http://the.earth.li/~sgtatham/putty/0.55/md5sums (good)

1cd8d6cc46d1a43f598da70a7508667a  x86/putty-0.55-installer.exe

Download via FTP yields the same checksums as above, but via http
yields the below checksums.

C:\>md5sum putty-0.55-installer.exe
b557bc3b368b3f0d91d7d4e2680c062d *putty-0.55-installer.exe

I'm just curious if the file setup for download (http) is corrupted
or is this a security issue that needs to warn other users that have
downloaded the file?

--
slrn is a command line newsreader.
please reply, to the newsgroup(s).

[ Post a follow-up to this message ]

slrn <slrn@domain.invalid> wrote:
> http://the.earth.li/~sgtatham/putty/0.55/md5sums (good)
> 1cd8d6cc46d1a43f598da70a7508667a  x86/putty-0.55-installer.exe

That's correct.

> Download via FTP yields the same checksums as above, but via http
> yields the below checksums.
> C:\>md5sum putty-0.55-installer.exe
> b557bc3b368b3f0d91d7d4e2680c062d *putty-0.55-installer.exe

When I try the same download, I get the first checksum (1c...7a). I
can only assume that your version has been corrupted during or after
download somehow :-/

Can you confirm that the exact URL you're downloading from is one of
these two (the former automatically redirects to the latter)?

http://the.earth.li/~sgtatham/putty...5-installer.exe
http://the.earth.li/~sgtatham/putty...5-installer.exe

--
Simon Tatham         "The distinction between the enlightened and the
<anakin@pobox.com>    terminally confused is only apparent to the latter."

[ Post a follow-up to this message ]

slrn <slrn@domain.invalid> wrote:
> I tried numerous times with netscape 7.1 and IE 6.0 and both yields
> the same results (wrong checksums).  The file will not complete the
> install because pscp.exe is corrupted (again, not sure if pscp.exe is
> corrupted or fiddle with).  I can upload or send you the file with the
> wrong checksums for investigation if prefer.

That sounds like a good idea. I'd prefer it if you could send me a
URL rather than mailing me a large file.

Cheers,
Simon
--
Simon Tatham         "I'm cross. I'm going to have a tantrum.
<anakin@pobox.com>    <pause> How do I start?"            - my uncle

[ Post a follow-up to this message ]

> slrn <slrn@domain.invalid> wrote: 

Simon Tatham  <anakin@pobox.com> wrote:[vbcol=seagreen]
> That sounds like a good idea. I'd prefer it if you could send me a
> URL rather than mailing me a large file.

[one e-mail exchange involving download details later]

Thanks; I've now got a file which has the md5sum you quote.

It turns out that it differs from the uncorrupted PuTTY 0.55
installer in exactly two byte positions:

- the byte at position 0x7BEE8 has changed from 0x85 to 0x3E
- the byte at position 0xAE6CE has changed from 0xF4 to 0x3E

If you can reverse those changes using a hex editor of some sort,
you should be able to reconstruct a valid 0.55 installer which
passes the md5sum test, at which point it will probably install OK!

Nothing obvious springs to mind as a cause of this sort of thing,
though. I'd expect malicious binary modification to be more
extensive (so as to include enough code to do something
interesting), and I'd also expect it to avoid tripping the
installer's own integrity check.

The only thing that springs to mind is that in both of the above
cases, the byte in question has been turned into a `>' character,
and in _both cases_ the following byte is a `<' character. I'm
therefore slightly tempted to wonder if an HTML-aware browser is
trying to be clever in some really weird way.

What browser did you use to download it? Is it consistently
corrupted in exactly the same way no matter how many times you try?
Does downloading via FTP, or from a mirror site, give the same
result?

Cheers,
Simon
--
Simon Tatham         "I thought I'd put my foot so far into my mouth I
<anakin@pobox.com>    wouldn't be able to sit down without standing up."

[ Post a follow-up to this message ]

On 11 Aug 2004 14:00:22 +0100 (BST), Simon Tatham <anakin@pobox.com> wrote:

[snip]

>What browser did you use to download it? Is it consistently
>corrupted in exactly the same way no matter how many times you try?
>Does downloading via FTP, or from a mirror site, give the same
>result?

I used netscape 7.1 and IE 6.0.  It is consistently corrupted in the
exact way no matter how many times I downloaded.  Download via FTP is
fine and yields the correct checksums.  Download via HTTP from a
couple of mirror sites yields the incorrect checksum.

--
slrn is a command line newsreader.
please reply, to the newsgroup(s).

[ Post a follow-up to this message ]

slrn <slrn@domain.invalid> wrote:
> I used netscape 7.1 and IE 6.0.  It is consistently corrupted in the
> exact way no matter how many times I downloaded.  Download via FTP is
> fine and yields the correct checksums.  Download via HTTP from a
> couple of mirror sites yields the incorrect checksum.

Then unless you're using some sort of web _proxy_ which is going mad
(which might of course be a transparent proxy provided by your ISP),
I'm going to have to admit to being completely baffled.

Still, if you can get a working installer _somehow_, that's the
important thing...
--
Simon Tatham         "_shin_, n. An ingenious device for
<anakin@pobox.com>    finding tables and chairs in the dark."

[ Post a follow-up to this message ]

Simon Tatham wrote on 11.08.2004 15:35:

> slrn <slrn@domain.invalid> wrote:
> 
>
>
> Then unless you're using some sort of web _proxy_ which is going mad
> (which might of course be a transparent proxy provided by your ISP),
> I'm going to have to admit to being completely baffled.

Just for fun I downloaded putty-0.55-installer.exe from
<http://the.earth.li/~sgtatham/putty/0.55/x86/>. I tried with and
without my ISP's proxy. The md5sum is always correct. Weird.
I used Mozilla 1.7.2 and wget 1.8.2 for MS-DOS.

--
Walter

[ Post a follow-up to this message ]

On 11 Aug 2004 14:35:00 +0100 (BST), Simon Tatham <anakin@pobox.com> wrote:
>slrn <slrn@domain.invalid> wrote: 
>
>Then unless you're using some sort of web _proxy_ which is going mad
>(which might of course be a transparent proxy provided by your ISP),
>I'm going to have to admit to being completely baffled.

No proxy.

>Still, if you can get a working installer _somehow_, that's the
>important thing...

Yes, my main concern was that the file might be an attempt by someone
to insert a trojan/spyware.  But since that's not the case it's
probably a netscape or IE handling the download.

--
slrn is a command line newsreader.
please reply, to the newsgroup(s).

[ Post a follow-up to this message ]

slrn <slrn@domain.invalid> wrote:
> I used netscape 7.1 and IE 6.0.  It is consistently corrupted in the
> exact way no matter how many times I downloaded.  Download via FTP is
> fine and yields the correct checksums.  Download via HTTP from a
> couple of mirror sites yields the incorrect checksum.

Any chance you could install and attempt to use 'wget' for the download?

--
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
< This line left intentionally blank to confuse you. >

[ Post a follow-up to this message ]

On Wed, 11 Aug 2004 21:31:13 GMT, Darren Dunham <ddunham@redwood.taos.com> wrote:
>slrn <slrn@domain.invalid> wrote: 
>
>Any chance you could install and attempt to use 'wget' for the download?

wget http://the.earth.li/~sgtatham/putty...5-installer.exe
yields the correct checksums.  I'm using wget via DOS, by way of Unix
utils (unxutils.sourceforge.net).

--
slrn is a command line newsreader.
please reply, to the newsgroup(s).

[ Post a follow-up to this message ]