Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
362 check-ins going from e00724f199c90822 to 62dff762278fcc2e
|
2014-01-09
| ||
| 04:22 | Added putty-cac current state Leaf check-in: 62dff76227 user: rkeene tags: putty-cac | |
|
2013-11-22
| ||
| 13:41 | Include the numeric error code in win_strerror's output. This will be useful if someone gets a mysterious Windows error on a system configured into a language we don't speak - if they cut and paste the error message to send to us, then we won't have to try to translate it. check-in: e00724f199 user: simon tags: trunk | |
|
2013-11-18
| ||
| 16:34 | Fix up the Windows help context stuff for the new connection sharing controls. check-in: 5d4d60ef11 user: jacob tags: trunk | |
| 13:07 | Gracefully degrade in the absence of CryptProtectMemory. XP doesn't have it, and I think having connection sharing work without its privacy enhancement is better than having it not work at all. check-in: e5114b37b0 user: simon tags: trunk | |
| 13:07 | Restore compatibility with older autoconfs. The one in Ubuntu 10.04 doesn't know what AM_PROG_AR means, so configure.ac was broken in r10053 when fixing compatibility with later versions; you can't win... check-in: 72ed2c889b user: simon tags: trunk | |
|
2013-11-17
| ||
| 08:05 | Fix an assortment of dupprintf() format string bugs. I've enabled gcc's format-string checking on dupprintf, by declaring it in misc.h to have the appropriate GNU-specific attribute. This pointed out a selection of warnings, which I've fixed. check-in: 44f33ce7e0 user: simon tags: trunk | |
| 08:05 | Implement connection sharing between instances of PuTTY. The basic strategy is described at the top of the new source file sshshare.c. In very brief: an 'upstream' PuTTY opens a Unix-domain socket or Windows named pipe, and listens for connections from other PuTTYs wanting to run sessions on the same server. The protocol spoken down that socket/pipe is essentially the bare ssh-connection protocol, using a trivial binary packet protocol with no encryption, and the upstream has to do some fiddly transformations that I've been referring to as 'channel-number NAT' to avoid resource clashes between the sessions it's managing. This is quite different from OpenSSH's approach of using the Unix- domain socket as a means of passing file descriptors around; the main reason for that is that fd-passing is Unix-specific but this system has to work on Windows too. However, there are additional advantages, such as making it easy for each downstream PuTTY to run its own independent set of port and X11 forwardings (though the method for making the latter work is quite painful). Sharing is off by default, but configuration is intended to be very easy in the normal case - just tick one box in the SSH config panel and everything else happens automatically. check-in: 998dfad436 user: simon tags: trunk | |
| 08:05 | Move the dynamic loading of advapi into its own module. There's now a winsecur.[ch], which centralises helper functions using the Windows security stuff in advapi.h (currently just get_user_sid), and also centralises the run-time loading of those functions and checking they're all there. check-in: fea133a5df user: simon tags: trunk | |
| 08:05 | Get rid of the error-return mechanism from x11_init. Now that it doesn't actually make a network connection because that's deferred until after the X authorisation exchange, there's no point in having it return an error message and write the real output through a pointer argument. Instead, we can just have it return xconn directly and simplify the call sites. check-in: 73c26030cf user: simon tags: trunk | |
| 08:05 | Refactor the construction of X protocol greetings. I've moved it out into a separate function, preparatory to calling it from somewhere completely different in changes to come. Also, we now retain the peer address sent from the SSH server in string form, rather than translating it immediately into a numeric IP address, so that its original form will be available later to pass on elsewhere. check-in: 6ce24b09de user: simon tags: trunk | |
| 08:05 | Prepare to have multiple X11 auth cookies valid at once. Rather than the top-level component of X forwarding being an X11Display structure which owns some auth data, it's now a collection of X11FakeAuth structures, each of which owns a display. The idea is that when we receive an X connection, we wait to see which of our available auth cookies it matches, and then connect to whatever X display that auth cookie identifies. At present the tree will only have one thing in it; this is all groundwork for later changes. check-in: dce51d4dc0 user: simon tags: trunk | |
| 08:05 | Decouple X socket opening from x11_init(). Now we wait to open the socket to the X server until we've seen the authorisation data. This prepares us to do something else with the channel if we see different auth data, which will come up in connection sharing. check-in: 17981b3538 user: simon tags: trunk | |
| 08:05 | Add missing 'const' in the des_*_xdmauth functions. check-in: d5d9fea99c user: simon tags: trunk | |
| 08:04 | Add a missing null pointer check in s_write. I don't know that this can ever be triggered in the current state of the code, but when I start mucking around with SSH session closing in the near future, it may be handy to have it. check-in: 4e49a3898d user: simon tags: trunk | |
| 08:04 | Remove sk_{get,set}_private_ptr completely! It was only actually used in X11 and port forwarding, to find internal state structures given only the Socket that ssh.c held. So now that that lookup has been reworked to be the sensible way round, private_ptr is no longer used for anything and can be removed. check-in: 19677e577d user: simon tags: trunk | |
| 08:04 | Refactor ssh.c's APIs to x11fwd.c and portfwd.c. The most important change is that, where previously ssh.c held the Socket pointer for each X11 and port forwarding, and the support modules would find their internal state structure by calling sk_get_private_ptr on that Socket, it's now the other way round. ssh.c now directly holds the internal state structure pointer for each forwarding, and when the support module needs the Socket it looks it up in a field of that. This will come in handy when I decouple socket creation from logical forwarding setup, so that X forwardings can delay actually opening a connection to an X server until they look at the authentication data and see which server it has to be. However, while I'm here, I've also taken the opportunity to clean up a few other points, notably error message handling, and also the fact that the same kind of state structure was used for both connection-type and listening-type port forwardings. Now there are separate PortForwarding and PortListener structure types, which seems far more sensible. check-in: 7ab21bb146 user: simon tags: trunk | |
| 08:04 | Reliably initialise uxnet's socket fd fields to -1. This prevents embarrassing mess-ups involving getting back a Socket which has mostly been memset to 0 but contains an error message, sk_close()ing it to free the memory, and finding that standard input has been closed as a side effect. check-in: 3f38d36d6e user: simon tags: trunk | |
| 08:04 | Add support in uxnet.c for Unix-domain listening sockets. There are two new functions: one to construct a SockAddr wrapping a Unix socket pathname (which can also be used as the destination for new_connection), and one to establish a new listening Unix-domain socket. check-in: fe289d405b user: simon tags: trunk | |
| 08:04 | Complete rewrite of the packet log censoring code. Because the upcoming connection sharing changes are going to involve us emitting outgoing SSH packets into our log file that we didn't construct ourselves, we can no longer rely on metadata inserted at packet construction time to tell us which parts of which packets have to be blanked or omitted in the SSH packet log. Instead, we now have functions that deal with constructing the blanks array just before passing all kinds of packet (both SSH-1 and SSH-2, incoming and outgoing) to logging.c; the blanks/nblanks fields in struct Packet are therefore no longer needed. check-in: 88f08b9cb9 user: simon tags: trunk | |
| 08:04 | Clean up the 'data' vs 'body' pointers in struct Packet. There's always been some confusion over exactly what it all means. I haven't cleaned it up to the point of complete sensibleness, but I've got it to a point where I can at least understand and document the remaining non-sensibleness. check-in: c011fa97b1 user: simon tags: trunk | |
| 08:04 | Add support for Windows named pipes. This commit adds two new support modules, winnpc.c and winnps.c, which deal respectively with being a client and server of a Windows named pipe (which, in spite of what Unix programmers will infer from that name, is actually closer to Windows's analogue of a Unix-domain socket). Each one provides a fully featured Socket wrapper around the hairy Windows named pipe API, so that the rest of the code base should be able to use these interchangeably with ordinary sockets and hardly notice the difference. As part of this work, I've introduced a mechanism in winhandl.c to permit it to store handles of event objects on behalf of other Windows support modules and deal with passing them to applications' main event loops as necessary. (Perhaps it would have been cleaner to split winhandl.c into an event-object tracking layer analogous to uxsel, and the handle management which is winhandl.c's proper job, but this is less disruptive for the present.) check-in: 8ceffb2b33 user: simon tags: trunk | |
| 08:03 | Replace the hacky 'OSSocket' type with a closure. The mechanism for constructing a new connection-type Socket when a listening one receives an incoming connection previously worked by passing a platform-specific 'OSSocket' type to the plug_accepting function, which would then call sk_register to wrap it with a proper Socket instance. This is less flexible than ideal, because it presumes that only one kind of OS object might ever need to be turned into a Socket. So I've replaced OSSocket throughout the code base with a pair of parameters consisting of a function pointer and a context such that passing the latter to the former returns the appropriate Socket; this will permit different classes of listening Socket to pass different function pointers. In deference to the reality that OSSockets tend to be small integers or pointer-sized OS handles, I've made the context parameter an int/pointer union that can hold either of those directly, rather than the usual approach of making it a plain 'void *' and requiring a context structure to be dynamically allocated every time. check-in: c7d41826aa user: simon tags: trunk | |
| 08:03 | Implement freezing on Windows handle sockets. That's been a FIXME in the code for ages, because it's difficult to get winhandl.c to stop an already-started read from a handle (since the read is a blocking system call running in a separate thread). But I now realise it isn't absolutely necessary to do so - you can just buffer one lot of data from winhandl and _then_ tell it to stop. check-in: 2fcad446d4 user: simon tags: trunk | |
| 08:03 | Factor out the HANDLE-to-Socket adapter from winproxy.c. It's now kept in a separate module, where it can be reused conveniently for other kinds of Windows HANDLE that I want to wrap in the PuTTY Socket abstraction - for example, the named pipes that I shortly plan to use for the Windows side of connection-sharing IPC. check-in: b85c096215 user: simon tags: trunk | |
| 08:03 | Add a Socket implementation which just holds an error message. This isn't yet used, but I plan to use it in situations where you have to report errors by returning a valid Socket on which the client wlil call sk_socket_error, but in fact you notice the error _before_ instantiating your usual kind of Socket. The resulting Socket is usable for nothing except reading out the error string and closing it. check-in: 20d72c8bd1 user: simon tags: trunk | |
| 08:03 | Move SSH protocol enumerations out into ssh.h. This permits packet type codes and other magic numbers to be accessed from modules other than ssh.c. check-in: 71d87820cd user: simon tags: trunk | |
| 08:03 | Move cipher settings into their own config panel. This makes room in the main SSH panel for new options about connection sharing, which I'm shortly going to add. check-in: 5a25ae6602 user: simon tags: trunk | |
| 08:03 | Clean up the semantics of the ssh_rportfwd structure. It's now indexed by source hostname as well as source port (so that separate requests for the server to listen on addr1:1234 and addr2:1234 can be disambiguated), and also its destination host name is dynamically allocated rather than a fixed-size buffer. check-in: 87da2eda2d user: simon tags: trunk | |
| 08:03 | Find ToUnicodeEx() at run time, not load time. This restores PuTTY's backward compatibility to versions of Windows too old to have ToUnicodeEx in their system libraries, which was accidentally broken in 0.63. check-in: f163f89666 user: simon tags: trunk | |
|
2013-11-11
| ||
| 17:01 | Replace GetQueueStatus with PeekMessage(PM_NOREMOVE). A couple of users report that my recent reworking of the Windows top-level message loop has led to messages occasionally being lost, and MsgWaitForMultipleObjects blocking when it ought to have been called with a zero timeout. I haven't been able to reproduce this myself, but according to one reporter, PeekMessage(PM_NOREMOVE) is effective at checking for a non-empty message queue in a way that GetQueueStatus is not. Switch to using that instead. Thanks to Eric Flumerfelt for debugging and testing help. check-in: 0eada414dc user: simon tags: trunk | |
|
2013-10-26
| ||
| 09:00 | Fix build failures on Ubuntu 13.10. Automake now insists that we run AM_PROG_AR if we're going to build a library, and AM_PROG_CC_C_O if we're going to build anything with extra compile options. Those extra macros seem harmless in previous versions of automake. check-in: 4dc573c397 user: simon tags: trunk | |
|
2013-10-25
| ||
| 12:44 | Avoid leaving unread Windows messages in the queue. Jochen Erwied points out that once you've used PeekMessage to remove _one_ message from the message queue, MsgWaitForMultipleObjects will consider the whole queue to have been 'read', or at least looked at and deemed uninteresting, and so it will block until a further message comes in. Hence, my change in r10040 which stops us from looping on PeekMessage until the queue is empty has the effect of causing the rest of the message queue not to be acted on until a new message comes in to unblock it. Fix by checking if the queue is nonempty in advance of calling MsgWaitForMultipleObjects, and if so, giving it a zero timeout just as we do if there's a pending toplevel callback. check-in: bb372d7013 user: simon tags: trunk | |
|
2013-10-09
| ||
| 13:38 | random_ref() should always increment the reference count. No current PuTTY utility was calling random_ref more than once per run (ssh.c and the two main PuTTYgen programs call it once each), but if one ever does (or if derived code does), it will want the reference count to actually work sensibly. check-in: 8a375b13f8 user: simon tags: trunk | |
| 13:36 | Don't pass WinSock error codes to strerror. Martin Prikryl helpfully points out that when I revamped the socket error mechanism using toplevel callbacks, I also accidentally passed the error code to the wrong function. Use winsock_error_string instead. check-in: b4dcae4371 user: simon tags: trunk | |
