Summary:
During the course of testing putty-0.70-2019-03-01.e0a7697 on Fedora 29 compiled with clang version 7.0.1 (Fedora 7.0.1-4.fc29), we discovered it was possible to abort a remote client by streaming data at it in such a way as to trigger an assertion failure in terminal.c.
putty: terminal.c:259: void clear_cc(termline *, int): Assertion `col >= 0 && col < line->cols' failed.
Aborted (core dumped)
Description:
An assertion is a statement that a predicate (Boolean-valued function, i.e. a trueβfalse expression) is always true at that point in code execution. It can help a programmer read the code, help a compiler compile it, or help the program detect its own defects.
In this case, we can trigger the PuTTY client, using escape codes streamed from a remote connection, to resize itself in such a way as to trigger this Assertion Failure which aborts the client.
CC=clang CXX=clang++ ./configure && make -j5
Iβve uploaded the core dump that happened at the time of the crash.
Denial of service, crash, loss of data contained in scroll back