errors_ as unclean exits. Patch the Telnet, Rlogin and
Raw backends to retain that information and return INT_MAX to the
frontend.
I wasn't sure whether it was better to solve this by modifying each
affected frontend, or each affected backend. I chose the latter, but
neither is really ideal; this is the sort of thing that makes me wish
we had a piece of fixed middleware in between, independent of both
platform and protocol.
Simon Tatham [Tue, 18 Dec 2012 09:19:04 +0000 (09:19 +0000)]
Switch round a bogus if statement I've just noticed. Both the write to
pty_utmp_helper_pipe _and_ the close of it if we're not going to write
should be conditionalised on the pipe existing, rather than just the
former!
Simon Tatham [Tue, 18 Dec 2012 09:02:38 +0000 (09:02 +0000)]
Patch from Brad Smith to use posix_openpt() instead of
open("/dev/ptmx"), where the former is available. Improves
portability, since at least one OS (OpenBSD) supports the POSIX pty
functions but does it via an underlying mechanism which doesn't
involving having a /dev/ptmx.
Simon Tatham [Tue, 18 Dec 2012 09:02:38 +0000 (09:02 +0000)]
Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any
OS doesn't automatically assume it.
(It would seem faintly weird to me - surely opening the master end of
a given pty is a fairly good indication that you're _not_ a process
running inside it which wants to have it available as /dev/tty! But
you never know...)
Simon Tatham [Mon, 17 Dec 2012 08:40:33 +0000 (08:40 +0000)]
Add a bounds check in the word-by-word selection code to prevent
attempting to call lineptr() with a y-coordinate off the bottom of the
screen and triggering the dreaded 'line==NULL' message box.
This crash can only occur if the bottommost line of the screen has the
LATTR_WRAPPED flag set, which as far as I can see you can only
contrive by constructing a LATTR_WRAPPED line further up the screen
and then moving it down using an insert-line escape sequence. That's
probably why this bug has been around forever without anyone coming
across it.
Simon Tatham [Tue, 4 Dec 2012 20:53:19 +0000 (20:53 +0000)]
Patch from Hideki Eiraku to make PuTTY call GetScrollInfo, so it can
use 32-bit scrollbar position data instead of being limited to the
16-bit version that comes in scrollbar messages' wParam.
Simon Tatham [Wed, 14 Nov 2012 18:32:09 +0000 (18:32 +0000)]
Fix another error-reporting bug, in which sk_newlistener would fail to
capture the error code if listen() returned an error, and instead pass
0 (saved from the previous successful bind) to winsock_error_string.
Simon Tatham [Tue, 13 Nov 2012 21:34:12 +0000 (21:34 +0000)]
When manually initialising a 'struct RSAKey' due to loading an SSH1
public key but not the private half, NULL out all the CRT-optimisation
fields as well as the private exponent pointer. Otherwise segfaults -
security-harmless, but annoying - can happen in freersakey() when we
notice they aren't null and try to free them.
Simon Tatham [Tue, 13 Nov 2012 18:36:27 +0000 (18:36 +0000)]
Add a fallback case to winsock_error_string() which makes it call
FormatMessage to get the OS's text for any error not in our own
translation table. Should eliminate the frustrating 'unknown error'.
(I haven't chosen to use FormatMessage unconditionally, because it
comes out with enormous messages along the lines of "No connection
could be made because the target machine actively refused it" in place
of "Connection refused" and I'm Unixy enough to prefer the latter.
Also, on older Windowses, Winsock error codes are in a separate API
segment and don't work with FormatMessage anyway.)
Simon Tatham [Wed, 17 Oct 2012 20:48:07 +0000 (20:48 +0000)]
Windows's sk_address_is_local() was returning the wrong answers for
IPv6 addresses, because I'd mistakenly cast an ai_addr to the low-
level 'struct in6_addr' instead of the correct 'struct sockaddr_in6'.
Simon Tatham [Tue, 16 Oct 2012 20:15:52 +0000 (20:15 +0000)]
When a proxy negotiation function is called with PROXY_CHANGE_NEW, it
should not call plug functions, because it's being called from within
new_connection(), and the state on which the plug functions depend
will not have been set up until new_connection() returns success.
Instead, we set the error string in the Proxy_Socket, which will cause
the same error message to be returned as a failure of new_connection().
