[Ttssh2-commit] [6707] 8K 以上のエージェントアクセスで落ちる問題を修正

svnno****@sourc***** svnno****@sourc*****
2017年 5月 9日 (火) 23:23:36 JST


Revision: 6707
          http://sourceforge.jp/projects/ttssh2/scm/svn/commits/6707
Author:   doda
Date:     2017-05-09 23:23:36 +0900 (Tue, 09 May 2017)
Log Message:
-----------
8K 以上のエージェントアクセスで落ちる問題を修正

Modified Paths:
--------------
    trunk/doc/en/html/about/history.html
    trunk/doc/ja/html/about/history.html
    trunk/ttssh2/putty/libputty.h
    trunk/ttssh2/ttxssh/ssh.c

-------------- next part --------------
Modified: trunk/doc/en/html/about/history.html
===================================================================
--- trunk/doc/en/html/about/history.html	2017-05-09 14:22:32 UTC (rev 6706)
+++ trunk/doc/en/html/about/history.html	2017-05-09 14:23:36 UTC (rev 6707)
@@ -2883,7 +2883,7 @@
 
   <!--li>Bug fixes
     <ul>
-      <li></li>
+      <li>エージェント転送有効時、リモートホストがエージェントに大きなパケットサイズのリクエストを送ってきた時に落ちる問題を修正した。</li>
     </ul>
   </li-->
 

Modified: trunk/doc/ja/html/about/history.html
===================================================================
--- trunk/doc/ja/html/about/history.html	2017-05-09 14:22:32 UTC (rev 6706)
+++ trunk/doc/ja/html/about/history.html	2017-05-09 14:23:36 UTC (rev 6707)
@@ -2885,11 +2885,11 @@
     </ul>
   </li>
 
-  <!--li>\x83o\x83O\x8FC\x90\xB3
+  <li>\x83o\x83O\x8FC\x90\xB3
     <ul>
-      <li></li>
+      <li>\x83G\x81[\x83W\x83F\x83\x93\x83g\x93]\x91\x97\x97L\x8C\xF8\x8E\x9E\x81A\x83\x8A\x83\x82\x81[\x83g\x83z\x83X\x83g\x82\xAA\x83G\x81[\x83W\x83F\x83\x93\x83g\x82ɑ傫\x82ȃp\x83P\x83b\x83g\x83T\x83C\x83Y\x82̃\x8A\x83N\x83G\x83X\x83g\x82𑗂\xC1\x82Ă\xAB\x82\xBD\x8E\x9E\x82ɗ\x8E\x82\xBF\x82\xE9\x96\xE2\x91\xE8\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B</li>
     </ul>
-  </li-->
+  </li>
 
   <li>\x82\xBB\x82̑\xBC
     <ul>

Modified: trunk/ttssh2/putty/libputty.h
===================================================================
--- trunk/ttssh2/putty/libputty.h	2017-05-09 14:22:32 UTC (rev 6706)
+++ trunk/ttssh2/putty/libputty.h	2017-05-09 14:23:36 UTC (rev 6707)
@@ -3,6 +3,11 @@
  */
 // PuTTY is copyright 1997-2007 Simon Tatham.
 
+// pageant.h
+// \x96{\x93\x96\x82\xCD pageant.h \x82\xF0 include \x8Fo\x97\x88\x82\xE9\x82悤\x82ɂ\xB7\x82\xE9\x95\x{30AA0A2}\x82\xA2\x82̂\xA9\x82\xE0\x82\xB5\x82\xEA\x82Ȃ\xA2\x82\xAF\x82\xEA\x82\xC7
+// \x8A֐\x94\x82̃v\x83\x8D\x83g\x83^\x83C\x83v\x90錾\x82\xE0\x82\xB1\x82\xB1\x82ɂ\xA0\x82\xE9\x82̂Ŏ\xE6\x82肠\x82\xA6\x82\xB8\x82\xB1\x82\xB1\x82ŁB
+#define AGENT_MAX_MSGLEN 8192
+
 // MISC.C
 extern void safefree(void *);
 