|
2013-09-23
| ||
| 09:35 | Fix cut-and-paste errors in nonfatal() implementations. Unix GUI programs should not say 'Fatal Error' in the message box title, and Plink should not destroy its logging context as a side effect of printing a non-fatal error. Both appear to have been due to inattentive cut and paste from the pre-existing fatal error functions. check-in: 3a81deedf0 user: simon tags: trunk | |
|
2013-09-15
| ||
| 09:40 | Oops! Remove a tight-looping diagnostic. I temporarily applied it as a means of testing the revised event loops in r10040, and accidentally folded it into my final commit instead of backing it out. Ahem. check-in: 5bed7cc5ee user: simon tags: trunk | |
| 09:05 | Remove the timed part of the terminal paste mechanism. In r10020 I carefully reimplemented using timing.c and callback.c the same policy for large pastes that the previous code appeared to be implementing ad-hoc, which included a 450ms delay between sending successive lines of pasted text if no visible acknowledgment of the just-sent line (in the form of a \n or \r) came back from the application. However, it turns out that that *wasn't* what the old code was doing. It *would* have done that, but for the bug that it never actually set the 'last_paste' variable, and never has done since it was first introduced way back in r516! So the policy I thought had been in force forever has in fact only been in force since I unwittingly fixed that bug in r10020 - and it turns out to be a bad idea, breaking pastes into vi in particular. So I've removed the timed paste code completely, on the basis that it's never actually worked and nobody seems to have been unhappy about that. Now we still break large pastes into separate lines and send them in successive top-level callbacks, and the user can still press a key to interrupt a paste if they manage to catch it still going on, but there's no attempted *delay* any more. (It's possible that what I *really* ought to be doing is calling back->sendbuffer() to see whether the backend is consuming the data pasted so far, and if not, deferring the rest of the paste until the send buffer becomes smaller. Then we could have pasting be delayed by back-pressure from the recipient, and still manually interruptible during that delay, but not have it delayed by anything else. But what we have here should at least manage to be equivalent to the *actual* rather than the intended old policy.) check-in: 926b4f918a user: simon tags: trunk | |
| 09:05 | Only run one toplevel callback per event loop iteration. This change attempts to reinstate as a universal property something which was sporadically true of the ad-hockery that came before toplevel callbacks: that if there's a _very long_ queue of things to be done through the callback mechanism, the doing of them will be interleaved with re-checks of other event sources, which might (e.g.) cause a flag to be set which makes the next callback decide not to do anything after all. check-in: 36d3c24f08 user: simon tags: trunk | |
|
2013-09-08
| ||
| 08:20 | Handle socket errors on half-open channels. Anthony Ho reports that this can occur naturally in some situation involving Windows 8 + IE 11 and dynamic port forwarding: apparently we get through the SOCKS negotiation, send our CHANNEL_OPEN, and then *immediately* suffer a local WSAECONNABORTED error before the server has sent back its OPEN_CONFIRMATION or OPEN_FAILURE. In this situation ssh2_channel_check_close was failing to notice that the channel didn't yet have a valid server id, and sending out a CHANNEL_CLOSE anyway containing 32 bits of uninitialised nonsense. We now handle this by turning our half-open CHAN_SOCKDATA_DORMANT into a half-open CHAN_ZOMBIE, which means in turn that our handler functions for OPEN_CONFIRMATION and OPEN_FAILURE have to recognise and handle that case, the former by immediately initiating channel closure once we _do_ have the channel's server id to do it with. check-in: 1593971ebd user: simon tags: trunk | |
| 02:14 | Pass an error message through to sshfwd_unclean_close. We have access to one at every call site, so there's really no reason not to send it through to ssh.c to be logged. check-in: 36349ac57c user: simon tags: trunk | |
|
2013-09-07
| ||
| 11:15 | Fix SSH2_MSG_CHANNEL_EXTENDED_DATA in logparse. It looks as if it's never worked at all: it had a spurious second printf, it completely forgot to allow for the uint32 type code that SSH2_MSG_CHANNEL_DATA doesn't have, it accessed the channel state's sequence number fields in a way that made no sense and didn't match the rest of the program, *and* it misinvoked the file opening API. I must have never had an occasion to test it. check-in: a938a3ac2e user: simon tags: trunk | |
| 11:15 | Make logparse handle completely bogus channel numbers. Previously it would throw a bunch of Perl undefined-variable-usage warnings; now it cleanly detects the problem, dumps as much of the message as it still reasonably can, and doesn't update any channel states. check-in: 21376cee1b user: simon tags: trunk | |
|
2013-08-26
| ||
| 06:55 | Fix free of an uninitialised pointer. CHAN_AGENT channels need c->u.a.message to be either NULL or valid dynamically allocated memory, because it'll be freed by ssh_channel_destroy. This bug triggers if an agent forwarding channel is opened and closed without having sent any queries. check-in: 7b9042322c user: simon tags: trunk | |
|
2013-08-22
| ||
| 12:45 | Fix handling of IPv6 dynamic forwardings. During the Conf revamp, I changed the internal representation of dynamic forwardings so that they were stored as the conceptually sensible L12345=D rather than the old D12345, and added compensation code to translate to the latter form for backwards-compatible data storage and for OpenSSH-harmonised GUI display. Unfortunately I forgot that keys in the forwarding data can also prefix the L/R with a character indicating IPv4/IPv6, and my translations didn't take account of that possibility. Fix them. check-in: 2ca638ec2c user: simon tags: trunk | |
|
2013-08-18
| ||
| 05:56 | Don't run toplevel callbacks in modal dialogs. Because some of them can call gtk_main_quit(), which completely confuses the dialog box system. check-in: d89571a733 user: simon tags: trunk | |
| 01:48 | Sensibly enforce non-interactive rekeying. We now only present the full set of host key algorithms we can handle in the first key exchange. In subsequent rekeys, we present only the host key algorithm that we agreed on the previous time, and then we verify the host key by simply enforcing that it's exactly the same as the one we saw at first and disconnecting rudely if it isn't. check-in: cb5323bd7c user: simon tags: trunk | |
|
2013-08-17
| ||
| 11:06 | Make calling term_nopaste() a cross-platform feature. It was one of those things that went in ages ago on Windows and never got replicated in the Unix front end. And it needn't be: ldisc.c is a perfect place to put it, since it knows which of the data it's sending is based on a keystroke and which is automatically generated, and it also has access to the terminal context. So now a keypress can interrupt a runaway paste on all platforms. check-in: 98e29c499b user: simon tags: trunk | |
| 11:06 | Revamp Windows pending_netevent using toplevel callbacks. This greatly simplifies the process of calling select_result() from the top level after receiving WM_NETEVENT. check-in: c50a760764 user: simon tags: trunk | |
| 11:06 | Revamp net_pending_errors using toplevel callbacks. Again, I've removed the special-purpose ad-hockery from the assorted front end message loops that dealt with deferred handling of socket errors, and instead uxnet.c and winnet.c arrange that for themselves by calling the new general top-level callback mechanism. check-in: 441fc5a4dd user: simon tags: trunk | |
| 11:06 | Revamp GTK's session close handling using toplevel callbacks. Instead of having a special GTK idle function for dealing with session closing, I now use the new top-level callback mechanism which is slightly simpler for calling a one-off function. Also in this commit, I've arranged for connection_fatal to queue a call to the same session close function after displaying the message box, with the effect that now all the same processing takes place no matter whether the session closes cleanly or uncleanly - e.g. the SSH specials submenu is cleaned out, as it should be. check-in: 030eccd1a1 user: simon tags: trunk | |
| 11:06 | Revamp Windows's close_session() using toplevel callbacks. Instead of setting a must_close_session flag and having special code in the message loop to check it, we'll schedule the call to close_session using the new top-level callback system. check-in: f66bde9fae user: simon tags: trunk | |
| 11:06 | Revamp the terminal paste mechanism using toplevel callbacks. I've removed the ad-hoc front-end bodgery in the Windows and GTK ports to arrange for term_paste to be called at the right moments, and instead, terminal.c itself deals with knowing when to send the next chunk of pasted data using a combination of timers and the new top-level callback mechanism. As a happy side effect, it's now all in one place so I can actually understand what it's doing! It turns out that what all that confusing code was up to is: send a line of pasted data, and delay sending the next line until either a CR or LF is returned from the server (typically indicating that the pasted text has been received and echoed) or 450ms elapse, whichever comes first. check-in: e18f3877ae user: simon tags: trunk | |
| 11:06 | Add a general way to request an immediate top-level callback. This is a little like schedule_timer, in that the callback you provide will be run from the top-level message loop of whatever application you're in; but unlike the timer mechanism, it will happen _immediately_. The aim is to provide a general way to avoid re-entrance of code, in cases where just _doing_ the thing you want done is liable to trigger a confusing recursive call to the function in which you came to the decision to do it; instead, you just request a top-level callback at the message loop's earliest convenience, and do it then. check-in: 0345763d47 user: simon tags: trunk | |
|
2013-08-15
| ||
| 01:42 | Sebastian Kuschel reports that pfd_closing can be called for a socket error with pr->c NULL, in which case calling sshfwd_unclean_close on it will dereference NULL and segfault. Write an alternative error handling path for that possibility. (I don't know if it's the only way, but one way this can happen is if you're doing dynamic forwarding and the socket error occurs during SOCKS negotiation, in which case no SSH channel has been set up yet because we haven't yet found out what we want to put in the direct-tcpip channel open message.) check-in: 88d8a274b3 user: simon tags: trunk | |
|
2013-08-13
| ||
| 01:46 | It turns out I was a little over-strict in my handling of EOF in pscp.c when I did the big revamp in r9279: I assumed that in any SCP connection we would be the first to send EOF, but in fact this isn't true - doing downloads with old-SCP, EOF is initiated by the server, so we were spuriously reporting an error for 'unexpected' EOF when everything had gone fine. Thanks to Nathan Phelan for the report. check-in: dbbbe4df65 user: simon tags: trunk | |
|
2013-08-08
| ||
| 12:22 | sbcsgen.pl uses 'select' to point Perl at a different default output handle. Revert that when we hackily call it from mkfiles.pl, so that if I have a need to insert diagnostics in the latter they won't go into the end of sbcsdat.c. check-in: 7c257e8f47 user: simon tags: trunk | |
|
2013-08-07
| ||
| 01:22 | Revert the default for font bolding style back to using colours rather than fonts. I broke this in r9559 when I added the option for 'both', because the internal representation got offset by one so as to change from a boolean to two bitfields and I must have confused myself about what the default should be. check-in: 31522c3eb3 user: simon tags: trunk | |
|
2013-08-06
| ||
| 12:09 | Bump version number prior to tagging 0.63. check-in: ff340ac572 user: simon tags: trunk | |
| 11:45 | One more defensive assert, just to be sure. check-in: d6125310dc user: simon tags: trunk | |
|
2013-08-05
| ||
| 14:50 | The bignum code has two representations of zero, since bn_restore_invariant (and the many loops that duplicate it) leaves a single zero word in a bignum representing 0, whereas the constant 'Zero' does not have any data words at all. Cope with this in bignum_cmp. (It would be a better plan to decide on one representation and stick with it, but this is the less disruptive fix for the moment.) check-in: 87e71d1709 user: simon tags: trunk | |
| 14:50 | Add some more precautionary assertions, just in case anything wildly out of range manages to get past other recent fixes. check-in: 165e9c6988 user: simon tags: trunk | |
| 10:15 | Belatedly update the copyright year to 2013. check-in: f12ca7dab6 user: jacob tags: trunk | |
|
2013-08-04
| ||
| 17:33 | Fix memory leaks in the new error return from modinv. check-in: 831e4c58e8 user: simon tags: trunk | |
| 14:34 | Spot when we didn't successfully create an RSA public key from a public blob, and return a proper error in that situation rather than a struct with unhelpful NULLs in. check-in: 6f71c3af5a user: simon tags: trunk | |
| 14:34 | Make modinv able to return NULL if its inputs are not coprime, and check for that return value everywhere it is used. check-in: 81126a7cf8 user: simon tags: trunk | |
| 14:34 | Avoid trying to take the modular inverse of zero in response to a sufficiently silly DSA signature. check-in: ea82957c5a user: simon tags: trunk | |
| 14:33 | Another couple of memory leaks. check-in: e901ff1b64 user: simon tags: trunk | |
| 14:33 | More consistently defend against division by zero with assertions. We now check that all the modular functions (modpow, modinv, modmul, bigdivmod) have nonzero moduli, and that modinv also has a nonzero thing to try to invert. check-in: 1d79e0227d user: simon tags: trunk | |
| 14:33 | Validate newly created DSA keys more carefully. Don't want a structure half-filled with null pointers. check-in: c783761d06 user: simon tags: trunk | |
| 14:33 | Remove some redundant null-pointer checks from code that must have been written before I wrote a never-failing snew. check-in: ee86c225d3 user: simon tags: trunk | |
| 14:33 | Sanitise freeing of DSA keys. check-in: ff56f110f0 user: simon tags: trunk | |
| 14:32 | Reinstate a piece of code accidentally removed in r9214, where Windows PuTTY does not trim a colon suffix off the hostname if it contains _more than one_ colon. This allows IPv6 literals to be entered. (Really we need to do a much bigger revamp of all uses of hostnames to arrange that square-bracketed IPv6 literals work consistently, but this at least removes a regression over 0.62.) check-in: 6a08410fec user: simon tags: trunk | |
|
2013-08-02
| ||
| 17:33 | Raise the default scrollback from 200 to 2000 lines. The former was not so silly in the 1990s and before I implemented scrollback compression, but it's been a ridiculously low default for a while now. check-in: 9dde867cfc user: simon tags: trunk | |
| 14:51 | Found a lot of places in sshbn.c where for-loops zeroing out memory just before freeing it really ought to be smemclrs. check-in: 911c0d2c25 user: simon tags: trunk | |
