search

decmhugh / qutty

Automatically exported from code.google.com/p/qutty
Other
0 stars 0 forks source link

RSA Crashes #8

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. type in hostname on new console
2. select hostname ---- Default Settings option from auto-fill dropdown
3. input username

What is the expected output? What do you see instead?
I should be logged in, instead it just closes with no error.

What version of the product are you using? On what operating system?
beta .6 on windows, possibly retaining some config data from beta .5 or earlier?

Please provide any additional information below.
default settings is where the rsa-key is defined.

Original issue reported on code.google.com by nbi...@gmail.com on 16 Jul 2013 at 2:51

GoogleCodeExporter commented 9 years ago 
Unfortunately not able to recreate issue.
I setup private key file in Connection->SSH->Auth, and username in 
Connection->Data for 'Default Settings' (from detailed settings window).
Now I type in hostname & choose Default Settings, from the compact settings 
window.
The session opens fine, and it auto logins with the username as well.

Can you clarify further.
1. Do you see qutty crash, 'close the program' prompt from windows ? Can you 
also check %USERDIR%/qutty/dumps/ folder (ex., c:\Users\nick\qutty\dumps\) for 
any crashdumps.
2. Do you see the issue only while choosing 'Default Settings'.
3. Does it work fine if 'Default Settings' is chosen from detailed settings 
window.
3. Can you create a copy of 'Default Settings' (in detailed settings window, 
select 'Default Settings' & click on 'copy' button). Now choose the new 
session, enter a hostname and open. Does the session open fine.

Based on your clarifications, we can proceed further as follows.
1. If it doesn't work for 'Default Settings' you can share the XML section from 
%USERDIR%/qutty.xml after replacing any private information. I shall let you 
know more on this.
2. If any crashdump is seen we can analyze the dump. I shall let you know how 
we could analyze it.

Thanks
Rajendran

Original comment by Rajendra...@gmail.com on 16 Jul 2013 at 6:19

GoogleCodeExporter commented 9 years ago 
1. there are crash dumps. attached are the most recent
2. It appears to occur anytime I pick a session profile that perhaps conflicts 
with the  already filled in one.
3. When I select a server, then select 'default settings' then connect, it 
works fine. if i just select 'default settings' and fill in a hostname it works 
fine.

Original comment by nbi...@gmail.com on 16 Jul 2013 at 6:29

GoogleCodeExporter commented 9 years ago 
I have copied the dumps, will analyze & update tomorrow.
I deleted them since it *may* have information such as hostname, username. In 
most cases it won't have any such information.

PuTTY doesn't maintain any password information in memory. QuTTY also doesn't 
deal with password, it only invokes underlying putty apis.
So sensitive information will not be kept in these minicrashdumps.
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-passwd-memdump.h
tml

Thanks

Original comment by Rajendra...@gmail.com on 16 Jul 2013 at 6:59

GoogleCodeExporter commented 9 years ago 
No progress with parsing the dump.
Looks like it will take time for me to understand how to analyze it :-)

Can you give the XML section of 'Default Settings' from your %USERDIR%/qutty.xml
It will be something like this, about ~150 lines. Be sure to remove some of the 
sensitive information.
    <config version="1.0">
        <dataelement datatype="char" dataname="config_name" datavalue="Default Settings"/>
        <dataelement datatype="char" dataname="host" datavalue="DUMMY"/>
        <dataelement datatype="int" dataname="port" datavalue="22"/>
        <dataelement datatype="char" dataname="username" datavalue="DUMMY"/>
        ...
    </config>

 > 2. It appears to occur anytime I pick a session profile that perhaps conflicts with
 > the already filled in one.
Can you pls explain what do you mean here, and which UI are you using(new 
compact UI or putty style UI)

 > 3. When I select a server, then select 'default settings' then connect, it works fine.
 > if i just select 'default settings' and fill in a hostname it works fine.
Getting confused here as well. 

> 1. type in hostname on new console
> 2. select hostname ---- Default Settings option from auto-fill dropdown
> 3. input username
Pls clarify step 3. Are you choosing username from the putty style UI ?

Thanks

Original comment by Rajendra...@gmail.com on 17 Jul 2013 at 7:24

GoogleCodeExporter commented 9 years ago 
Also, clarify if RSA setting is removed from 'Default Settings' crash is seen?

Original comment by Rajendra...@gmail.com on 17 Jul 2013 at 7:26

GoogleCodeExporter commented 9 years ago 
 > 2. It appears to occur anytime I pick a session profile that perhaps conflicts with
 > the already filled in one.
I was referencing the new UI. If I type in a hostname then select "work" from 
the session profile dropdown is when I get most crashes.

> 3. When I select a server, then select 'default settings' then connect, it 
works fine.
 > if i just select 'default settings' and fill in a hostname it works fine.
Here, if I go back to the putty style UI and select "work" profile, and then 
type in a hostname, it doesn't crash. I would imagine that doing method 2 and 
method 3 should technically be doing the same thing.

And I've tried it with the putty style UI for username input, and manual input, 
both result in a crash.

The crash does not occur if using password login, only when submitting the RSA 
key.

Original comment by nbi...@gmail.com on 17 Jul 2013 at 1:46

Attachments:

GoogleCodeExporter commented 9 years ago 
Thanks for providing the settings.
Issue is specific to the following 3 settings.
For now replace these manually in qutty.xml as follows:

FROM
dataname="tryagent" datavalue="1"
dataname="try_gssapi_auth" datavalue="1"
dataname="ttymodes" datavalue="INTR A"

TO
dataname="tryagent" datavalue="0"
dataname="try_gssapi_auth" datavalue="0"
dataname="ttymodes" datavalue=""

Original comment by Rajendra...@gmail.com on 18 Jul 2013 at 6:58

GoogleCodeExporter commented 9 years ago 
Nick,

Can you pls update if the change works for you.
We have fixed not to crash due to this in rev#88078787b8f3

Thanks

Original comment by Rajendra...@gmail.com on 19 Jul 2013 at 5:08

GoogleCodeExporter commented 9 years ago 
This appears to be working. Thanks!

Original comment by nbi...@gmail.com on 19 Jul 2013 at 2:43

GoogleCodeExporter commented 9 years ago 
Thanks

Original comment by Rajendra...@gmail.com on 20 Jul 2013 at 2:37