Modified: trunk/ttssh2/ttxssh/ssh.c
===================================================================
--- trunk/ttssh2/ttxssh/ssh.c	2017-05-09 14:22:32 UTC (rev 6706)
+++ trunk/ttssh2/ttxssh/ssh.c	2017-05-09 14:23:36 UTC (rev 6707)
@@ -9111,14 +9111,13 @@
 static BOOL SSH_agent_response(PTInstVar pvar, Channel_t *c, int local_channel_num,
                                unsigned char *data, unsigned int buflen)
 {
-	int req_len;
+	unsigned int req_len;
 	FWDChannel *fc;
 	buffer_t *agent_msg;
-	int *agent_request_len;
+	unsigned int *agent_request_len;
 	unsigned char *response;
-	int resplen;
+	unsigned int resplen;
 
-	req_len = get_uint32_MSBfirst(data);
 
 	// \x95\xAA\x8A\x84\x82\xB3\x82ꂽ CHANNEL_DATA \x82̎\xF3\x90M\x82ɑΉ\x9E (2008.11.30 maya)
 	if (SSHv2(pvar)) {
@@ -9130,30 +9129,31 @@
 		agent_msg = fc->agent_msg;
 		agent_request_len = &fc->agent_request_len;
 	}
-	if (agent_msg->len > 0 || req_len + 4 != buflen) {
-		if (agent_msg->len == 0) {
-			*agent_request_len = req_len + 4;
+
+	if (agent_msg->len == 0) {
+		req_len = get_uint32_MSBfirst(data);
+		if (req_len > AGENT_MAX_MSGLEN - 4) {
+			goto error;
 		}
+
+		*agent_request_len = req_len + 4;
+
+		if (*agent_request_len > buflen) {
+			buffer_put_raw(agent_msg, data, buflen);
+			return TRUE;
+		}
+	}
+	else {
 		buffer_put_raw(agent_msg, data, buflen);
 		if (*agent_request_len > agent_msg->len) {
 			return TRUE;
 		}
-		else {
-			data = agent_msg->buf;
-		}
+		data = agent_msg->buf;
 	}
 
-	req_len = get_uint32_MSBfirst(data);
-	agent_query(data, req_len + 4, &response, &resplen, NULL, NULL);
+	agent_query(data, *agent_request_len, &response, &resplen, NULL, NULL);
 	if (response == NULL || resplen < 5) {
-		// \x82\xB1\x82\xCC channel \x82\xF0\x95‚\xB6\x82\xE9
-		if (SSHv2(pvar)) {
-			ssh2_channel_send_close(pvar, c);
-		}
-		else {
-			SSH_channel_input_eof(pvar, fc->remote_num, local_channel_num);
-		}
-		goto exit;
+		goto error;
 	}
 
 	if (SSHv2(pvar)) {
@@ -9165,8 +9165,20 @@
 	}
 	safefree(response);
 
-exit:
 	// \x8Eg\x82\xA2\x8FI\x82\xED\x82\xC1\x82\xBD\x83o\x83b\x83t\x83@\x82\xF0\x83N\x83\x8A\x83A
 	buffer_clear(agent_msg);
 	return TRUE;
+
+error:
+	// \x83G\x83\x89\x81[\x8E\x9E\x82\xCD channel \x82\xF0\x95‚\xB6\x82\xE9
+	if (SSHv2(pvar)) {
+		ssh2_channel_send_close(pvar, c);
+	}
+	else {
+		SSH_channel_input_eof(pvar, fc->remote_num, local_channel_num);
+	}
+
+	// \x8Eg\x82\xA2\x8FI\x82\xED\x82\xC1\x82\xBD\x83o\x83b\x83t\x83@\x82\xF0\x83N\x83\x8A\x83A
+	buffer_clear(agent_msg);
+	return TRUE;
 }



Ttssh2-commit メーリングリストの案内