| 01:28 | Verify RSA keys created by rsa2_openssh_createkey. check-in: d3496c3c83 user: simon tags: trunk | |
| 01:28 | Replace some 'sfree' calls of bignums with the proper 'freebn'. check-in: 1dd02ecbaf user: simon tags: trunk | |
| 01:27 | Add some missing bounds checks in signature verification routines. check-in: 0b92b855f5 user: simon tags: trunk | |
| 01:27 | Fix an array-size bug in modmul, and add some tests for it. check-in: 9061bc28f3 user: simon tags: trunk | |
|
2013-07-29
| ||
| 12:47 | Remove one of the frees added in r9916. stat_name points to somewhere within the same string that destfname points to the start of, so freeing it causes at best a double-free of destfname and more likely a free of something that isn't even the start of an allocated block. check-in: f6693a7219 user: simon tags: trunk | |
|
2013-07-27
| ||
| 13:35 | Add an assortment of missing consts I've just noticed. check-in: 9388e0e1ae user: simon tags: trunk | |
|
2013-07-24
| ||
| 14:18 | Get rid of the variable 'advapi' in Pageant's WinMain, which was never actually used for anything sensible and could have been freed while containing nonsense at program end. check-in: 216d70f276 user: simon tags: trunk | |
|
2013-07-22
| ||
| 14:56 | Back out r9964. I wasn't paying attention: every control is in the byid tree but not all of them are in the byctrl tree. check-in: 3eb328f003 user: simon tags: trunk | |
| 14:56 | Add a bob script to do Coverity scanning. check-in: 534a54bd61 user: simon tags: trunk | |
| 14:55 | Fix a few more memory and resource leaks. check-in: 9b3e8c1465 user: simon tags: trunk | |
| 14:55 | Remove the variable 'bufused', which came over from winnet.c in mistaken cut and paste and is just a bug. check-in: b3b80590c1 user: simon tags: trunk | |
| 02:12 | Increase FONT_MAXNO from 0x2f to 0x40, to ensure the fonts[] array includes every possible combination of the font bitfields, in particular ATTR_OEM|ATTR_NARROW. check-in: 6eed22fa7a user: simon tags: trunk | |
| 02:12 | Correct an inequality sign causing the bounds check in Windows palette_set() to be bogus. Fortunately, this isn't exploitable through the terminal emulator, because the palette escape sequence parser contains its own bounds check before even calling palette_set(). While I'm at it, fix the same goof in the OS X version! That port is more or less abandoned, but that's no excuse for leaving obviously wrong code lying around. check-in: eb7d5a10e2 user: simon tags: trunk | |
| 02:12 | Missing assert. check-in: 7ab72cb74f user: simon tags: trunk | |
| 02:12 | Replace the type-checking COMPTR macro with my current idea of best practice in type-check macros. check-in: 6231caddfe user: simon tags: trunk | |
| 02:12 | Add missing casts in arguments to ctype functions. check-in: 2ca4f7724b user: simon tags: trunk | |
| 02:12 | Rationalise null pointer checks in both decode_codepage functions, so that decode_codepage(NULL) and decode_codepage("") both return the default character set. check-in: 52a52f87c4 user: simon tags: trunk | |
| 02:11 | Fix a double error handling goof in the winstore side of the jump list support: transform_jumplist_registry should give its caller dynamically allocated data if and only if it returns JUMPLISTREG_OK, and get_jumplist_registry_entries should test the return value against JUMPLISTREG_OK rather than a value from a totally different enum. check-in: 4308431bba user: simon tags: trunk | |
| 02:11 | Another big batch of memory leak fixes, again mostly on error paths. The most interesting one is printer_add_enum, which I've modified to take a char ** rather than a char * so that it can both realloc its input buffer _and_ return NULL to indicate error. check-in: c3f3ee12f4 user: simon tags: trunk | |
| 02:11 | Add a missing null pointer check in one of the dialog box functions. check-in: 3a9b6d22d8 user: simon tags: trunk | |
| 02:11 | Report an error if deleting a random seed file fails. (This has also required me to add a currently unused nonfatal() to PuTTYgen, since although PuTTYgen won't actually try to delete putty.rnd, it does link in winstore.c as a whole.) check-in: 8954381522 user: simon tags: trunk | |
| 02:11 | Invent a win_strerror() function which behaves as much like Unix strerror as I can arrange, wrapping up all the ugly FormatMessage nonsense and caching previously looked-up messages for reuse so that callers can treat them as static. check-in: 608a3a3766 user: simon tags: trunk | |
| 02:11 | Rework keylist_update() to fix both a buffer-size limitation and a memory leak. check-in: 91560392b8 user: simon tags: trunk | |
|
2013-07-21
| ||
| 06:01 | Initialise 'psa' to NULL on every code path in the Pageant client code, fixing a potential segfault when compiling with -DNO_SECURITY. check-in: 3f060d2ca9 user: simon tags: trunk | |
| 05:12 | If the SSH server sends us CHANNEL_CLOSE for a channel on which we're sitting on a pile of buffered data waiting for WINDOW_ADJUSTs, we should throw away that buffered data, because the CHANNEL_CLOSE tells us that we won't be receiving those WINDOW_ADJUSTs, and if we hang on to the data and keep trying then it'll prevent ssh_channel_try_eof from sending the CHANNEL_EOF which is a prerequisite of sending our own CHANNEL_CLOSE. check-in: 127cf34c50 user: simon tags: trunk | |
| 04:16 | Add '.so' to the list of file extensions cleared up by 'make clean' in Makefile.cyg, since if you're building against Winelib it will generate one of those alongside each .exe file. check-in: 3c11ddd270 user: simon tags: trunk | |
| 02:40 | Completely remove the 'frozen_readable' mechanism from uxnet.c. It parallels a similar mechanism in winnet.c and came over by copy and paste, but is pointless in the Unix networking API. On Windows, if you're using a mechanism such as WSAAsyncSelect which delivers readability notifications as messages rather than return values from a system call, you only get notified that a socket is readable once - it remembers that it's told you, and doesn't tell you again until after you've done a read. So in the case where we intentionally stop reading from a socket because our local buffer is full, and later want to start reading again, we do a read from the socket with MSG_PEEK set, and that clears Windows's flag and tells it to start sending us readability notifications again. On Unix, select() and friends didn't do anything so strange in the first place, so the whole mechanism is unnecessary. check-in: 6c0335a94e user: simon tags: trunk | |
| 02:40 | Fix error checking in uxstore.c: add a missing check, and fix a mis-cut-and-pasted one. check-in: ef3d2b4788 user: simon tags: trunk | |
| 02:40 | When I turned fcntls into noncloexecs in r9940, I missed one. check-in: c138704d7f user: simon tags: trunk | |
| 02:40 | Two more memory leak fixes, on error paths I didn't spot in r9919. check-in: fd4c3490f1 user: simon tags: trunk | |
|
2013-07-20
| ||
| 08:15 | Fix a null-dereference introduced by another mis-fix in r9919. check-in: f1918a54f9 user: simon tags: trunk | |
| 08:15 | Fix leak of 'fname' introduced by the rewrite of write_random_seed in r9933. check-in: e9b29537b5 user: simon tags: trunk | |
| 08:15 | Another two mis-fixes from r9919: when we sfree(line) on exit from the ssh.com and OpenSSH key import loops, we should also null it out so that the cleanup path doesn't try to re-free the same pointer. check-in: 987177cbd7 user: simon tags: trunk | |
| 08:15 | Redo a mis-fix of a memory leak in r9919: I added sfree(data) immediately after conf_deserialise in the Duplicate Session receiver, whereas I should have put it after the subsequent loop that extracts the pty argv if any. check-in: 3f9156f8b5 user: simon tags: trunk | |
| 06:31 | Switch to translating keystrokes using ToUnicodeEx rather than ToAsciiEx, where possible. This enables support for keys which generate Unicode characters that aren't in the system code page, which seems to me like a perverse way for Windows to have set up the system code page but apparently does happen, e.g. (I'm told) U+0219 and U+021B on Romanian keyboards. Patch mostly due to Andrei Damian-Fekete. check-in: 14d0fea887 user: simon tags: trunk | |
| 03:34 | Been meaning to get round to this for a while: use CryptGenRandom to gather extra entropy at Windows PuTTY startup time. (It's only used as one of the inputs to PuTTY's internal entropy pool, so nobody is required to trust it.) check-in: 47054fafef user: simon tags: trunk | |
|
2013-07-19
| ||
| 13:10 | Centralise calls to fcntl into functions that carefully check the error returns. check-in: 04c7a24906 user: simon tags: trunk | |
| 12:45 | Add an error check to every setsockopt call in uxnet.c. check-in: 9121a6c35f user: simon tags: trunk | |
| 12:44 | Add some conditionally-compilable diagnostics to the RNG. I got briefly worried that it might not be doing what I thought it was doing, but examining these diagnostics shows that it is after all, and now I've written them it would be a shame not to keep them for future use. check-in: 24255e01ac user: simon tags: trunk | |
| 12:44 | Better error reporting when failing to save a session. check-in: 2e61d87342 user: simon tags: trunk | |
| 12:44 | Add some missing calls to cleanup_exit. check-in: 8f4562c3b3 user: simon tags: trunk | |
| 12:44 | Run the random pool setup and teardown functions with random_active nonzero rather than zero. check-in: 412920de82 user: simon tags: trunk | |
| 12:44 | Report errors in store_host_key too. check-in: 690915520f user: simon tags: trunk | |
| 12:44 | Add proper error reports in write_random_seed, via the new 'nonfatal' error reporting function. check-in: 9fe9012e9a user: simon tags: trunk | |
| 12:44 | Add a nonfatal() function everywhere, to be used for reporting things that the user really ought to know but that are not actually fatal to continued operation of PuTTY or a single network connection. check-in: ad8c919057 user: simon tags: trunk | |
| 12:44 | Add a missing error check in pterm's child-process setup. Shouldn't really fail, but might as well be careful. check-in: e86c47be22 user: simon tags: trunk | |
| 12:44 | It suddenly strikes me as probably a good idea to enforce that anyone calling random_byte has previously called random_ref. (I'm not aware of any current code getting this wrong! It just seems to me to be the sort of thing you'd want to be really sure of.) check-in: 001c304e9e user: simon tags: trunk | |
|
2013-07-15
| ||
| 01:40 | Fix a build failure: r9924 thoughtlessly put an assert before some declarations, and gcc didn't complain but VC did. check-in: 6ced7110ac user: simon tags: trunk | |
|
2013-07-14
| ||
| 12:08 | In the various channel request mini-coroutines, replace crWaitUntilV(pktin) with plain crReturnV, because those coroutines can be called back either with a response packet from the channel request _or_ with NULL by ssh_free meaning 'please just clean yourself up'. check-in: f0f597f3a9 user: simon tags: trunk | |
| 05:46 | Remove a redundant while-loop condition when reading RFC822-style header text from a PuTTY key file. (It's silly to have both while (len > 0) at the top of the loop _and_ an if (len == 0) return in the middle, and in fact the former was the erroneous one since it would have prohibited a 39-character header, which I intended to be permitted.) check-in: 09fe2439b4 user: simon tags: trunk | |
| 05:46 | Remove a pointless assignment in setup_config_box. check-in: 6e56f8bdd7 user: simon tags: trunk | |
| 05:46 | Remove a return path from sshcom_write() which was both unreachable (it would trigger if !type==RSA and !type==DSA, but one of those must have been true to get there in the first place) and erroneous (it would return NULL without going through the cleanup code). Since the code's internal structure guarantees that path isn't reached, replace it with an assert. check-in: e3ab162905 user: simon tags: trunk | |
| 05:46 | Use the new ctrl_alloc_with_free to clean up a long-standing FIXME in the session saving code, in which the contents of the edit box giving the current saved session name was stored in a horrid place with a fixed length. Now it's dangling off sessionsaver_data as it always ought to have been, and it's dynamically reallocated to the appropriate length, and there's a free function that cleans it up at the end of the dialog's lifetime. check-in: c522783586 user: simon tags: trunk | |
| 05:46 | Add an extended version of ctrl_alloc which permits you to provide a custom free function, in case you need to ctrl_alloc a structure which then has additional dynamically allocated things dangling off it. check-in: 33b7a596f1 user: simon tags: trunk | |
| 05:46 | Move the calculation of the exchange hash to above the various warnings about insecure crypto components. The latter may crReturn (though not in any current implementation, I believe), which invalidates pktin, which is used by the former. check-in: ea02e2be18 user: simon tags: trunk | |
| 05:46 | Add a missing null pointer check in wc_unescape, to bring it in line with the usage comment saying you're allowed to pass NULL to find out only the return value. No caller actually does pass NULL at the moment. check-in: a957fdbc03 user: simon tags: trunk | |
| 05:46 | Fix another giant batch of resource leaks. (Mostly memory, but there's one missing fclose too.) check-in: 17fb711a78 user: simon tags: trunk | |
| 05:45 | Tighten up a lot of casts from unsigned to int which are read by one of the GET_32BIT macros and then used as length fields. Missing bounds checks against zero have been added, and also I've introduced a helper function toint() which casts from unsigned to int in such a way as to avoid C undefined behaviour, since I'm not sure I trust compilers any more to do the obviously sensible thing. check-in: 845f59bde8 user: simon tags: trunk | |
| 05:45 | Fix an always-false if statement which was causing the window border not to be redrawn when the user reconfigured the background colour. check-in: 93e0d8851c user: simon tags: trunk | |
|
2013-07-11
| ||
| 12:43 | Add an assortment of missing frees, and one missing file close. Mostly on error paths, although the one in PSFTP's wildcard_iterate will come up in normal usage. check-in: 9c97222ada user: simon tags: trunk | |
| 12:24 | xfer_{up,down}load_gotpkt free their input sftp_packet as a side effect of handling it, but they do not free it if it isn't a packet they recognise as part of their upload/download. Invent a return value that specifically signals this, and consistently free pktin at every call site if that return value comes back. Also, ensure that that return value also always comes with something meaningful in fxp_error. check-in: 1129bffc22 user: simon tags: trunk | |
| 12:24 | Fix a collection of calls to tell_user so that they don't add their own newline before the one tell_user puts on the end anyway. Also, while I'm here, make up my mind about whether to prefix messages with "scp:" or "pscp:" - I choose the latter. check-in: 3646f99667 user: simon tags: trunk | |
| 12:24 | Fix a couple of code paths on which, if fxp_readdir returned an error, we would return without first closing the directory handle we had used as an argument. check-in: 1ab7f878e5 user: simon tags: trunk | |
| 12:24 | It's not actually legal by the C standard to call qsort with a null array pointer, _even_ if you're asking it to sort zero elements so that in principle it should never dereference that pointer. Fix the four instances in PSCP/PSFTP where this was previously occurring. check-in: ff4be3ebbd user: simon tags: trunk | |