Simon Tatham [Tue, 16 Oct 2012 20:15:51 +0000 (20:15 +0000)]
If you configure Unix PuTTY to use a proxy, tell it to even proxy
localhost connections, and also enable X forwarding in such a way that
it will attempt to connect to a Unix-domain X server socket, an
assertion will fail when proxy_for_destination() tries to call
sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_
proxied, since they fundamentally can't be.
Simon Tatham [Tue, 2 Oct 2012 19:31:33 +0000 (19:31 +0000)]
Sumudu Fernando points out that in the big r9214 destabilisation I
mistakenly rearranged the logic in an if statement in window.c, with
the effect that scroll-wheel events are no longer sent via xterm mouse
tracking. Put it back to the way it was.
Simon Tatham [Sun, 23 Sep 2012 15:36:54 +0000 (15:36 +0000)]
Clip the 'lines' parameter to scroll() at the size of the scroll
window. scroll() iterates that many times, so this prevents a tedious
wait if you give a very large parameter to ESC[L or ESC[M, for
example.
A side effect is that very large requests for upward scrolling in a
context that affects the scrollback will not actually wipe out the
whole scrollback: instead they push just the current lines of the
screen into the scrollback, and don't continue on to fill it up with
endless boring blank lines. I think this is likely to be more useful
in general, since it avoids wiping out lots of useful scrollback data
by mistake. I can imagine that people might have been using it
precisely _to_ wipe the scrollback in some situations, but if so then
they should use CSI 3 J instead.
Simon Tatham [Wed, 19 Sep 2012 17:08:15 +0000 (17:08 +0000)]
Make --help and --version work consistently across all tools.
Well, at least across all command-line tools on both Windows and Unix,
and the GTK apps on Unix too. The Windows GUI apps fundamentally can't
write to standard output and it doesn't seem sensible to use message
boxes for these purposes :-)
Ben Harris [Tue, 18 Sep 2012 23:05:29 +0000 (23:05 +0000)]
Add a new COMPAT option for environments lacking SecureZeroMemory(),
rather than explicitly checking for Winelib. It seems that w32api is
lacking it as well.
Ben Harris [Tue, 18 Sep 2012 21:50:47 +0000 (21:50 +0000)]
Allow remote-to-local forwardings to use IPv6.
RFC 4245 section 7.1 specifies the meaning of the "address to bind"
parameter in a "tcpip-forward" request. "0.0.0.0" and "127.0.0.1" are
specified to be all interfaces and the loopback interface respectively
in IPv4, while "" and "localhost" are the address-family-agnostic
equivalents. Switch PuTTY to using the latter, since it doesn't seem
right to force IPv4.
There's an argument that PuTTY should provide a means of configuring the
address family used for remote forwardings like it does for local ones.
Ben Harris [Tue, 18 Sep 2012 21:42:48 +0000 (21:42 +0000)]
Two related changes to timing code:
First, make absolute times unsigned. This means that it's safe to
depend on their overflow behaviour (which is undefined for signed
integers). This requires a little extra care in handling comparisons,
but I think I've correctly adjusted them all.
Second, functions registered with schedule_timer() are guaranteed to be
called with precisely the time that was returned by schedule_timer().
Thus, it's only necessary to check these values for equality rather than
doing risky range checks, so do that.
The timing code still does lots that's undefined, unnecessary, or just
wrong, but this is a good start.
Ben Harris [Thu, 13 Sep 2012 21:53:47 +0000 (21:53 +0000)]
In the cygwin Makefile, use "-o" on the windres command line to specify
the output file. This appears to be supported by windres, and is
required by wrc (the Winelib resource compiler).
Ben Harris [Sat, 8 Sep 2012 19:46:07 +0000 (19:46 +0000)]
Most of the code for "nc" mode duplicated that for opening a session or
a fowarded port. Arrange that this code is shared instead. The main
visible change is a slight change of log messages.
Simon Tatham [Sat, 8 Sep 2012 10:40:36 +0000 (10:40 +0000)]
Hiroshi Oota points out that PuTTY's agent forwarding sockets can get
confused if they receive a request followed by immediate EOF, since we
currently send outgoing EOF as soon as we see the incoming one - and
then, when the response comes back from the real SSH agent, we send it
along anyway as channel data in spite of having sent EOF.
