Simon Tatham [Tue, 12 Dec 2000 10:33:13 +0000 (10:33 +0000)]
Make memory management uniform: _everything_ now goes through the
smalloc() macros and thence to the safemalloc() functions in misc.c.
This should allow me to plug in a debugging allocator and track
memory leaks and segfaults and things.
Simon Tatham [Sat, 2 Dec 2000 12:48:15 +0000 (12:48 +0000)]
Improve SSH2 host key abstraction into a generic `signing key'
abstraction, so as to be able to re-use the same abstraction for
user authentication keys and probably in the SSH2 agent (when that
happens) as well.
Simon Tatham [Sat, 2 Dec 2000 11:43:25 +0000 (11:43 +0000)]
Fix bugtraq 1949: server could open an agent forwarding channel even
if agent forwarding had not been negotiated on, and more
particularly even if it had been deliberately disabled by the user.
Simon Tatham [Wed, 1 Nov 2000 19:54:46 +0000 (19:54 +0000)]
Move dprintf and the debug system out into misc.c, to centralise it.
Saves binary space and also allows redirection of debug statements
to a file `debug.log'.
Simon Tatham [Wed, 25 Oct 2000 14:29:28 +0000 (14:29 +0000)]
Impose a lower limit of 256 on key lengths. This is mostly because
the primegen() function doesn't work well with <100 bits, so RSA
keys need to be >=200 to be generated correctly, and I thought 256
was a nice round number beyond that just to be sure. Perhaps I
should also have a security warning on any key less than 768; or
perhaps I should let people shoot themselves in the feet if they
really want to.
Simon Tatham [Wed, 25 Oct 2000 14:20:47 +0000 (14:20 +0000)]
Gaaah, I might have known. Split combined app cursor / app keypad
disablement option into two options so the app cursor keys and app
keypad can be controlled separately. The Pedantic Software Award in
this case goes to the Midnight Commander for its egregious failure
to just use the terminal in Perfectly Normal mode.
Simon Tatham [Mon, 23 Oct 2000 15:18:37 +0000 (15:18 +0000)]
Fix a bug which was causing occasional failed-host-key-check
messages. Also left some diagnostics in, under #if 0, so that next
time this happens it'll be easier to debug.
Simon Tatham [Mon, 23 Oct 2000 12:20:53 +0000 (12:20 +0000)]
Plink and PSCP were failing to load the `Default Settings' options
when connecting to an arbitrary hostname. In particular, setting a
default user name didn't work. Now it does.
Simon Tatham [Mon, 23 Oct 2000 11:55:11 +0000 (11:55 +0000)]
Created a shiny new abstraction for the socket handling. Has many
advantages:
- protocol modules can call sk_write() without having to worry
about writes blocking, because blocking writes are handled in the
abstraction layer and retried later.
- `Lost connection while sending' is a thing of the past.
- <winsock.h> is no longer needed in most modules, because
"putty.h" doesn't have to declare `SOCKET' variables any more,
only the abstracted `Socket' type.
- select()-equivalent between multiple sockets will now be handled
sensibly, which opens the way for things like SSH port
forwarding.
Simon Tatham [Mon, 23 Oct 2000 10:32:37 +0000 (10:32 +0000)]
Created a shiny new abstraction for the socket handling. Has many
advantages:
- protocol modules can call sk_write() without having to worry
about writes blocking, because blocking writes are handled in the
abstraction layer and retried later.
- `Lost connection while sending' is a thing of the past.
- <winsock.h> is no longer needed in most modules, because
"putty.h" doesn't have to declare `SOCKET' variables any more,
only the abstracted `Socket' type.
- select()-equivalent between multiple sockets will now be handled
sensibly, which opens the way for things like SSH port
forwarding.
Simon Tatham [Sat, 21 Oct 2000 17:52:54 +0000 (17:52 +0000)]
Ooh. Actually, that vulnerability is further-reaching than I
thought. As well as the ".." attack in recursive copies, the name
sent by the client was also trusted in a single-file implicit-
destination copy such as "pscp host:foo .". (The result was ./foo,
where foo is what the server claimed the file was rather than what
the user asked for. I think it's not unreasonable that if the user
requests file `foo' from the host, he should get the result in a
file called `foo' no matter what the host thinks.)
Simon Tatham [Sat, 21 Oct 2000 17:36:44 +0000 (17:36 +0000)]
Fix a potential vulnerability in incoming `pscp -r'. The server
sends filenames of things in the directory being copied. A malicious
server could have sent, for example, "..\..\windows\system\foo.dll"
and overwritten something crucial. The filenames are now vetted to
ensure they don't contain slashes or backslashes.
Simon Tatham [Sat, 21 Oct 2000 16:30:58 +0000 (16:30 +0000)]
Three new configurable options:
- Robert de Bath's Compose key is now off by default and configurable on
- The ages-old controversy over whether ALT by itself should bring the
System menu up is now controllable by a config option
- You can now independently configure whether scrollback resets on a
keypress _and_ whether it resets on screen activity.
Simon Tatham [Fri, 20 Oct 2000 15:20:53 +0000 (15:20 +0000)]
Put back the code that ensures "Default Settings" is always in the
session list even if it isn't in the Registry. This got deleted
overenthusiastically because I didn't have a comment explaining what
it was doing there. Now there's a comment, so I probably won't
remove it again.
Simon Tatham [Fri, 20 Oct 2000 13:51:46 +0000 (13:51 +0000)]
Introduce a sane interface function, from_backend(), for backends to
use when they have data from the network. Replaces the utterly daft
inbuf / inbuf_head / term_out() interface, which only made sense
when feeding to terminal.c. (terminal.c now implements
from_backend() as a small function that gateways to the old
interface.)
As a side effect, from_backend() also has an `is_stderr' parameter,
so scp can once again separate the server's pronouncements on stderr
from the actual protocol progress on stdout.
Simon Tatham [Thu, 19 Oct 2000 15:43:08 +0000 (15:43 +0000)]
PuTTYgen initial version. Still to do are basic user-friendliness
features (prompt for passphrase twice, prompt before overwriting a
file, check the key file was actually saved OK), testing of the
generated keys to make sure I got the file format right, and support
for a variable key size. I think what's already here is basically
sound though.
Simon Tatham [Wed, 18 Oct 2000 15:36:32 +0000 (15:36 +0000)]
Miscellaneous cleanups and reorgs in preparation for building
PuTTYgen. In particular, moved self-managing controls stuff out of
windlg.c into the new and reusable winctrls.c.