| 12:24 | Fixes for the tree234 unit test: break its dependencies on half of the rest of PuTTY, and fix a couple of format string type mismatches pointed out by gcc. check-in: cf3e080e5e user: simon tags: trunk | |
| 12:24 | Add missing checks in update_for_intended_size() in the font selector code, which would have coped badly if ever asked to select the first font in the list at a size smaller than it supported. Luckily the first font tended to be one of the X numeric aliases (e.g. 10x20) which was stored with size zero, so this probably didn't actually come up for anyone, but better safe than sorry. check-in: 60326f8cd5 user: simon tags: trunk | |
| 12:24 | Fix a pty-freeing error which caused a segfault if you attempted to use Restart Session in a post-not-close-on-exit pterm. check-in: c15206d980 user: simon tags: trunk | |
| 12:24 | Add some missing null checks for inst->ldisc, which were causing segfaults if a PuTTY or pterm did not close on exit and then you either typed something via input_method_commit_event or changed the line editing or echo settings. check-in: 4d69ee0b39 user: simon tags: trunk | |
| 12:24 | Remove another pointless null check, this time of inst->back in the function which has just dereferenced it to get the exit code. check-in: dea3c6f18f user: simon tags: trunk | |
| 12:24 | Remove redundant null checks for arguments to sftp_{get,put}_file which are (a) never NULL anyway, and (b) have already been dereferenced by the time we make those checks so it would be too late if they were. check-in: d149b789c1 user: simon tags: trunk | |
| 12:24 | Fix a mishandling of error returns from makekey() in the SSH-1 private key loader. check-in: f9896207f1 user: simon tags: trunk | |
| 12:24 | Add another missing bounds check in the SSH-1 private key loader. check-in: 317faf983e user: simon tags: trunk | |
| 12:23 | Get rid of the fixed-size 'hostname' buffer in every port-forwarded connection, and replace it with sensible dynamically allocated storage. While I'm at it, get rid of the disgusting dual use between storing an actual hostname and storing an incoming SOCKS request; we now have a separate pointer variable for each. check-in: 030782147d user: simon tags: trunk | |
|
2013-07-08
| ||
| 17:36 | Add an assortment of extra safety checks. check-in: 6094a73041 user: simon tags: trunk | |
|
2013-07-07
| ||
| 09:34 | Move the SSH-1 servkey and hostkey variables into the coroutine state, since there is a theoretical code path (via the crReturn loop after asking an interactive question about a host key or crypto algorithm) on which we can leave and return to do_ssh1_login between allocating and freeing those keys. (In practice it shouldn't come up anyway with any of the current implementations of the interactive question functions, not to mention the unlikelihood of anyone non-specialist still using SSH-1, but better safe than sorry.) check-in: 86e974bb0e user: simon tags: trunk | |
|
2013-07-06
| ||
| 15:43 | Clean up handling of the return value from sftp_find_request. In many places we simply enforce by assertion that it will match the request we sent out a moment ago: in fact it can also return NULL, so it makes more sense to report a proper error message if it doesn't return the expected value, and while we're at it, have that error message whatever message was helpfully left in fxp_error() by sftp_find_request when it failed. To do this, I've written a centralised function in psftp.c called sftp_wait_for_reply, which is handed a request that's just been sent out and deals with the mechanics of waiting for its reply, returning the reply when it arrives, and aborting with a sensible error if anything else arrives instead. The numerous sites in psftp.c which called sftp_find_request have all been rewritten to do this instead, and as a side effect they now look more sensible. The only other uses of sftp_find_request were in xfer_*load_gotpkt, which had to be tweaked in its own way. While I'm here, also fix memory management in sftp_find_request, which was freeing its input packet on some but not all error return paths. check-in: 14608d0542 user: simon tags: trunk | |
|
2013-07-01
| ||
| 12:56 | A collection of small bug fixes from Chris West, apparently spotted by Coverity: assorted language-use goofs like freeing the wrong thing or forgetting to initialise a string on all code paths. check-in: 8962699297 user: simon tags: trunk | |
|
2013-06-15
| ||
| 14:58 | Fallback for manual setup of GTK 1, if autoconf is run on a system where the GTK1 detection function AM_PATH_GTK hasn't been provided by /usr/share/aclocal/gtk.m4 or equivalent. (Systems without gtk.m4 are becoming more common, but on the other hand I know at least one person is still using GTK 1 PuTTY since the 0.62 release.) check-in: 49e7e064b7 user: simon tags: trunk | |
|
2013-05-28
| ||
| 18:46 | Update docs for change to UTF-8 by default, and emphasise UTF-8 more generally. check-in: b8be4d7768 user: jacob tags: trunk | |
|
2013-05-25
| ||
| 09:03 | It's probably well past time for this: change PuTTY's default character set configuration to UTF-8, on both Windows and Unix, and reorganise the dropdown lists in the Translation menu so that UTF-8 appears at the top (and Unix's odd "use font encoding" is relegated to the bottom of the list like the special-purpose oddity it is). check-in: 120fc17374 user: simon tags: trunk | |
|
2013-03-10
| ||
| 06:04 | Fix a bug in which terminal output received from the session could be buffered in terminal.c indefinitely and only released when further output turned up. Arose because we suppress the call to term_out from term_data if a drag-select is in progress, but when the drag-select ends we weren't proactively calling term_out to release the buffered data. So if your session generated some terminal output while you were in mid-select, _and had stopped by the time you let go of the mouse button_, then the output would just sit there until released by the next call to term_data. check-in: d49eb034df user: simon tags: trunk | |
|
2013-02-24
| ||
| 13:28 | Remove the half-hearted attempt to make the utmp helper process drop privileges just before dying of a fatal signal. I'm not sure what I intended it for in the first place; it certainly isn't doing its job properly (no setgid), it's causing compiler warnings due to not checking the setuid return code, and we can't think of any useful purpose for it. check-in: 9613910863 user: simon tags: trunk | |
|
2013-02-23
| ||
| 15:00 | Don't forget to check the return values of setuid and friends. check-in: 37c4284d89 user: simon tags: trunk | |
|
2013-02-22
| ||
| 15:39 | Give a better error message if a PuTTY private key file has a version number we don't understand. It's nicer to report 'format too new' than 'not a PuTTY key file'. check-in: 4b9de581eb user: simon tags: trunk | |
|
2013-02-20
| ||
| 17:30 | Add support for HMAC-SHA-256 as an SSH-2 MAC algorithm ("hmac-sha2-256") as specified in RFC 6668. This is not so much because I think it's necessary, but because scrypt uses HMAC-SHA-256 and once we've got it we may as well use it. Code very closely derived from the HMAC-SHA-1 code. Tested against OpenSSH 5.9p1 Debian-5ubuntu1. check-in: 6c7bd4523b user: ben tags: trunk | |
| 16:37 | Take advantage of PUT_32BIT_MSB_FIRST when constructing sequence numbers to MAC. check-in: bb6f590302 user: ben tags: trunk | |
|
2013-01-23
| ||
| 16:59 | Patch from Egmont Koblinger to implement two extended variants of xterm mouse tracking, both supported by the current up-to-date xterm (288). They take the form of two new DEC terminal modes, 1006 and 1015, which do not in themselves _enable_ mouse tracking but they modify the escape sequences sent if mouse tracking is enabled in the usual way. check-in: ff6decabd1 user: simon tags: trunk | |
|
2013-01-19
| ||
| 11:17 | Adjust comments around split_into_argv() to clarify that it's not *Windows's* command-line splitting rules we're mimicking here; it's VC7's, and they're not the same as VC10's. check-in: 7c2172bd62 user: simon tags: trunk | |
|
2013-01-13
| ||
| 15:59 | Reorganise setup_fonts_ucs so that in case of error it does nothing and returns its error message as a string, instead of actually printing it on standard error and exiting. Now we can preserve the previous error behaviour when we get a nonexistent font name at startup time, but no longer rudely terminate in mid-session if the user configures a bogus font name in Change Settings. check-in: 6389889576 user: simon tags: trunk | |
|
2013-01-07
| ||
| 13:08 | Move the -I options for all our source subdirectories out of AM_CFLAGS and into AM_CPPFLAGS. This is more conceptually sensible according to my reading of the automake manual, and also has the specific desirable effect that they move to the front of the command line, ahead of any 'system' type -I options that autoconf might have felt a need for. A user reported that autoconf had added -I/usr/local/include to their command line for the sake of a required header file, but their /usr/local/include also turned out to include a thing called 'proxy.h' (from libproxy, nothing to do with us) which shadowed our own proxy.h and caused a build failure. This should fix that. check-in: eae4114b11 user: simon tags: trunk | |
|
2012-12-22
| ||
| 12:10 | Update the suggested compile command in sshbn.c's test rig. check-in: f28105b8ef user: simon tags: trunk | |
| 12:09 | Fix two gcc warnings about confused printf format strings in the bignum code's test harness. Thanks to Sup Yut Sum for fixing this in TortoisePlink and Sven Strickroth for bringing it to my attention. check-in: 06a991e499 user: simon tags: trunk | |
| 03:40 | Ronald Landheer-Cieslak points out that the various back ends which treat all socket closures as clean exits (because the protocol doesn't provide for transferring a process exit code) could usefully at least treat _socket errors_ as unclean exits. Patch the Telnet, Rlogin and Raw backends to retain that information and return INT_MAX to the frontend. I wasn't sure whether it was better to solve this by modifying each affected frontend, or each affected backend. I chose the latter, but neither is really ideal; this is the sort of thing that makes me wish we had a piece of fixed middleware in between, independent of both platform and protocol. check-in: 77d1fb6713 user: simon tags: trunk | |
|
2012-12-18
| ||
| 03:19 | Switch round a bogus if statement I've just noticed. Both the write to pty_utmp_helper_pipe _and_ the close of it if we're not going to write should be conditionalised on the pipe existing, rather than just the former! check-in: 21f0ce4047 user: simon tags: trunk | |
| 03:02 | Patch from Brad Smith to use posix_openpt() instead of open("/dev/ptmx"), where the former is available. Improves portability, since at least one OS (OpenBSD) supports the POSIX pty functions but does it via an underlying mechanism which doesn't involving having a /dev/ptmx. check-in: ab7860768b user: simon tags: trunk | |
| 03:02 | Use O_NOCTTY (if available) when opening /dev/ptmx, just in case any OS doesn't automatically assume it. (It would seem faintly weird to me - surely opening the master end of a given pty is a fairly good indication that you're _not_ a process running inside it which wants to have it available as /dev/tty! But you never know...) check-in: 66ab5269a3 user: simon tags: trunk | |
|
2012-12-17
| ||
| 02:40 | Add a bounds check in the word-by-word selection code to prevent attempting to call lineptr() with a y-coordinate off the bottom of the screen and triggering the dreaded 'line==NULL' message box. This crash can only occur if the bottommost line of the screen has the LATTR_WRAPPED flag set, which as far as I can see you can only contrive by constructing a LATTR_WRAPPED line further up the screen and then moving it down using an insert-line escape sequence. That's probably why this bug has been around forever without anyone coming across it. check-in: bb260df3df user: simon tags: trunk | |
|
2012-12-04
| ||
| 14:53 | Patch from Hideki Eiraku to make PuTTY call GetScrollInfo, so it can use 32-bit scrollbar position data instead of being limited to the 16-bit version that comes in scrollbar messages' wParam. check-in: 765fc74497 user: simon tags: trunk | |
|
2012-11-14
| ||
| 12:32 | Fix another error-reporting bug, in which sk_newlistener would fail to capture the error code if listen() returned an error, and instead pass 0 (saved from the previous successful bind) to winsock_error_string. check-in: 33092169d8 user: simon tags: trunk | |
|
2012-11-13
| ||
| 15:34 | When manually initialising a 'struct RSAKey' due to loading an SSH1 public key but not the private half, NULL out all the CRT-optimisation fields as well as the private exponent pointer. Otherwise segfaults - security-harmless, but annoying - can happen in freersakey() when we notice they aren't null and try to free them. check-in: 90444c9e7e user: simon tags: trunk | |
| 12:36 | Add a fallback case to winsock_error_string() which makes it call FormatMessage to get the OS's text for any error not in our own translation table. Should eliminate the frustrating 'unknown error'. (I haven't chosen to use FormatMessage unconditionally, because it comes out with enormous messages along the lines of "No connection could be made because the target machine actively refused it" in place of "Connection refused" and I'm Unixy enough to prefer the latter. Also, on older Windowses, Winsock error codes are in a separate API segment and don't work with FormatMessage anyway.) check-in: 33c1180299 user: simon tags: trunk | |
|
2012-10-17
| ||
| 15:48 | Windows's sk_address_is_local() was returning the wrong answers for IPv6 addresses, because I'd mistakenly cast an ai_addr to the low- level 'struct in6_addr' instead of the correct 'struct sockaddr_in6'. check-in: 0402f2fd06 user: simon tags: trunk | |
|
2012-10-16
| ||
| 15:15 | When a proxy negotiation function is called with PROXY_CHANGE_NEW, it should not call plug functions, because it's being called from within new_connection(), and the state on which the plug functions depend will not have been set up until new_connection() returns success. Instead, we set the error string in the Proxy_Socket, which will cause the same error message to be returned as a failure of new_connection(). check-in: c50d00af6f user: simon tags: trunk | |
| 15:15 | If you configure Unix PuTTY to use a proxy, tell it to even proxy localhost connections, and also enable X forwarding in such a way that it will attempt to connect to a Unix-domain X server socket, an assertion will fail when proxy_for_destination() tries to call sk_getaddr(). Fix by ensuring that Unix-domain sockets are _never_ proxied, since they fundamentally can't be. check-in: fbf994f8bf user: simon tags: trunk | |
|
2012-10-10
| ||
| 13:32 | Add timestamps to the 'SSH raw data' logging mode. check-in: fcbd3f6f44 user: simon tags: trunk | |
| 13:29 | A user points out that we should free the 'hProcess' and 'hThread' handles returned in the PROCESS_INFORMATION structure after we call CreateProcess. check-in: 4091a039e9 user: simon tags: trunk | |
|
2012-10-02
| ||
| 14:31 | Sumudu Fernando points out that in the big r9214 destabilisation I mistakenly rearranged the logic in an if statement in window.c, with the effect that scroll-wheel events are no longer sent via xterm mouse tracking. Put it back to the way it was. check-in: db702f5b14 user: simon tags: trunk | |