To fix this, I introduce a new field for each agent channel which
counts the number of calls to ssh_agentf_callback that are currently
expected, and we don't send EOF on an agent channel until we've both
received EOF and that value drops to zero.
Ben Harris [Sat, 1 Sep 2012 12:03:12 +0000 (12:03 +0000)]
All of the initial CHANNEL_REQUESTs are conditional on (ssh->mainchan &&
!ssh->ncmode), so bundle them up in a big block conditional on this rather
than checking it five times.
Ben Harris [Sat, 1 Sep 2012 11:32:53 +0000 (11:32 +0000)]
do_ssh2_authconn() now installs the standard handlers for CHANNEL_SUCCESS
and CHANNEL_FAILURE as soon as it's opened a channel, so there's no need
for it to set them again later.
Simon Tatham [Thu, 30 Aug 2012 18:44:35 +0000 (18:44 +0000)]
Rename the various ssh2_maybe_setup_* functions to ssh2_setup_*, and
move the primary conditions out of them into their callers. Fixes a
crash in 'plink -N', since those functions would be called with a NULL
channel parameter and immediately dereference it to try to get c->ssh.
Simon Tatham [Thu, 30 Aug 2012 18:44:34 +0000 (18:44 +0000)]
In openssh_read(), we shouldn't ever return SSH2_WRONG_PASSPHRASE for
an unencrypted key. (The other import function, sshcom_read(), already
got this right.) Thanks to David Wedderwille for the report.
This is more than just an error-reporting mistake; it actually causes
Windows PuTTYgen to tight-loop on attempting to load a corrupt OpenSSH
key, because the 'wrong passphrase' return value causes the caller to
loop round and try again, but of course it knows the key is
unencrypted so it doesn't prompt for a different passphrase and just
tries again with no change...
Simon Tatham [Tue, 28 Aug 2012 17:42:47 +0000 (17:42 +0000)]
Fix a controlling-terminal bug reported by Anthony Heading: Cygwin
doesn't have TIOCSCTTY, so my attempt to set the ctty of the child
process isn't doing anything, and only works by chance when you run
bash because bash does the thing that _will_ set the ctty, namely
opening the terminal file again without O_NOCTTY. So now we do that
too.
Simon Tatham [Tue, 28 Aug 2012 17:41:10 +0000 (17:41 +0000)]
Partially revert r9636. It is true that we can directly return the
result of memcmp, but untrue that we can do so _unconditionally_: if
memcmp returns zero, we still need to fall through to the next
comparison.
Ben Harris [Mon, 27 Aug 2012 23:16:49 +0000 (23:16 +0000)]
Clang, like LCC, objects to using '<' and '>' on function pointers.
I'm not entirely sure that using memcmp() is any more defined by the C
standard, but at least Clang doesn't complain about it. While I'm
here, tree234 doesn't require that comparison functions return
precisely +1 or -1, so we can use the return value of memcmp()
directly.
Ben Harris [Mon, 27 Aug 2012 18:44:06 +0000 (18:44 +0000)]
Slightly simplify crFinishFree{,V}.
They're only likely to be useful for freeing a coroutine state
structure, in which case there's no need to reset the line number
(since all such coroutines keep their line number in the state
structure) and the state structure pointer is always called "s".
Ben Harris [Mon, 27 Aug 2012 17:37:44 +0000 (17:37 +0000)]
Don't close SSH-2 channels with outstanding channel requests on local error.
In sshfwd_unclean_close(), get ssh2_check_close() to handle sending
SSH_MSG_CHANNEL_CLOSE. That way, it can hold off doing so until any
outstanding channel requests are processed.
Also add event log message for unclean channel closures.
Simon Tatham [Mon, 27 Aug 2012 14:34:41 +0000 (14:34 +0000)]
It's not legal to free a coroutine's state structure before invoking
crFinish or crFinishV, since they will attempt to write to the
coroutine state variable contained in that structure. Introduced some
new all-in-one macros crFinishFree and crFinishFreeV, and used those
instead. Should fix today's report of a crash just after authentication.
Ben Harris [Sat, 25 Aug 2012 22:57:39 +0000 (22:57 +0000)]
Improve window-size handling in Unix Plink.
