More arbitrary-limit hunting: retire PASSPHRASE_MAXLEN in the Windows

GUIs of Pageant and PuTTYgen. With that and the prompts_t redesign, there should no longer be any limit on passphrase length other than the patience of the user. [originally from svn r9320]
2025-04-12 00:28:06 -05:00 · 2011-10-02 14:14:21 +00:00 · 2011-10-02 14:14:21 +00:00 · a27605c784
commit a27605c784
parent ff5a9c77fd
2 changed files with 61 additions and 41 deletions
--- a/windows/winpgen.c
+++ b/windows/winpgen.c
@ -5,6 +5,7 @@
 #include <time.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <assert.h>

 #define PUTTY_DO_GLOBALS

@ -116,10 +117,8 @@ static void progress_update(void *param, int action, int phase, int iprogress)

 extern char ver[];

-#define PASSPHRASE_MAXLEN 512
-
 struct PassphraseProcStruct {
-    char *passphrase;
+    char **passphrase;
    char *comment;
 };

@ -129,7 +128,7 @@ struct PassphraseProcStruct {
 static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 				   WPARAM wParam, LPARAM lParam)
 {
-    static char *passphrase = NULL;
+    static char **passphrase = NULL;
    struct PassphraseProcStruct *p;

    switch (msg) {
@ -157,8 +156,9 @@ static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 	passphrase = p->passphrase;
 	if (p->comment)
 	    SetDlgItemText(hwnd, 101, p->comment);
-	*passphrase = 0;
-	SetDlgItemText(hwnd, 102, passphrase);
+        burnstr(*passphrase);
+        *passphrase = dupstr("");
+	SetDlgItemText(hwnd, 102, *passphrase);
 	return 0;
      case WM_COMMAND:
 	switch (LOWORD(wParam)) {
@ -173,9 +173,8 @@ static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 	    return 0;
 	  case 102:		       /* edit box */
 	    if ((HIWORD(wParam) == EN_CHANGE) && passphrase) {
-		GetDlgItemText(hwnd, 102, passphrase,
-			       PASSPHRASE_MAXLEN - 1);
-		passphrase[PASSPHRASE_MAXLEN - 1] = '\0';
+                burnstr(*passphrase);
+                *passphrase = GetDlgItemText_alloc(hwnd, 102);
 	    }
 	    return 0;
 	}
@ -617,13 +616,12 @@ void ui_set_state(HWND hwnd, struct MainDlgState *state, int status)
 void load_key_file(HWND hwnd, struct MainDlgState *state,
 		   Filename *filename, int was_import_cmd)
 {
-    char passphrase[PASSPHRASE_MAXLEN];
+    char *passphrase;
    int needs_pass;
    int type, realtype;
    int ret;
    const char *errmsg = NULL;
    char *comment;
-    struct PassphraseProcStruct pps;
    struct RSAKey newkey1;
    struct ssh2_userkey *newkey2 = NULL;

@ -646,17 +644,22 @@ void load_key_file(HWND hwnd, struct MainDlgState *state,
    }

    comment = NULL;
+    passphrase = NULL;
    if (realtype == SSH_KEYTYPE_SSH1)
 	needs_pass = rsakey_encrypted(filename, &comment);
    else if (realtype == SSH_KEYTYPE_SSH2)
 	needs_pass = ssh2_userkey_encrypted(filename, &comment);
    else
 	needs_pass = import_encrypted(filename, realtype, &comment);
-    pps.passphrase = passphrase;
-    pps.comment = comment;
    do {
+        burnstr(passphrase);
+        passphrase = NULL;
+
 	if (needs_pass) {
 	    int dlgret;
+            struct PassphraseProcStruct pps;
+            pps.passphrase = &passphrase;
+            pps.comment = comment;
 	    dlgret = DialogBoxParam(hinst,
 				    MAKEINTRESOURCE(210),
 				    NULL, PassphraseProc,
@ -665,8 +668,9 @@ void load_key_file(HWND hwnd, struct MainDlgState *state,
 		ret = -2;
 		break;
 	    }
+            assert(passphrase != NULL);
 	} else
-	    *passphrase = '\0';
+	    passphrase = dupstr("");
 	if (type == SSH_KEYTYPE_SSH1) {
 	    if (realtype == type)
 		ret = loadrsakey(filename, &newkey1, passphrase, &errmsg);
@ -779,6 +783,7 @@ void load_key_file(HWND hwnd, struct MainDlgState *state,
 		       MB_OK | MB_ICONINFORMATION);
 	}
    }
+    burnstr(passphrase);
 }

 /*
@ -1097,8 +1102,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 		(struct MainDlgState *) GetWindowLongPtr(hwnd, GWLP_USERDATA);
 	    if (state->key_exists) {
 		char filename[FILENAME_MAX];
-		char passphrase[PASSPHRASE_MAXLEN];
-		char passphrase2[PASSPHRASE_MAXLEN];
+		char *passphrase, *passphrase2;
                int type, realtype;

                if (state->ssh2)
@ -1124,16 +1128,17 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 		    break;
                }