|
2012-09-23
| ||
| 10:36 | Clip the 'lines' parameter to scroll() at the size of the scroll window. scroll() iterates that many times, so this prevents a tedious wait if you give a very large parameter to ESC[L or ESC[M, for example. A side effect is that very large requests for upward scrolling in a context that affects the scrollback will not actually wipe out the whole scrollback: instead they push just the current lines of the screen into the scrollback, and don't continue on to fill it up with endless boring blank lines. I think this is likely to be more useful in general, since it avoids wiping out lots of useful scrollback data by mistake. I can imagine that people might have been using it precisely _to_ wipe the scrollback in some situations, but if so then they should use CSI 3 J instead. check-in: ebe1a34984 user: simon tags: trunk | |
|
2012-09-19
| ||
| 17:17 | Windows PSFTP has two places that call run_timers and I'd only updated one of them. Correct that. check-in: 3119e5baf3 user: ben tags: trunk | |
| 17:16 | Fix indentation mess in my timing overhaul. check-in: c172782c0b user: ben tags: trunk | |
| 17:12 | Fix a stupid sign bug in run_timers() that broke Windows Plink (and should really have broken everything else too). check-in: f22d9bc132 user: ben tags: trunk | |
| 12:08 | Make --help and --version work consistently across all tools. Well, at least across all command-line tools on both Windows and Unix, and the GTK apps on Unix too. The Windows GUI apps fundamentally can't write to standard output and it doesn't seem sensible to use message boxes for these purposes :-) check-in: 75423b66a5 user: simon tags: trunk | |
|
2012-09-18
| ||
| 18:07 | Better document the various environments with which Makefile.cyg works. check-in: 4f5cf307a3 user: ben tags: trunk | |
| 18:05 | Add a new COMPAT option for environments lacking SecureZeroMemory(), rather than explicitly checking for Winelib. It seems that w32api is lacking it as well. check-in: b814cb52ab user: ben tags: trunk | |
| 16:50 | Allow remote-to-local forwardings to use IPv6. RFC 4245 section 7.1 specifies the meaning of the "address to bind" parameter in a "tcpip-forward" request. "0.0.0.0" and "127.0.0.1" are specified to be all interfaces and the loopback interface respectively in IPv4, while "" and "localhost" are the address-family-agnostic equivalents. Switch PuTTY to using the latter, since it doesn't seem right to force IPv4. There's an argument that PuTTY should provide a means of configuring the address family used for remote forwardings like it does for local ones. check-in: f6fa69cf31 user: ben tags: trunk | |
| 16:42 | Two related changes to timing code: First, make absolute times unsigned. This means that it's safe to depend on their overflow behaviour (which is undefined for signed integers). This requires a little extra care in handling comparisons, but I think I've correctly adjusted them all. Second, functions registered with schedule_timer() are guaranteed to be called with precisely the time that was returned by schedule_timer(). Thus, it's only necessary to check these values for equality rather than doing risky range checks, so do that. The timing code still does lots that's undefined, unnecessary, or just wrong, but this is a good start. check-in: a2d79b9e07 user: ben tags: trunk | |
|
2012-09-17
| ||
| 17:28 | Quell a (correct) GCC warning in the NO_HTMLHELP case. check-in: 26974b0b75 user: ben tags: trunk | |
|
2012-09-13
| ||
| 18:00 | Should have been part of r9663: do use the platform-independent version of smemclr when compiling with Winelib. check-in: 55418d7f9a user: ben tags: trunk | |
| 17:34 | Tweak comment in Recipe that had become separated from its code. check-in: 1728fb86ce user: ben tags: trunk | |
| 17:34 | Don't try to use SecureZeroMemory under Winelib, since it isn't available there (yet). check-in: 9576fab1e6 user: ben tags: trunk | |
| 17:33 | Define SECURITY_WIN32 for Winelib/Cygwin builds as well as for VC. This should perhaps go into winmisc.c: it's caused problems for other people too: <http://stackoverflow.com/questions/8530159/vs2010-build-error-at-putty-source> check-in: a1328977bc user: ben tags: trunk | |
| 16:53 | In the cygwin Makefile, use "-o" on the windres command line to specify the output file. This appears to be supported by windres, and is required by wrc (the Winelib resource compiler). check-in: 8ed9ff86c4 user: ben tags: trunk | |
|
2012-09-08
| ||
| 14:46 | Most of the code for "nc" mode duplicated that for opening a session or a fowarded port. Arrange that this code is shared instead. The main visible change is a slight change of log messages. check-in: 45e5597a72 user: ben tags: trunk | |
| 05:40 | Hiroshi Oota points out that PuTTY's agent forwarding sockets can get confused if they receive a request followed by immediate EOF, since we currently send outgoing EOF as soon as we see the incoming one - and then, when the response comes back from the real SSH agent, we send it along anyway as channel data in spite of having sent EOF. To fix this, I introduce a new field for each agent channel which counts the number of calls to ssh_agentf_callback that are currently expected, and we don't send EOF on an agent channel until we've both received EOF and that value drops to zero. check-in: 18cc9933bb user: simon tags: trunk | |
|
2012-09-01
| ||
| 07:28 | Factor out some common code for constructing SSH2_CHANNEL_OPEN. check-in: a820fa2f7d user: ben tags: trunk | |
| 07:10 | struct winadj is unused now. G/c it. check-in: 215a9bd3fa user: ben tags: trunk | |
| 07:03 | All of the initial CHANNEL_REQUESTs are conditional on (ssh->mainchan && !ssh->ncmode), so bundle them up in a big block conditional on this rather than checking it five times. check-in: 7cd9f82d83 user: ben tags: trunk | |
| 06:32 | do_ssh2_authconn() now installs the standard handlers for CHANNEL_SUCCESS and CHANNEL_FAILURE as soon as it's opened a channel, so there's no need for it to set them again later. check-in: 3f43707fed user: ben tags: trunk | |
|
2012-08-30
| ||
| 13:48 | Memory leak fixes reported by Balazs Domjan. check-in: 837bb0029b user: simon tags: trunk | |
| 13:44 | Rename the various ssh2_maybe_setup_* functions to ssh2_setup_*, and move the primary conditions out of them into their callers. Fixes a crash in 'plink -N', since those functions would be called with a NULL channel parameter and immediately dereference it to try to get c->ssh. check-in: 91489422bb user: simon tags: trunk | |
| 13:44 | In openssh_read(), we shouldn't ever return SSH2_WRONG_PASSPHRASE for an unencrypted key. (The other import function, sshcom_read(), already got this right.) Thanks to David Wedderwille for the report. This is more than just an error-reporting mistake; it actually causes Windows PuTTYgen to tight-loop on attempting to load a corrupt OpenSSH key, because the 'wrong passphrase' return value causes the caller to loop round and try again, but of course it knows the key is unencrypted so it doesn't prompt for a different passphrase and just tries again with no change... check-in: eb33193237 user: simon tags: trunk | |
| 13:44 | Avoid leaking file handles in load_openssh_key(), as reported by David Wedderwille. check-in: 4487093d6a user: simon tags: trunk | |
|
2012-08-28
| ||
| 12:42 | Fix a controlling-terminal bug reported by Anthony Heading: Cygwin doesn't have TIOCSCTTY, so my attempt to set the ctty of the child process isn't doing anything, and only works by chance when you run bash because bash does the thing that _will_ set the ctty, namely opening the terminal file again without O_NOCTTY. So now we do that too. check-in: 2728617d96 user: simon tags: trunk | |
| 12:41 | Partially revert r9636. It is true that we can directly return the result of memcmp, but untrue that we can do so _unconditionally_: if memcmp returns zero, we still need to fall through to the next comparison. check-in: 3bce939695 user: simon tags: trunk | |
|
2012-08-27
| ||
| 18:16 | Clang, like LCC, objects to using '<' and '>' on function pointers. I'm not entirely sure that using memcmp() is any more defined by the C standard, but at least Clang doesn't complain about it. While I'm here, tree234 doesn't require that comparison functions return precisely +1 or -1, so we can use the return value of memcmp() directly. check-in: 59a02c549d user: ben tags: trunk | |
| 17:02 | Change return type of do_ssh2_transport() to void. Nothing pays attention to it any more, anyway. check-in: 602c100aba user: ben tags: trunk | |
| 16:55 | Make bombout() less of a macro and more of a function. This gives GCC slightly fewer opportunities to gratuitously inflate its output. check-in: e1f8ba8e7b user: ben tags: trunk | |
| 14:11 | Fix a memory leak in parse_ttymodes() (found by Memcheck/Valgrind). check-in: f3232e6fc3 user: ben tags: trunk | |
| 13:44 | Slightly simplify crFinishFree{,V}. They're only likely to be useful for freeing a coroutine state structure, in which case there's no need to reset the line number (since all such coroutines keep their line number in the state structure) and the state structure pointer is always called "s". check-in: fd2ca901e3 user: ben tags: trunk | |
| 12:37 | Don't close SSH-2 channels with outstanding channel requests on local error. In sshfwd_unclean_close(), get ssh2_check_close() to handle sending SSH_MSG_CHANNEL_CLOSE. That way, it can hold off doing so until any outstanding channel requests are processed. Also add event log message for unclean channel closures. check-in: 8f16c188ed user: ben tags: trunk | |
| 09:34 | It's not legal to free a coroutine's state structure before invoking crFinish or crFinishV, since they will attempt to write to the coroutine state variable contained in that structure. Introduced some new all-in-one macros crFinishFree and crFinishFreeV, and used those instead. Should fix today's report of a crash just after authentication. check-in: edfebde5a7 user: simon tags: trunk | |
|
2012-08-26
| ||
| 04:50 | Fix markup error introduced in r9626. check-in: 2f63c751c5 user: jacob tags: trunk | |
| 04:19 | Remove documentation for "Out of space for port forwardings" error. It no longer exists in the code, and should have been obsoleted by r9214 at the latest. check-in: 188ae2adc3 user: ben tags: trunk | |
|
2012-08-25
| ||
| 17:57 | Improve window-size handling in Unix Plink. Unconditionally override the configured terminal size with the one from stdin if it's available. This avoids the silliness whereby if Default Settings had a terminal size set, Plink used this and thus caused the server to use the wrong size. check-in: 102e90f6af user: ben tags: trunk | |
| 16:06 | Better handling of outstanding CHANNEL_REQUESTS on channel destruction. Part the first: make sure that all structures describing channel requests are freed when the SSH connection is freed. This involves adding a means to ask a response handler to free any memory it holds. Part the second: in ssh_channel_try_eof(), call ssh2_channel_check_close() rather than emitting an SSH_MSG_CHANNEL_EOF directly. This avoids the possibility of closing the channel while a CHANNEL_REQUEST is outstanding. Also add some assertions that helped with tracking down the latter problem. check-in: c87aa624ea user: ben tags: trunk | |
| 10:57 | Factor out common code to construct CHANNEL_REQUESTS. This reduces code size a little and also makes it harder to accidentally request a reply without putting in place a handler for it or vice versa. check-in: 3182a9a27e user: ben tags: trunk | |
| 10:04 | Simplify handling of responses to channel requests. The various setup routines can only receive CHANNEL_SUCCESS or CHANNEL_FAILURE, so there's no need for the to worry about receiving anything else. Strange packets will end up in do_ssh2_authconn instead. check-in: 054111be55 user: ben tags: trunk | |
| 09:34 | Add some kind of window tracking to logparse.pl. check-in: c22f69b213 user: ben tags: trunk | |
| 08:54 | Fix matching of channel and global requests with replies in logparse.pl. In each case, want_reply was being treated as true even when it wasn't, because it got decoded into "yes"/"no", both of which are true in Perl. check-in: 85c62a0921 user: ben tags: trunk | |
| 08:39 | Handle all replies to CHANNEL_REQUESTs through the per-channel queue. Each of the minor start-of-session requests is now dealt with by its own little co-routine, while the shell/command is done in do_ssh2_authconn() itself. This eliminates one more round-trip in session setup: PuTTY gets all the way up to sending a shell request before worrying about any replies. check-in: f8eedbd544 user: ben tags: trunk | |
| 06:12 | Generalise SSH_MSG_CHANNEL_{SUCCESS,FAILURE} handling. Now each channel has a queue of arbitrary handlers for those messages, with anything that sends a CHANNEL_REQUEST with want_reply true pushing a new entry onto the queue, and a shared handler that dispatches responses appropriately. Currently, this is only used for winadj@putty.projects.tartarus.org, but extending it to cover the initial requests as well shouldn't be too painful. check-in: 008c38a33f user: ben tags: trunk | |
|
2012-08-22
| ||
| 13:36 | Fix a bug in the PSFTP command parser which would cause it to hallucinate an extra empty argument word at the end of a line if the line ended in more than one whitespace character. check-in: 07769e1daf user: simon tags: trunk | |
| 13:25 | Enhance logparse.pl so that it detects channels running SFTP and decodes the SFTP message layer in addition to the underlying SSH. Requests and responses are matched up via their ids. check-in: 297ea2b807 user: simon tags: trunk | |
|
2012-08-21
| ||
| 18:04 | Fix recently-introduced memory leak in ssh2_msg_unexpected(). check-in: 4d3163506d user: ben tags: trunk | |
| 17:33 | De-duplicate code in KEXINIT generation. There's no need to have identical code generating server-to-client and client-to-server versions of the cipher and MAC lists; a couple of twice-around loops will do fine. check-in: 8a9f4acc01 user: ben tags: trunk | |
| 17:04 | Reworking of packet delivery to coroutines in SSH-2. Before, NULL in the dispatch table meant "send to the appropriate one of do_ssh2_transport() and do_ssh2_authconn()". Now those (via small shims) are specified directly in the dispatch table, so ssh2_protocol() is much simpler. In the process, this has somewhat centralised the handling of gross server protocol violations. PuTTY will now disconnect with a rude message when (e.g.) OpenSSH sends us an SSH_MSG_UNIMPLEMENTED when we try to KEXINIT during authentication. check-in: 147d6fa6a9 user: ben tags: trunk | |
|
2012-08-19
| ||
| 06:35 | Fix an erroneous "case" fallthrough in ssh1_msg_channel_close, which was causing assertion failures when closing X11 channels in SSH-1. Also fix another pasto. check-in: 4c44cc259a user: ben tags: trunk | |
|
2012-08-18
| ||
| 04:30 | Tweak to SSH coroutine code: put line number in the coroutine state structure, which is consistent with Simon's canonical version of the macros. check-in: e5667a8d0d user: ben tags: trunk | |
|
2012-08-12
| ||
| 15:17 | Use a single sftp_senddata() to send each SFTP packet, rather than using one for the length field and one for the rest of the packet contents. Since sftp_senddata() has no queuing or deferral mechanism but instead constructs and sends an SSH2_MSG_CHANNEL_DATA message immediately, this change has the effect of ceasing to split every SFTP packet across two SSH messages. check-in: 46ddd55b12 user: simon tags: trunk | |