Unconditionally override the configured terminal size with the one
from stdin if it's available. This avoids the silliness whereby if
Default Settings had a terminal size set, Plink used this and thus
caused the server to use the wrong size.
Ben Harris [Sat, 25 Aug 2012 21:06:48 +0000 (21:06 +0000)]
Better handling of outstanding CHANNEL_REQUESTS on channel destruction.
Part the first: make sure that all structures describing channel
requests are freed when the SSH connection is freed. This involves
adding a means to ask a response handler to free any memory it holds.
Part the second: in ssh_channel_try_eof(), call
ssh2_channel_check_close() rather than emitting an SSH_MSG_CHANNEL_EOF
directly. This avoids the possibility of closing the channel while a
CHANNEL_REQUEST is outstanding.
Also add some assertions that helped with tracking down the latter
problem.
Ben Harris [Sat, 25 Aug 2012 15:04:29 +0000 (15:04 +0000)]
Simplify handling of responses to channel requests.
The various setup routines can only receive CHANNEL_SUCCESS or
CHANNEL_FAILURE, so there's no need for the to worry about receiving
anything else. Strange packets will end up in do_ssh2_authconn
instead.
Ben Harris [Sat, 25 Aug 2012 13:39:32 +0000 (13:39 +0000)]
Handle all replies to CHANNEL_REQUESTs through the per-channel queue.
Each of the minor start-of-session requests is now dealt with by its own
little co-routine, while the shell/command is done in do_ssh2_authconn()
itself. This eliminates one more round-trip in session setup: PuTTY gets
all the way up to sending a shell request before worrying about any
replies.
Ben Harris [Sat, 25 Aug 2012 11:12:14 +0000 (11:12 +0000)]
Generalise SSH_MSG_CHANNEL_{SUCCESS,FAILURE} handling.
Now each channel has a queue of arbitrary handlers for those messages,
with anything that sends a CHANNEL_REQUEST with want_reply true pushing
a new entry onto the queue, and a shared handler that dispatches
responses appropriately.
Currently, this is only used for winadj@putty.projects.tartarus.org, but
extending it to cover the initial requests as well shouldn't be too
painful.
Simon Tatham [Wed, 22 Aug 2012 18:36:44 +0000 (18:36 +0000)]
Fix a bug in the PSFTP command parser which would cause it to
hallucinate an extra empty argument word at the end of a line if the
line ended in more than one whitespace character.
Simon Tatham [Wed, 22 Aug 2012 18:25:28 +0000 (18:25 +0000)]
Enhance logparse.pl so that it detects channels running SFTP and
decodes the SFTP message layer in addition to the underlying SSH.
Requests and responses are matched up via their ids.
Ben Harris [Tue, 21 Aug 2012 22:33:31 +0000 (22:33 +0000)]
De-duplicate code in KEXINIT generation.
There's no need to have identical code generating server-to-client and
client-to-server versions of the cipher and MAC lists; a couple of
twice-around loops will do fine.
Ben Harris [Tue, 21 Aug 2012 22:04:56 +0000 (22:04 +0000)]
Reworking of packet delivery to coroutines in SSH-2.
Before, NULL in the dispatch table meant "send to the appropriate one of
do_ssh2_transport() and do_ssh2_authconn()". Now those (via small
shims) are specified directly in the dispatch table, so ssh2_protocol()
is much simpler.
In the process, this has somewhat centralised the handling of gross
server protocol violations. PuTTY will now disconnect with a rude
message when (e.g.) OpenSSH sends us an SSH_MSG_UNIMPLEMENTED when we
try to KEXINIT during authentication.
Ben Harris [Sun, 19 Aug 2012 11:35:26 +0000 (11:35 +0000)]
Fix an erroneous "case" fallthrough in ssh1_msg_channel_close, which was
causing assertion failures when closing X11 channels in SSH-1. Also fix
another pasto.
Simon Tatham [Sun, 12 Aug 2012 20:17:13 +0000 (20:17 +0000)]
Use a single sftp_senddata() to send each SFTP packet, rather than
using one for the length field and one for the rest of the packet
contents. Since sftp_senddata() has no queuing or deferral mechanism
but instead constructs and sends an SSH2_MSG_CHANNEL_DATA message
immediately, this change has the effect of ceasing to split every SFTP
packet across two SSH messages.
