PuTTY bug connshare-overlarge-packets

This is a mirror. Follow this link to find the primary PuTTY web site.

Home | FAQ | Feedback | Licence | Updates | Mirrors | Keys | Links | Team
Download: Stable · Snapshot | Docs | Changes | Wishlist

summary: Pasting very long line into connection-sharing downstream can close it
class: bug: This is clearly an actual problem we want fixed.
difficulty: fun: Just needs tuits, and not many of them.
priority: high: This should be fixed in the next release.
present-in: 0.71
fixed-in: 04b6db55f20b7057a5503c0a9f348bfba66b44f7 (0.72)

In PuTTY's connection sharing system, the protocol that the ‘upstream’ and ‘downstream’ instances of PuTTY use to talk to each other has a hard limit of just over 16Kb on the maximum size of a data packet that may be sent.

This limit is enforced by the subsystem in the upstream instance that acts as the server end of that protocol: if the upstream PuTTY receives an overlarge packet, it will disconnect that downstream with an error message.

But, embarrassingly, PuTTY's own client implementation of the same protocol, spoken by a modified version of the ordinary SSH code in the downstream instance, did not pay attention to that packet limit. So in certain situations, it could send the upstream a packet that exceeded the size limit, and get itself disconnected.

This can only be observed if the actual SSH server advertises a maximum packet size greater than 16Kb. If the server's max packet size is small enough, then PuTTY will not send overlarge packets for that reason, so the bug will remain latent.

Even supposing the server does advertise a >16Kb max packet, PuTTY won't exceed it in typical interactive use. Even pasting a large block of data into the terminal will often not exceed the packet size limit, because the terminal code that handles pasting breaks the pasted data up at line boundaries. So you would need to paste data with a single line longer than 16Kb to trigger this bug in an interactive session.

If you want to comment on this web site, see the Feedback page.
Audit trail for this bug.
(last revision of this bug record was at 2019-07-20 07:44:55 +0100)