|
2012-08-11
| ||
| 04:10 | Rework bufchain code to allow for variable-sized granules. bufchain_add() now allocates at most one new granule. Granules still have a minimum size, so small adds still get coalesced. The main practical consequence of this is that PSCP and PSFTP now generate 4K SSH packets rather than 512-byte ones. Also, the compiled code (on my Ubuntu box) is fractionally smaller. check-in: ead74b235b user: ben tags: trunk | |
|
2012-08-02
| ||
| 17:18 | Reduce the number of round-trips involved in opening an SSH-2 session by sending most of the initial SSH_MSG_CHANNEL_REQUEST messages before waiting for any replies. The initial version of this code was a clever thing with a two-pass loop, but that got hairy so I went for the simpler approach of separating the request and reply code and having flags to keep track of which requests have been sent. check-in: 5da2ce49e0 user: ben tags: trunk | |
|
2012-07-29
| ||
| 08:38 | Add a missing \define I accidentally assumed was there in r9592. check-in: bb7c73258b user: simon tags: trunk | |
|
2012-07-28
| ||
| 14:30 | Add a bug-compatibility flag to disable the winadj@putty.projects.tartarus.org request. Not currently enabled automatically, but should be usable as a manual workaround. check-in: feb44c7dcc user: simon tags: trunk | |
| 11:53 | Fix an embarrassing mistake in config box handling which was causing changes to any SSH bug config option to be lost when the config box switched to a different panel, at least on GTK. check-in: 723e01c194 user: simon tags: trunk | |
| 11:33 | Move the declaration of smemclr() out of putty.h into misc.h, because one of its uses (in sshaes.c) wasn't picking up the former. Thanks to Ubuntu's gcc for spotting that. check-in: b41c0f9a37 user: simon tags: trunk | |
| 11:33 | Remove an unused variable. check-in: 5fca0480b8 user: simon tags: trunk | |
|
2012-07-22
| ||
| 14:51 | Introduce a new utility function smemclr(), which memsets things to zero but does it in such a way that over-clever compilers hopefully won't helpfully optimise the call away if you do it just before freeing something or letting it go out of scope. Use this for (hopefully) every memset whose job is to destroy sensitive data that might otherwise be left lying around in the process's memory. check-in: aee68b8d31 user: simon tags: trunk | |
| 14:48 | Remove a bashism in mksrcarc.sh, without which bob builds fail on Ubuntu (whose /bin/sh is not bash). check-in: 4aed111c79 user: simon tags: trunk | |
|
2012-07-18
| ||
| 23:42 | Add '-Wall -Werror' to the compile options in the autotools makefile, having just noticed that Makefile.gtk had it and this one doesn't. (Of course, this being autoconf, we can easily enough make it conditional on the compiler actually being gcc.) check-in: b18fa86db2 user: simon tags: trunk | |
| 23:29 | Rework the new type-check in sresize so that it doesn't cause a compile warning ('left-hand operand of comma expression has no effect'), which of course becomes fatal under -Werror. (This would have been instantly noticeable to people compiling with the old-fashioned Makefile.gtk, which does include -Wall -Werror, but those of us using the new autoconf makefile hadn't noticed.) check-in: e0cb545c71 user: simon tags: trunk | |
| 11:08 | Remove term_key, which was intended to handle function keys in a cross- platform manner, but which nothing ever called. It thus served only to trap up the unwary. The live function key handling code lives in the frontends, i.e. window.c on Windows and gtkwin.c on Unix. check-in: ebca704008 user: owen tags: trunk | |
|
2012-07-11
| ||
| 13:12 | If pterm's execvp fails when given the whole argument list after -e, and the argument list contains only one string, try again by passing that single string to "$SHELL -c" to be parsed as a shell command. This matches xterm's behaviour (as of xterm 261, at least), and means in practice that users can do _either_ of 'pterm -e some command' and 'pterm -e "some command"'. (A quick survey suggests that the majority of X terminal programs agree with pterm's old behaviour of only supporting '-e some command', except that gnome-terminal only supports the other behaviour and xterm supports both. With that disagreement, I think supporting both is probably the sensible thing.) check-in: 6530f824ce user: simon tags: trunk | |
|
2012-07-05
| ||
| 18:45 | Turns out that the compose-keys fix in r9567 did in fact break one piece of keyboard handling: if Num Lock is on, numeric keypad keys are eaten by the IM, so we must avoid passing them to the IM in the first place if we're in any non-default numeric keypad mode (application or Nethack). This is a grubby way to do it, but the more obvious approach of just moving the Nethack and app-keypad if statements up to above the IM call doesn't work because those statements depend on the generic Alt-prefix handling that happens just _below_ the IM call. So instead I just repeat the list of keystrokes and modes in an if statement conditionalising the IM call. check-in: 7c3afb2e69 user: simon tags: trunk | |
|
2012-07-01
| ||
| 11:55 | Stop including <gtk/gtkcontainer.h> directly, since a user points out that it'll be absent in GTK 3. check-in: 9858aaec38 user: simon tags: trunk | |
|
2012-06-20
| ||
| 12:39 | John Hartnup reports that Apache SSHD's SFTP server responds to FXP_READDIR on an empty directory by returning a zero-length list of filenames, instead of the more common response of a list containing just "." and "..". Stop PSFTP failing an assertion when that happens. check-in: 36569ee0d2 user: simon tags: trunk | |
|
2012-06-18
| ||
| 13:10 | Add the missing code to treat data coming from the input method as keypresses for purposes of hiding the mouse pointer and resetting the scrollback. check-in: a0c27fcd97 user: simon tags: trunk | |
|
2012-06-17
| ||
| 02:26 | Support for dead keys and compose sequences on Unix, by instantiating a GtkIMMulticontext and having that filter most keypresses. I think I've got this right so that it doesn't break any previous deliberate keyboard-handling behaviour that's now _after_ the 'if (filter keypress) return' statement. check-in: e02da4865e user: simon tags: trunk | |
|
2012-06-09
| ||
| 10:09 | Introduce a third setting for the 'bold as colour' mode, which lets you both brighten the colour _and_ bold the font at the same time. (Fixes 'bold-font-colour' and Debian #193352.) check-in: 8394417bea user: simon tags: trunk | |
|
2012-06-04
| ||
| 18:32 | Add missing check for failure to agree a host key algorithm. check-in: dac73d4239 user: simon tags: trunk | |
|
2012-06-01
| ||
| 14:43 | Missing #include. check-in: 22958c57fc user: simon tags: trunk | |
| 01:50 | Fix a bug in cygtermd, spotted by Casey Zacek, in which we unconditionally set the telnet state to SEENCR regardless of whether we have actually seen a CR, and as a result sending a NUL through PuTTY (via Ctrl-Space or whatever) does not work. Must have arisen through some kind of really weird cut-and-paste error! check-in: f270727eb1 user: simon tags: trunk | |
|
2012-05-18
| ||
| 14:51 | Enhance my 'sresize' macro so that it type-checks the pointer you pass _in_ to it, as well as the one it returns. Why have I never thought of doing that before?! check-in: 35bac4b296 user: simon tags: trunk | |
|
2012-05-15
| ||
| 17:19 | Fix bug in the new CLOCK_MONOTONIC implementation. I was treating the nanoseconds field as a microseconds field, with hilarious consequences. check-in: 90d7f8c35f user: simon tags: trunk | |
|
2012-05-13
| ||
| 10:59 | Use clock_gettime(CLOCK_MONOTONIC) as the Unix getticks(), if it's available. check-in: 37168cc6dd user: simon tags: trunk | |
| 10:59 | Patch from Robert de Bath to substantially simplify timing.c. The previous platform-dependent ifdefs, switching between a system which tried to cope with spurious callbacks (which I'd observed on Windows) and one which tried to cope with system clock jumps (which can happen on Unix, if you use gettimeofday) have been completely removed, and replaced with a much simpler approach which just copes with system clock jumps by triggering any timers immediately. None of the resulting effects should be catastrophic (the worst thing might be the waste of CPU in a spurious rekey, but as long as the system clock isn't jumping around _all_ the time that's hardly critical) and in any case the Unix port has had a long-standing oddity involving occasional lockups if pterm or PuTTY runs for too long, which hopefully this should replace with a much less bad failure mode. And the code is much simpler, which is not to be sneezed at. check-in: 88bffdc065 user: simon tags: trunk | |
| 10:59 | Fix from Robert de Bath which reorders the Windows initialisation sequence: since init_fonts sets up ucsdata based on the available Windows fonts, we should call it before passing ucsdata to term_init. check-in: 2717a22bba user: simon tags: trunk | |
| 10:59 | Bug fix from Robert de Bath: since lpDx_maybe is always supposed to equal either lpDx or NULL, we mustn't forget to update it when we realloc lpDx. check-in: 97d3643dfe user: simon tags: trunk | |
|
2012-05-12
| ||
| 12:00 | When we are asked to unthrottle an SSH connection (by the front end calling back->unthrottle), we should immediately call ssh_process_queued_incoming_data to handle the SSH packets that have been saved for later functioning while we were throttled. Otherwise, they'll sit there unhandled until the next call to ssh_gotdata, which might not be for ages if the server thinks it's waiting for us. check-in: 02b713d7b0 user: simon tags: trunk | |
|
2012-04-30
| ||
| 12:28 | Fix trivial Perl goof in logparse.pl which caused SSH2_MSG_CHANNEL_FAILURE to be reported as replying to ARRAY(0xrubbish) instead of to a message number. check-in: cf89852550 user: simon tags: trunk | |
|
2012-04-24
| ||
| 12:33 | Fix an inverted comparison in rlogin.c which must surely have broken logins completely, with or without a supplied username. Ahem. check-in: 43d74f79ef user: simon tags: trunk | |
|
2012-04-23
| ||
| 12:59 | Call sshfwd_unclean_close() in the event of a local socket error on a forwarded X connection. (I somehow forgot to do this in r9364, despite making the identical change in portfwd.c.) check-in: b487bd5e1d user: simon tags: trunk | |
|
2012-04-22
| ||
| 09:22 | Patch from Robert de Bath to ifdef out the Windows-specific hack for the offset horizontal line characters in the VT100 line-drawing set (o,p,r,s), so that no trace of it - and hence no pointless performance hit - is compiled into the cross-platform modules on non-Windows platforms. check-in: c9610e7ecb user: simon tags: trunk | |
| 09:22 | Bug fix from Robert de Bath: if the utf8_override setting is changed in mid-session, it affects translation and hence display, so it should be listed among the settings that require a redraw. check-in: 15c9c5b0d3 user: simon tags: trunk | |
| 09:22 | Bug fix from Robert de Bath: if wc_to_mb returns a length of zero, it will not even initialise sbstring[0], so we shouldn't even look at it let alone depend on it to tell us the desired character was absent. check-in: 31149e5bdd user: simon tags: trunk | |
|
2012-04-18
| ||
| 01:36 | Conditionalise the calls to premsg and postmsg in uxcons.c's logevent(), which temporarily turn off the raw mode we've put stderr into, so that they don't get called if the log_eventlog() call between them is not _actually_ going to write to stderr. Fixes a bug in which, if you define a Unix PuTTY saved session which uses 'plink -nc' as a local proxy command and then run PuTTY backgrounded from the shell with that session loaded, the subprocess Plink would get SIGTTOU when it tried to muck about with stderr and the whole thing would grind to a halt. I'm prepared to consider that acceptable if Plink _really_ wants to write on standard error, but if it doesn't, it should just carry on working in the background! check-in: cdafcd314c user: simon tags: trunk | |
|
2012-04-16
| ||
| 13:21 | Fix a Perl warning about useless use of a constant in void context. check-in: 176866b9c2 user: simon tags: trunk | |
|
2012-04-14
| ||
| 12:24 | New utility script to parse an SSH packet dump and write out an interpretation with some analysis done on it. The script will do its own tracking of the set of open channels and their states, and its output is in a one-line-per-packet format such that every distinct channel has a unique identifier in it which should make it easy to grep out all lines relating to that channel. The script also matches up {CHANNEL,REQUEST}_{SUCCESS,FAILURE} to the requests that caused them, by tracking a queue of requests in each direction per channel and for global requests. Command-line options permit generating a final dump of all channels ever known to the script and their various ids and final state, and also dumping out the data transferred over each channel in each direction. Output is not complete, in the sense that some parameters in some messages (e.g. pixel sizes in window-size specifications) are deliberately omitted due to being boring, and the entire contents of some messages (e.g. KEXINIT) are omitted because I haven't yet seen any purpose in decoding them. Filling them in might be a useful thing, although I'm inclined to think that the default should still be to show only the potentially interesting stuff (e.g. still not pixel sizes!) and enable the rest using a -v option. Hopefully this should do a lot of the legwork in debugging issues in which a channel mysteriously remains partially open and prevents PuTTY closing. check-in: bacd65bbf5 user: simon tags: trunk | |
|
2012-04-13
| ||
| 13:02 | Add code in dlg_filesel_set and dlg_fontsel_set which makes them duplicate the strings they pass to gtk_entry_set_text. I was already doing that in dlg_editbox_set, but forgot to add the same code when I revamped FontSpec and Filename to contain dynamically allocated strings (r9314 and r9316 respectively). This fixes a bug where, on some versions of GTK (but apparently not up-to-date versions), loading a saved session causes gibberish to appear in file-selector edit boxes accompanied by a valgrind error. check-in: 9e94ccddfe user: simon tags: trunk | |
|
2012-04-08
| ||
| 04:42 | Fallout from the big revamp in r9214: colour handling was going a bit wonky because I'd used the subkey for the red component in four places where I should have used the green/blue subkeys instead. Thanks to Martin Kletzander for spotting it. check-in: 9bf895b959 user: simon tags: trunk | |
|
2012-03-05
| ||
| 12:40 | Fix another type mismatch introduced by r9409. check-in: d2c442916f user: simon tags: trunk | |
| 12:34 | Fix a type mismatch in minibidi.c - r9409 changed the 'wc' fields in bidi_char from wchar_t to unsigned int, but omitted to similarly adjust the parameter to doMirror which is passed a pointer to that field. check-in: 747a4a8d26 user: simon tags: trunk | |
| 12:32 | Initialise some variables to NULL, to placate optimisers. check-in: f98093aa2e user: simon tags: trunk | |
|
2012-03-03
| ||
| 19:01 | Remove comment about 1024/1023 RSA key lengths that's no longer true as of r9421. check-in: fdca1e4975 user: jacob tags: trunk | |
| 18:24 | Generate keys more carefully, so that when the user asks for an n-bit key they always get an n-bit number instead of n-1. The latter was perfectly harmless but kept confusing users. check-in: de4b8709f0 user: simon tags: trunk | |