Ben Harris [Sat, 11 Aug 2012 09:10:31 +0000 (09:10 +0000)]
Rework bufchain code to allow for variable-sized granules.
bufchain_add() now allocates at most one new granule. Granules still
have a minimum size, so small adds still get coalesced.
The main practical consequence of this is that PSCP and PSFTP now
generate 4K SSH packets rather than 512-byte ones. Also, the compiled
code (on my Ubuntu box) is fractionally smaller.
Ben Harris [Thu, 2 Aug 2012 22:18:18 +0000 (22:18 +0000)]
Reduce the number of round-trips involved in opening an SSH-2 session
by sending most of the initial SSH_MSG_CHANNEL_REQUEST messages before
waiting for any replies. The initial version of this code was a clever
thing with a two-pass loop, but that got hairy so I went for the simpler
approach of separating the request and reply code and having flags to
keep track of which requests have been sent.
Simon Tatham [Sat, 28 Jul 2012 19:30:12 +0000 (19:30 +0000)]
Add a bug-compatibility flag to disable the
winadj@putty.projects.tartarus.org request. Not currently enabled
automatically, but should be usable as a manual workaround.
Simon Tatham [Sat, 28 Jul 2012 16:53:09 +0000 (16:53 +0000)]
Fix an embarrassing mistake in config box handling which was causing
changes to any SSH bug config option to be lost when the config box
switched to a different panel, at least on GTK.
Simon Tatham [Sat, 28 Jul 2012 16:33:51 +0000 (16:33 +0000)]
Move the declaration of smemclr() out of putty.h into misc.h, because
one of its uses (in sshaes.c) wasn't picking up the former. Thanks to
Ubuntu's gcc for spotting that.
Simon Tatham [Sun, 22 Jul 2012 19:51:50 +0000 (19:51 +0000)]
Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.
Simon Tatham [Thu, 19 Jul 2012 04:42:34 +0000 (04:42 +0000)]
Add '-Wall -Werror' to the compile options in the autotools makefile,
having just noticed that Makefile.gtk had it and this one doesn't. (Of
course, this being autoconf, we can easily enough make it conditional
on the compiler actually being gcc.)
Simon Tatham [Thu, 19 Jul 2012 04:29:50 +0000 (04:29 +0000)]
Rework the new type-check in sresize so that it doesn't cause a
compile warning ('left-hand operand of comma expression has no
effect'), which of course becomes fatal under -Werror.
(This would have been instantly noticeable to people compiling with
the old-fashioned Makefile.gtk, which does include -Wall -Werror, but
those of us using the new autoconf makefile hadn't noticed.)
Owen Dunn [Wed, 18 Jul 2012 16:08:54 +0000 (16:08 +0000)]
Remove term_key, which was intended to handle function keys in a cross-
platform manner, but which nothing ever called. It thus served only to
trap up the unwary. The live function key handling code lives in the
frontends, i.e. window.c on Windows and gtkwin.c on Unix.
Simon Tatham [Wed, 11 Jul 2012 18:12:17 +0000 (18:12 +0000)]
If pterm's execvp fails when given the whole argument list after -e,
and the argument list contains only one string, try again by passing
that single string to "$SHELL -c" to be parsed as a shell command.
This matches xterm's behaviour (as of xterm 261, at least), and means
in practice that users can do _either_ of 'pterm -e some command' and
'pterm -e "some command"'.
(A quick survey suggests that the majority of X terminal programs agree
with pterm's old behaviour of only supporting '-e some command',
except that gnome-terminal only supports the other behaviour and xterm
supports both. With that disagreement, I think supporting both is
probably the sensible thing.)
Simon Tatham [Thu, 5 Jul 2012 23:45:20 +0000 (23:45 +0000)]
Turns out that the compose-keys fix in r9567 did in fact break one
piece of keyboard handling: if Num Lock is on, numeric keypad keys are
eaten by the IM, so we must avoid passing them to the IM in the first
place if we're in any non-default numeric keypad mode (application or
Nethack).
This is a grubby way to do it, but the more obvious approach of just
moving the Nethack and app-keypad if statements up to above the IM
call doesn't work because those statements depend on the generic
Alt-prefix handling that happens just _below_ the IM call. So instead
I just repeat the list of keystrokes and modes in an if statement
conditionalising the IM call.