-		GetDlgItemText(hwnd, IDC_PASSPHRASE1EDIT,
-			       passphrase, sizeof(passphrase));
-		GetDlgItemText(hwnd, IDC_PASSPHRASE2EDIT,
-			       passphrase2, sizeof(passphrase2));
+		passphrase = GetDlgItemText_alloc(hwnd, IDC_PASSPHRASE1EDIT);
+		passphrase2 = GetDlgItemText_alloc(hwnd, IDC_PASSPHRASE2EDIT);
 		if (strcmp(passphrase, passphrase2)) {
 		    MessageBox(hwnd,
 			       "The two passphrases given do not match.",
 			       "PuTTYgen Error", MB_OK | MB_ICONERROR);
+                    burnstr(passphrase);
+                    burnstr(passphrase2);
 		    break;
 		}
+                burnstr(passphrase2);
 		if (!*passphrase) {
 		    int ret;
 		    ret = MessageBox(hwnd,
@ -1141,8 +1146,10 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 				     "without a passphrase to protect it?",
 				     "PuTTYgen Warning",
 				     MB_YESNO | MB_ICONWARNING);
-		    if (ret != IDYES)
-			break;
+		    if (ret != IDYES) {
+                        burnstr(passphrase);
+                        break;
+                    }
 		}
 		if (prompt_keyfile(hwnd, "Save private key as:",
 				   filename, 1, (type == realtype))) {
@ -1156,8 +1163,10 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 			ret = MessageBox(hwnd, buffer, "PuTTYgen Warning",
 					 MB_YESNO | MB_ICONWARNING);
 			sfree(buffer);
-			if (ret != IDYES)
+			if (ret != IDYES) {
+                            burnstr(passphrase);
 			    break;
+                        }
 		    }

 		    if (state->ssh2) {
@ -1185,6 +1194,7 @@ static int CALLBACK MainDlgProc(HWND hwnd, UINT msg,
 				   "PuTTYgen Error", MB_OK | MB_ICONERROR);
 		    }
 		}
+                burnstr(passphrase);
 	    }
 	    break;
 	  case IDC_SAVEPUB:
--- a/windows/winpgnt.c
+++ b/windows/winpgnt.c
@ -159,10 +159,8 @@ struct blob {
 };
 static int cmpkeys_ssh2_asymm(void *av, void *bv);

-#define PASSPHRASE_MAXLEN 512
-
 struct PassphraseProcStruct {
-    char *passphrase;
+    char **passphrase;
    char *comment;
 };

@ -247,7 +245,7 @@ static HWND passphrase_box;
 static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 				   WPARAM wParam, LPARAM lParam)
 {
-    static char *passphrase = NULL;
+    static char **passphrase = NULL;
    struct PassphraseProcStruct *p;

    switch (msg) {
@ -275,8 +273,9 @@ static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 	passphrase = p->passphrase;
 	if (p->comment)
 	    SetDlgItemText(hwnd, 101, p->comment);
-	*passphrase = 0;
-	SetDlgItemText(hwnd, 102, passphrase);
+        burnstr(*passphrase);
+        *passphrase = dupstr("");
+	SetDlgItemText(hwnd, 102, *passphrase);
 	return 0;
      case WM_COMMAND:
 	switch (LOWORD(wParam)) {
@ -291,9 +290,8 @@ static int CALLBACK PassphraseProc(HWND hwnd, UINT msg,
 	    return 0;
 	  case 102:		       /* edit box */
 	    if ((HIWORD(wParam) == EN_CHANGE) && passphrase) {
-		GetDlgItemText(hwnd, 102, passphrase,
-			       PASSPHRASE_MAXLEN - 1);
-		passphrase[PASSPHRASE_MAXLEN - 1] = '\0';
+                burnstr(*passphrase);
+                *passphrase = GetDlgItemText_alloc(hwnd, 102);
 	    }
 	    return 0;
 	}
@ -387,7 +385,7 @@ static void keylist_update(void)
 */
 static void add_keyfile(Filename *filename)
 {
-    char passphrase[PASSPHRASE_MAXLEN];
+    char *passphrase;
    struct RSAKey *rkey = NULL;
    struct ssh2_userkey *skey = NULL;
    int needs_pass;
@ -395,7 +393,6 @@ static void add_keyfile(Filename *filename)
    int attempts;
    char *comment;
    const char *error = NULL;
-    struct PassphraseProcStruct pps;
    int type;
    int original_pass;
 	
@ -523,17 +520,24 @@ static void add_keyfile(Filename *filename)
    attempts = 0;
    if (type == SSH_KEYTYPE_SSH1)
 	rkey = snew(struct RSAKey);
-    pps.passphrase = passphrase;
-    pps.comment = comment;
+    passphrase = NULL;
    original_pass = 0;
    do {
+        burnstr(passphrase);
+        passphrase = NULL;
+
 	if (needs_pass) {
 	    /* try all the remembered passphrases first */
 	    char *pp = index234(passphrases, attempts);
 	    if(pp) {
-		strcpy(passphrase, pp);
+		passphrase = dupstr(pp);
 	    } else {
 		int dlgret;
+                struct PassphraseProcStruct pps;
+
+                pps.passphrase = &passphrase;
+                pps.comment = comment;
+
 		original_pass = 1;
 		dlgret = DialogBoxParam(hinst, MAKEINTRESOURCE(210),
 					NULL, PassphraseProc, (LPARAM) &pps);
@ -545,9 +549,12 @@ static void add_keyfile(Filename *filename)
 			sfree(rkey);
 		    return;		       /* operation cancelled */
 		}
+
+                assert(passphrase != NULL);
 	    }
 	} else
-	    *passphrase = '\0';
+	    passphrase = dupstr("");
+
 	if (type == SSH_KEYTYPE_SSH1)
 	    ret = loadrsakey(filename, rkey, passphrase, &error);
 	else {
@ -562,11 +569,14 @@ static void add_keyfile(Filename *filename)
 	attempts++;
    } while (ret == -1);

-    /* if they typed in an ok passphrase, remember it */
    if(original_pass && ret) {
-	char *pp = dupstr(passphrase);
-	addpos234(passphrases, pp, 0);
+        /* If they typed in an ok passphrase, remember it */
+	addpos234(passphrases, passphrase, 0);
+    } else {
+        /* Otherwise, destroy it */
+        burnstr(passphrase);
    }
+    passphrase = NULL;

    if (comment)
 	sfree(comment);