| 18:24 | Long overdue rewrapping of the primes[] array for legibility. I think the previous ghastly formatting arose when I ran the whole source base through GNU indent... check-in: a4226d3c39 user: simon tags: trunk | |
|
2012-02-19
| ||
| 04:44 | Update default key length in PuTTYgen to 2048. check-in: c630f6dc40 user: simon tags: trunk | |
| 04:32 | Update to 2007-05-26 version of upstream wcwidth.c. check-in: e4d74f3b5c user: simon tags: trunk | |
| 04:27 | Patch from Matsui Nag to implement xterm's "bracketed paste mode", in which text pasted into the terminal is preceded and followed by special function-key-like escape sequences ESC[200~ and ESC[201~ so that the application can identify it and treat it specially (e.g. disabling auto-indent-same-as-previous-line in text editors). Enabled and disabled by ESC[?2004h and ESC[?2004l, and of course off by default. check-in: 90e7b33dbb user: simon tags: trunk | |
|
2012-02-17
| ||
| 13:28 | Patch from Yoshida Masato to fill in the missing pieces of Windows UTF-16 support. High Unicode characters in the terminal are now converted back into surrogates during copy and draw operations, and the Windows drawing code takes account of that when splitting up the UTF-16 string for display. Meanwhile, accidental uses of wchar_t have been replaced with 32-bit integers in parts of the cross-platform code which were expecting not to have to deal with UTF-16. check-in: af034c145b user: simon tags: trunk | |
|
2012-02-05
| ||
| 04:08 | WM_SIZE/SIZE_MAXIMIZED can show up even during an interactive resize, so we should ensure we treat it the same way as other WM_SIZEs that show up during that time: set the width and height in conf, and set the flag to have that width and height enacted on WM_EXITSIZEMOVE. Fixes a bug in which dragging a PuTTY window directly from the Win7 snapped-to-half-screen position to the snapped-to-maximised state would leave the terminal in the pre-snapped size. check-in: f465256d47 user: simon tags: trunk | |
|
2012-01-29
| ||
| 18:29 | New FAQ: "When I put PuTTY in C:\WINDOWS\SYSTEM32 on my 64-bit Windows system, `Duplicate Session' doesn't work." (Explanation courtesy Owen.) check-in: a4057416e6 user: jacob tags: trunk | |
|
2012-01-26
| ||
| 12:53 | It's a new year. check-in: 5c1e09c0b1 user: jacob tags: trunk | |
| 12:22 | If we're called on to uncleanly close an SSH channel for which we've already sent SSH2_MSG_CHANNEL_CLOSE, we should not skip the _whole_ of sshfwd_unclean_close(), only the part about sending SSH2_MSG_CHANNEL_CLOSE. It's still important to retag the SSH channel as CHAN_ZOMBIE and clean up its previous data provider. check-in: 4dc3ffb821 user: simon tags: trunk | |
|
2012-01-03
| ||
| 13:43 | Patch from Colin Watson to use g_ascii_strcasecmp in place of the deprecated g_strcasecmp (since all the strings being compared are parts of XLFDs and won't be in interesting character sets anyway). check-in: 861a49e69b user: simon tags: trunk | |
|
2011-12-10
| ||
| 12:08 | Tag 0.62 release. Leaf check-in: 9c44b3c894 user: simon tags: putty-0.62, putty-branch-0.61 | |
| 08:03 | Checklist update following the 0.62 release. I managed to send out the announcement email without a subject line, so I'm reorganising the announcement entry in the checklist in the hope that it'll make it harder for me to get that one wrong in future! check-in: 2e6ff4194a user: simon tags: trunk | |
| 06:07 | Bump version number on trunk prior to tagging 0.62 on the branch. check-in: 896ba0eb03 user: simon tags: trunk | |
|
2011-12-08
| ||
| 13:15 | Introduce a function sshfwd_unclean_close(), supplied by ssh.c to subsidiary network modules like portfwd.c. To be called when the subsidiary module experiences a socket error: it sends an emergency CHANNEL_CLOSE (not just outgoing CHANNEL_EOF), and immediately deletes the local side of the channel. (I've invented a new channel type in ssh.c called CHAN_ZOMBIE, for channels whose original local side has already been thrown away and they're just hanging around waiting to receive the acknowledging CHANNEL_CLOSE.) As a result of this and the last few commits, I can now run a port forwarding session in which a local socket error occurs on a forwarded port, and PuTTY now handles it apparently correctly, closing both the SSH channel and the local socket and then actually recognising that it's OK to terminate when all _other_ channels have been closed. Previously the channel corresponding to the duff connection would linger around (because of net_pending_errors never being called), and keep being selected on (hence chewing CPU), and inhibit program termination at the end of the session (because not all channels were closed). check-in: 9377dd8f27 user: simon tags: trunk | |
| 13:15 | Arrange to call net_pending_errors on Unix, which we've never actually remembered to do before! Also some related fixes, such as that after we do so we should immediately stop selecting on the socket in question. check-in: 49322399b9 user: simon tags: trunk | |
| 13:15 | When we receive CHANNEL_CLOSE on an SSH-2 channel and haven't sent EOF on it yet, we should send EOF on _that channel_, not the main session channel! Oops. check-in: 88c017dc17 user: simon tags: trunk | |
| 13:15 | Whitespace fix while I was passing. check-in: a1b22459c5 user: simon tags: trunk | |
| 13:15 | Make sure we never send window adjustments (or winadjes) on channels for which we've already sent CHANNEL_CLOSE. It would be embarrassing if the remote end had also sent CHANNEL_CLOSE in response and then received our communication once it had forgotten about the channel. check-in: fe229d2998 user: simon tags: trunk | |
| 13:15 | Block SIGPIPE in Unix plink. In a port-forwarding run we may have lots of local sockets and pipes all open at once, and if one of them is uncleanly closed from the remote end we don't want the whole application to die - we want to close that socket's SSH channel and continue with the rest of the run. check-in: e039bca76c user: simon tags: trunk | |
|
2011-12-07
| ||
| 13:07 | Add a missing free_prompts() call in the keyboard-interactive code. check-in: 596656b982 user: simon tags: trunk | |
|
2011-11-28
| ||
| 13:23 | Tiny patch from Martin Packman to fix a Windows handle leak in Pageant's IPC mechanism. It's incomplete (he sent a much more comprehensive set of fixes that I haven't reviewed), but should be adequate to mitigate a particular issue for Bazaar users. check-in: 8050548bc2 user: simon tags: trunk | |
| 13:17 | I missed a bit in r9343: windows/version.rc2 also needed updating for the new 'pre-release' version type. check-in: a0be433597 user: simon tags: trunk | |
|
2011-11-27
| ||
| 05:10 | Add a release checklist entry to remind me to get rid of 'pre-release' sections on the Download page. check-in: 5cc46486b7 user: simon tags: trunk | |
|
2011-11-26
| ||
| 11:35 | Introduce a new version type, 'prerelease'. Quotes the version number it's a pre-release of, and the revision number so you can tell two pre-releases apart. I intend to use this for builds from branch-0.61 until I call it 0.62 proper. check-in: acf1c41d51 user: simon tags: trunk | |
|
2011-10-14
| ||
| 02:03 | Support code page 852. Thanks to Tamas Tevesz. check-in: 7459546673 user: simon tags: trunk | |
|
2011-10-02
| ||
| 09:16 | Private files saved on Unix should have mode 0600, not 0700. They're generally private-key files, which have no need to be executable. check-in: c4dd9a1230 user: simon tags: trunk | |
| 09:14 | More arbitrary-limit hunting: retire PASSPHRASE_MAXLEN in the Windows GUIs of Pageant and PuTTYgen. With that and the prompts_t redesign, there should no longer be any limit on passphrase length other than the patience of the user. check-in: 2a6b005d2c user: simon tags: trunk | |
| 09:03 | Another utility function, to free a string containing sensitive data. check-in: 27157daada user: simon tags: trunk | |
| 08:53 | Move a recently introduced utility function out of the file in which I declared it static, and into winutils.c where it can be more generally accessible. check-in: 2dfc9e873c user: simon tags: trunk | |
| 06:50 | While I'm crusading against arbitrary limits, here's a redesign of prompt_t to arrange that the buffer in which each prompt is stored can be reallocated larger during the input process. check-in: 3f7657c9b5 user: simon tags: trunk | |
| 06:01 | Turn 'Filename' into a dynamically allocated type with no arbitrary length limit, just as I did to FontSpec yesterday. check-in: 7756dc109c user: simon tags: trunk | |
|
2011-10-01
| ||
| 13:00 | Fix copy-and-paste error in command-line font selection in r9314. check-in: 2d4a59148d user: jacob tags: trunk | |
| 12:38 | Change the semantics of 'FontSpec' so that it's a dynamically allocated type. The main reason for this is to stop it from taking up a fixed large amount of space in every 'struct value' subunion in conf.c, although that makes little difference so far because Filename is still doing the same thing (and is therefore next on my list). However, the removal of its arbitrary length limit is not to be sneezed at. check-in: 78529746fb user: simon tags: trunk | |
|
2011-09-19
| ||
| 11:38 | We shouldn't fork off a utmp helper subprocess when we aren't setuid, because (a) under that circumstance we won't be writing to utmp anyway, and (b) if we aren't setuid, then we won't have created the pty at the point we fork, so even if our subprocess _could_ have written to utmp it wouldn't have done it right! Spotted by valgrind (triggering on the access beyond the end of the ttyname string in setup_utmp, clueing me in to it having been empty). check-in: acb21a748a user: simon tags: trunk | |
| 11:21 | Add a missing initialisation to NULL. check-in: f2d153ee09 user: simon tags: trunk | |
|
2011-09-17
| ||
| 09:50 | Cope with XFontStructs having a NULL per_char array, which happened to me this morning under strange circumstances. check-in: b1c237ec85 user: simon tags: trunk | |
| 03:11 | Fix x11font_has_glyph so it doesn't get caught out by signed chars. check-in: 4cf87efd79 user: simon tags: trunk | |
|
2011-09-16
| ||
| 14:18 | Suppress Pango's bidi, by displaying RTL characters one at a time. I hadn't previously noticed, but Pango was helpfully re-reversing text that PuTTY's own bidi module had already reversed, leading to Arabic text being wrongly displayed and also total chaos when you move the cursor over it or try to cut and paste it. check-in: 62f403a7c9 user: simon tags: trunk | |
| 14:18 | Support font fallback even when an X11 server-side font is selected, by introducing a wrapper around an individual unifont which falls back to Pango (which already has built-in fallback) in the case where the selected font doesn't support the glyph in question. The wrapper itself is a (vestigial) subclass of unifont, to minimise disturbance at the call sites. check-in: 91efaca9f4 user: simon tags: trunk | |
| 14:18 | Change the unifont API so that text is passed right down to the individual font implementation as wchar_t, rather than having to be converted by the client into the appropriate MBCS/SBCS. This also means I can remove 'real_charset' from the public-facing contents of the unifont structure. check-in: a22d103f26 user: simon tags: trunk | |
| 14:18 | Add some missing consts in character set handling. check-in: d7363b4954 user: simon tags: trunk | |
| 04:01 | Remove empty.h from CLEANFILES, so that after mkfiles.pl has constructed it it won't be deleted again by 'make clean'. The effect is that not only does this work (as r9288 arranged), ./configure; make plink but these work too: ./configure; make; make clean; make plink ./configure; make; make distclean; ./configure; make plink check-in: e24f3aade9 user: simon tags: trunk | |
| 03:49 | Stop using GDK's wrapper on the X11 font functions (GdkFont). All X11 font operations are now done directly using Xlib calls, and the only interaction with GDK within the x11font mechanism is to get the X ids for drawables, GCs and the X display itself. This should remove an obstacle to porting to GTK3, and also makes the XFontStruct for loaded fonts more readily available, which I hope will come in handy for another plan I have in mind. check-in: 7e53488c87 user: simon tags: trunk | |
|
2011-09-14
| ||
| 10:54 | Create empty.h (used to force rebuilds of version.o by the automake makefile) as a side effect of running mkfiles.pl. The automake docs observe that the BUILT_SOURCES list is only automatically built by plain 'make' or 'make all' or a couple of other targets, so the sequence './configure && make plink' from a freshly unpacked tar file would previously fail for lack of empty.h. If empty.h had important _content_ that needed to be built at compile time, of course, I wouldn't be able to fix it like this; but since the only important thing is the timestamp, I can just make sure it already exists at the time of first build. check-in: 354e7a22cd user: simon tags: trunk | |
| 04:49 | No, I take that back: we _do_ have a mechanism for suppressing reads from forwarding data sources which will be good enough to last until we close the socket, in the form of the override_throttle() functions. So this finishes up the work in r9283, by manufacturing outgoing EOF in response to incoming CLOSE on all channel types. check-in: a4b537e1f3 user: simon tags: trunk | |
| 04:09 | Another tweak to EOF policy: invent an outgoing EOF on receipt of an incoming CHANNEL_CLOSE, if it's the main session channel. The idea is that invocations such as 'plink -T hostname sh' (running a shell without a remote pty) can be exited by typing 'exit' to the remote shell, without plink blocking forever waiting for outgoing EOF. I think it would be better to do the same for all other channel types too, but that would need an extra API call which I haven't implemented yet. check-in: 304b3571f2 user: simon tags: trunk | |
|
2011-09-13
| ||
| 10:38 | Changed my mind about the EOF policy in SSH mode: I think the SSH backend should unilaterally assume outgoing EOF when it sees incoming EOF, if and only if the main session channel is talking to a pty. (Because ptys don't have a strong concept of EOF in the first place, that seems like a sensible place to draw the line.) This fixes a bug introduced by today's revamp in which if you used Unix Plink to run a console session it would hang after you hit ^D - because the server had sent EOF, but it was waiting for a client-side EOF too. check-in: 3aaf9b7e0f user: simon tags: trunk | |
| 06:56 | Nearly forgot noting this down in the 'half-closed' bug entry: don't send CHANNEL_CLOSE until we have acks for all our winadj requests. Should work around https://bugzilla.mindrot.org/show_bug.cgi?id=1818 . check-in: de1e102574 user: simon tags: trunk | |
| 06:44 | Revamp of EOF handling in all network connections, pipes and other data channels. Should comprehensively fix 'half-closed', in principle, though it's a big and complicated change and so there's a good chance I've made at least one mistake somewhere. All connections should now be rigorous about propagating end-of-file (or end-of-data-stream, or socket shutdown, or whatever) independently in both directions, except in frontends with no mechanism for sending explicit EOF (e.g. interactive terminal windows) or backends which are basically always used for interactive sessions so it's unlikely that an application would be depending on independent EOF (telnet, rlogin). EOF should now never accidentally be sent while there's still buffered data to go out before it. (May help fix 'portfwd-corrupt', and also I noticed recently that the ssh main session channel can accidentally have MSG_EOF sent before the output bufchain is clear, leading to embarrassment when it subsequently does send the output). check-in: 0831792ea4 user: simon tags: trunk | |
| 05:27 | In term_init(), copy stuff out of the conf _before_ calling power_on(), since the latter calls term_schedule_cblink which expects term->blink_cur to have been initialised. check-in: 71f4e9ba69 user: simon tags: trunk | |
| 02:35 | Fix assertion failure in wprefs() when the list is zero-length. Breaks any session-save operation in PuTTYtel due to the empty GSS list. check-in: 2244328453 user: simon tags: trunk | |
|
2011-08-20
| ||
| 03:18 | Instead of testing for different versions of GTK in increasing order of preference so that the later ones overwrite the configured stuff from the older ones, test in decreasing order of preference and stop as soon as one is successful. Fixes a problem in which autoconfiguration on a system containing only GTK 1 would go wrong because the _failed_ test for GTK 2 would overwrite some but not all of the variables set by the successful test for v1. check-in: d340976f19 user: simon tags: trunk | |
| 02:56 | Add a -U option to mkfiles.pl, which is just like -u except that it runs configure at the top level rather than the unix subdirectory. I'm getting into the idea of even doing it that way myself, because then I can do VPATH builds from the same source tree elsewhere. (Autoconf seems to be fine with doing multiple VPATH builds from the same source tree in different build directories, but gets upset if you try to do a VPATH build when you've done a normal build in the real configure directory. So this way I do what autoconf sees as _only_ VPATH builds.) check-in: e46cd25e46 user: simon tags: trunk | |
|
2011-08-19
| ||
| 09:55 | Fix bug with setting window title on Unix that came in with r9214. check-in: 56f8573d8f user: jacob tags: trunk | |
|
2011-08-18
| ||
| 05:47 | Fix a suspected bug in PSCP's SCP protocol fallback from r9214 (untested since I don't have access to a server that still needs this fallback). check-in: 35ad2471cb user: jacob tags: trunk | |
| 05:45 | Restore data-bits options for "-sercfg" that were accidentally lost in r9214. check-in: 96a0aff613 user: jacob tags: trunk | |
|
2011-08-13
| ||
| 09:48 | Readjust Pageant's SID check _again_, to make it the union of the policies before and after r9178, and hence able to talk to both 0.60-like and 0.61-like clients. I had failed to consider that many pieces of code derived from PuTTY would have imported the Pageant client code, so we shouldn't randomly stop supporting things just because _we_ aren't using them any more. check-in: 7ccaeb366c user: simon tags: trunk | |
|
2011-08-12
| ||
| 12:28 | Updates to svn:ignore: ignore libversion.a in the top-level directory (for people doing their builds there), and ignore 'compile' in the unix subdirectory (a dropping from autotools that I missed). check-in: dee503b112 user: simon tags: trunk | |
|
2011-08-11
| ||
| 13:13 | If we're printing password prompts to /dev/tty rather than standard error, we should also read the corresponding password inputs from /dev/tty. That way, redirection of Plink's standard input will play nicely with SSH sessions that need interactive login. (This is what we get for disdaining getpass(3) and going it alone, of course. But we had no choice, due to the extra output part way through keyboard-interactive.) check-in: 8196d21cac user: simon tags: trunk | |
| 12:59 | Propagate file permissions in both directions in Unix pscp and psftp. I think I have to consider this to be a separate but related change to the wishlist item 'pscp-filemodes'; that was written before the Unix port existed, and referred to the ability to configure the permissions used for files copied from Windows to Unix - which is still not done. check-in: 797da58367 user: simon tags: trunk | |
|
2011-07-27
| ||
| 13:43 | Fix bug in which the SSH-only tools (pscp, psftp) did not honour a nonstandard port number when loading a saved session. Occurs because those tools include be_none.c which defines no entries in backends[] at all, as a result of which settings.c doesn't recognise the word 'ssh' in the saved session's protocol field and instead sets the protocol to something idiotic - which _then_ means that when pscp.c forces the protocol to PROT_SSH, it also resets the port number as it would when overriding a saved session specifying a protocol other than SSH. The immediate solution is to define a new be_ssh.c citing only ssh_backend, and include that in the SSH-only tools. However, I wonder if a better approach (perhaps when I redesign session loading and saving) would be not to be so clever, and just have all the tools contain a complete list of known protocol names for purposes of understanding what's in the saved session data, and complain if you try to use one they don't know how to actually speak. check-in: 1cf8e55201 user: simon tags: trunk | |
|
2011-07-23
| ||
| 06:58 | Add a convenience option to mkfiles.pl for Unix users. If you run 'mkfiles.pl -u', it will do its normal processing, then run mkauto.sh to regenerate configure and Makefile.in, then run configure in the Unix subdirectory to regenerate unix/Makefile. So it's a handy one-stop shop for going all the way from a modified Recipe to the end-product Unix makefile, if you're adding source files during development. check-in: 1159f161a7 user: simon tags: trunk | |
| 06:40 | Add a wrapper script called 'configure' at the top level, which runs the real configure script from the unix subdirectory, but with cwd unchanged so that you end up doing a VPATH build in the top-level source directory. Should, ideally, placate the people who expect 'configure' to be at the top level, while still letting _me_ keep all the Unix-specific stuff in the Unix subdirectory. check-in: 305236bf03 user: simon tags: trunk | |
| 06:36 | Rename --with-gtk-version to --with-gtk, and support its negation --without-gtk as a means of manually overriding the makefile into one building the command-line tools only (as it would if GTK were not found at all at configure time). check-in: fa0c434b75 user: simon tags: trunk | |
| 06:33 | Switch to using automake for the Unix autoconfigured build. mkfiles.pl no longer generates a Makefile.in, but instead generates a Makefile.am on which mkauto.sh runs automake. This means that the autoconfigured makefile now does build-time dependency tracking (a standard feature of automake-generated makefiles), and is generally more like what Unix people will expect. Some of the old-style make command-line settings (VER=-DRELEASE=foo, XFLAGS=-DDEBUG) will still work; the COMPAT settings are better done by autoconfiguration, and my habitual 'XFLAGS="-g -O0"' for an easily debuggable build will actually not work any more because CFLAGS is specified _after_ XFLAGS, so I should instead write 'make CFLAGS=-O0' (-g is the default in automake, removed at 'make install' time). The new makefile will automatically degrade into one that builds the command-line tools only, in the case where GTK could not be found. In principle, therefore, it should be an adequate replacement for _both_ the static Unix makefiles, Makefile.gtk and Makefile.ux. I haven't actually retired those in this commit, but I'm pretty tempted. check-in: 5673b9ee77 user: simon tags: trunk | |
|
2011-07-20
| ||
| 12:50 | When we check for libX11 in the autoconf script, add it to $GTK_LIBS on success rather than to $LIBS, because it's only used in the GUI tools and we don't want the command-line tools linked against it. check-in: 0aef2c9483 user: simon tags: trunk | |
| 10:55 | Fix 'Duplicate Session' on Windows, broken during the config revamp. (In an embarrassingly silly way, too. No end of difficult stuff about Conf serialisation done with great care and working just fine, and then a trivial goof in using sscanf lets the whole lot down.) check-in: 552d854ddf user: simon tags: trunk | |
|
2011-07-19
| ||
| 12:06 | Trivial fix for assertion failure introduced by the config revamp. Spotted by Leonid Lisovskiy. check-in: a1d007c7bc user: simon tags: trunk | |
|
2011-07-18
| ||
| 13:09 | Minor amendment to r9226: don't log GSSAPI failure in the Event Log twice. (Once in the GSSAPI code, once at the top of the main auth loop. Removed the latter.) check-in: 5ba3965a58 user: simon tags: trunk | |
| 13:04 | Reinstate a missing invocation of the FONT_QUALITY macro which I accidentally removed in the big config revamp. check-in: 73aacdd5a1 user: simon tags: trunk | |
|
2011-07-17
| ||
| 17:35 | Fix a typo in r9214 that plausibly explains a resizing weirdness I had with today's snapshot on Windows. check-in: 322ea75b60 user: jacob tags: trunk | |
| 17:17 | Fix version reporting in Unix builds versioned by a specific svn revision ('Custom build r1234'). Those builds were passing '-DSVN_REV=r1234' to version.c, instead of -DSVN_REV=1234 as they should have, leading to silly run-time version messages such as 'plink: Custom build rr9226'. To chop the r off the front of the revision string passed in, I've used a bashism in mkunxarc.sh. I think this is an acceptable extra dependency. check-in: 1826aa4c4e user: simon tags: trunk | |
| 17:17 | --with-gtk-version option to configure, so you can explicitly tell it which GTK version you want to build with if both are installed. Based on a patch by Malcolm Smith, though somewhat modified. check-in: 1f7aaf36c7 user: simon tags: trunk | |
| 17:17 | Support for re-running autoconf in the absence of the autoconf macro files which provide auto-detection of GTK 1 and GTK 2. This makes it easier for casual PuTTY developers to rerun autoconf for their own purposes without having to install obscure extra packages. Obviously the resulting configure script will not know how to detect whichever version of GTK they didn't have support for, so it won't be product- quality by my standards, but it should be good enough that they can prepare unrelated patches to send to us. check-in: 442e9e10a6 user: simon tags: trunk | |
|
2011-07-16
| ||
| 11:25 | Create new branch named "putty-branch-0.61" check-in: 427ffbcf9d user: simon tags: putty-branch-0.61 | |
| 07:06 | Reorganise the logging and display of messages about SSH authentication. We should now produce an Event Log entry for every authentication attempted and every authentication failure; meanwhile, messages in the PuTTY window will not be generated for the failure of auth types unless we also announced in the PuTTY window that we were trying them. (GSSAPI was getting the latter wrong, leading to spurious 'Access denied' for many users of 0.61.) check-in: 068c9141e5 user: simon tags: trunk | |
| 07:03 | Mostly cosmetic change: don't claim to have found an SSH agent if SSH_AUTH_SOCK is defined to the empty string. (Because a common way to 'unset' it is to run commands like 'SSH_AUTH_SOCK= putty -load thing'.) check-in: 1e2bd9c501 user: simon tags: trunk | |
| 06:13 | Fix display of VT100 vertically-offset horizontal line characters (o,p,r,s). They are displayed in Windows by actually writing the centred one (q) with a vertical offset, in case fonts don't have the offset versions; this requires terminal.c to separate those characters into distinct calls to do_text(). Unfortunately, it was only breaking up a text-drawing call _before_ one of those characters, not after one. Spotted by Robert de Bath. check-in: 212f345d1f user: simon tags: trunk | |
|
2011-07-15
| ||
| 13:30 | Don't delete everything under a string-subkeyed primary key by using a loop that fetches the next item using conf_get_str_strs and passing the previous key as a parameter, because the previous key will have been freed by the intervening conf_del_str_str. Instead, use the technique of repeatedly using conf_get_str_nthstrkey with index 0 and deleting what comes back, as PSCP and PSFTP do. Spotted by Minefield with the aid of Jacob, or possibly vice versa. check-in: b26163158f user: simon tags: trunk | |
| 13:21 | Missing free. check-in: 37a083ba13 user: simon tags: trunk | |
| 13:18 | conf_copy_into must empty the entire target conf before filling it with the entries from the source one, otherwise add234 will keep failing ("this key already exists"). Completely broke Plink, ahem. check-in: 976bebec7b user: simon tags: trunk | |
| 11:03 | When doing manual underlining, underline the text in question rather than a box to the right of it. Probably introduced sometime around r9063. check-in: 08a0d45df9 user: jacob tags: trunk | |
|
2011-07-14
| ||
| 13:52 | Post-release destabilisation! Completely remove the struct type 'Config' in putty.h, which stores all PuTTY's settings and includes an arbitrary length limit on every single one of those settings which is stored in string form. In place of it is 'Conf', an opaque data type everywhere outside the new file conf.c, which stores a list of (key, value) pairs in which every key contains an integer identifying a configuration setting, and for some of those integers the key also contains extra parts (so that, for instance, CONF_environmt is a string-to-string mapping). Everywhere that a Config was previously used, a Conf is now; everywhere there was a Config structure copy, conf_copy() is called; every lookup, adjustment, load and save operation on a Config has been rewritten; and there's a mechanism for serialising a Conf into a binary blob and back for use with Duplicate Session. User-visible effects of this change _should_ be minimal, though I don't doubt I've introduced one or two bugs here and there which will eventually be found. The _intended_ visible effects of this change are that all arbitrary limits on configuration strings and lists (e.g. limit on number of port forwardings) should now disappear; that list boxes in the configuration will now be displayed in a sorted order rather than the arbitrary order in which they were added to the list (since the underlying data structure is now a sorted tree234 rather than an ad-hoc comma-separated string); and one more specific change, which is that local and dynamic port forwardings on the same port number are now mutually exclusive in the configuration (putting 'D' in the key rather than the value was a mistake in the first place). One other reorganisation as a result of this is that I've moved all the dialog.c standard handlers (dlg_stdeditbox_handler and friends) out into config.c, because I can't really justify calling them generic any more. When they took a pointer to an arbitrary structure type and the offset of a field within that structure, they were independent of whether that structure was a Config or something completely different, but now they really do expect to talk to a Conf, which can _only_ be used for PuTTY configuration, so I've renamed them all things like conf_editbox_handler and moved them out of the nominally independent dialog-box management module into the PuTTY-specific config.c. check-in: a2c0243430 user: simon tags: trunk | |
|
2011-07-12
| ||
| 14:59 | Readjust checklist, because actually the section on updating the website _wasn't_ missing - I just looked straight past it somehow. Fold the two versions together into one more complete than either. check-in: 8bd5634b69 user: simon tags: trunk | |