1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Commit Graph

26 Commits

Author SHA1 Message Date
Simon Tatham
896bb7c74d Tighten up a lot of casts from unsigned to int which are read by one
of the GET_32BIT macros and then used as length fields. Missing bounds
checks against zero have been added, and also I've introduced a helper
function toint() which casts from unsigned to int in such a way as to
avoid C undefined behaviour, since I'm not sure I trust compilers any
more to do the obviously sensible thing.

[originally from svn r9918]
2013-07-14 10:45:54 +00:00
Simon Tatham
aa5bae8916 Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.

[originally from svn r9586]
2012-07-22 19:51:50 +00:00
Simon Tatham
1682b42b87 Tiny patch from Martin Packman to fix a Windows handle leak in
Pageant's IPC mechanism. It's incomplete (he sent a much more
comprehensive set of fixes that I haven't reviewed), but should be
adequate to mitigate a particular issue for Bazaar users.

[originally from svn r9355]
2011-11-28 19:23:43 +00:00
Simon Tatham
a27605c784 More arbitrary-limit hunting: retire PASSPHRASE_MAXLEN in the Windows
GUIs of Pageant and PuTTYgen. With that and the prompts_t redesign,
there should no longer be any limit on passphrase length other than
the patience of the user.

[originally from svn r9320]
2011-10-02 14:14:21 +00:00
Simon Tatham
62cbc7dc0b Turn 'Filename' into a dynamically allocated type with no arbitrary
length limit, just as I did to FontSpec yesterday.

[originally from svn r9316]
2011-10-02 11:01:57 +00:00
Simon Tatham
52e5dae242 Readjust Pageant's SID check _again_, to make it the union of the
policies before and after r9178, and hence able to talk to both
0.60-like and 0.61-like clients.

I had failed to consider that many pieces of code derived from PuTTY
would have imported the Pageant client code, so we shouldn't randomly
stop supporting things just because _we_ aren't using them any more.

[originally from svn r9264]
[r9178 == af78191a9c]
2011-08-13 14:48:36 +00:00
Simon Tatham
af78191a9c Make Pageant use the same SID-selection logic as the Pageant client
code (as introduced in r9043), so that it uses the user SID rather
than the default SID.

This does change the access-control model, in that a Pageant running
with administrator privilege will now serve keys to an unprivileged
PuTTY running as the same user who started Pageant. Owen and I think
this isn't a problem (in particular, it will still not serve keys to a
_different_ user).

More importantly, making the Pageant client and server code work the
same way means that PuTTY and Pageant can still talk to each other
when UAC is turned off, which we've had several reports of r9043
having broken.

[originally from svn r9178]
[r9043 == 05f22632eb]
2011-06-08 20:47:07 +00:00
Simon Tatham
094459a7e6 Protect against a (non-security-related) buffer overrun if PuTTY is
installed somewhere with an exceptionally long pathname.

[originally from svn r9039]
2010-12-21 10:11:32 +00:00
Simon Tatham
9f274bed91 Create, and use for all loads of system DLLs, a wrapper function
called load_system32_dll() which constructs a full pathname for the
DLL using GetSystemDirectory.

The only DLL load not covered by this change is the one for
gssapi32.dll, because that one's not in the system32 directory.

[originally from svn r8993]
2010-09-13 08:29:45 +00:00
Jacob Nevins
b85038d8a9 Use DECL/GET_WINDOWS_FUNCTION in a few more places in place of ad-hoc
GetProcAddress().

[originally from svn r8739]
2009-11-08 19:22:28 +00:00
Simon Tatham
1dac1bc911 Initial support for HTML Help. All the ad-hoc help-file finding code
and various calls to WinHelp() have been centralised into a new file
winhelp.c, which in turn has been modified to detect a .CHM file as
well as .HLP and select between them as appropriate. It explicitly
tries to load HHCTRL.OCX and use GetProcAddress, meaning that it
_should_ still work correctly on pre-HTML-Help platforms, falling
gracefully back to WinHelp, but although I tested this by
temporarily renaming my own HHCTRL.OCX I haven't yet been able to
test it on a real HTML-Help-free platform.

Also in this checkin: a new .but file and docs makefile changes to
make it convenient to build the sources for a .CHM. As yet, owing to
limitations of Halibut's CHM support, I'm not able to write a .CHM
directly, more's the pity.

[originally from svn r7000]
2006-12-17 11:16:07 +00:00
Jacob Nevins
c14f259ba2 Allow rsakey_pubblob() to return the key comment.
(like r6433 but for SSH-1)

[originally from svn r6434]
[r6433 == 49d2cf19ac]
2005-10-30 15:16:42 +00:00
Jacob Nevins
49d2cf19ac Add ability for ssh2_userkey_loadpub() to return the key comment.
(Not actually used currently, but it makes life easier for a patch I'm
working on.)

[originally from svn r6433]
2005-10-30 13:42:36 +00:00
Jacob Nevins
92a62b8aed Ben Rudiak-Gould points out that we should be using WM_APP as the base for
our app-private window messages, which is considerably higher than the
WM_XUSER we arbitrarily chose. (This isn't known to be causing any actual
problems. The fix seems not to have obviously broken anything.)

[originally from svn r6183]
[this svn revision also touched putty-wishlist]
2005-08-10 18:31:24 +00:00
Jacob Nevins
26635548e8 Use {Get,Set}WindowLongPtr() instead of {Get,Set}WindowLong() for compatibility
with 64-bit Windows. Untested on 64-bit, but it doesn't appear to have broken
anything on 32-bit.

[originally from svn r5819]
2005-05-21 14:16:43 +00:00
Jacob Nevins
6eec320f0b Unify GET_32BIT()/PUT_32BIT() et al from numerous source files into misc.h.
I've done a bit of testing (not exhaustive), and I don't _think_ I've broken
anything...

[originally from svn r5632]
2005-04-12 20:04:56 +00:00
Jacob Nevins
36fc6c0a76 Try to make our PGP signing more useful:
* All the PuTTY tools for Windows and Unix now contain the fingerprints of
   the Master Keys. The method for accessing them is crude but universal:
   a new "-pgpfp" command-line option. (Except Unix PuTTYgen, which takes
   "--pgpfp" just to be awkward.)

 * Move the key policy discussion from putty-website/keys.html to
   putty/doc/pgpkeys.but, and autogenerate the former from the latter.
   Also tweak the text somewhat and include the fingerprints of the
   Master Keys themselves.
   (I've merged the existing autogeneration scripts into a single new
   one; I've left the old scripts and keys.html around until such time
   as the webmonster reviews the changes and plumbs in the new script;
   he should remove the old files then.)

[originally from svn r5524]
[this svn revision also touched putty-website]
2005-03-19 02:26:58 +00:00
Jacob Nevins
5aa719d16e Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
2005-03-10 16:36:05 +00:00
Jacob Nevins
2dfee45b91 nit: confusing punctuation
[originally from svn r5430]
2005-03-02 00:46:22 +00:00
Jacob Nevins
a2b583f137 Add context help to a couple of message boxes. Unfortunately the ones
I wanted to get to -- "software caused connection abort" and friends --
are going to be more involved (probably requiring some cross-platform
notion of help contexts), and these ones hardly seem worth the effort.
Still, I've done it now.

Side-effect: Pageant now uses the same `hinst' and `hwnd' globals as
everything else. Tested basic functionality.

[originally from svn r5417]
2005-03-01 01:16:57 +00:00
Jacob Nevins
182a511ec3 Move the MessageBox-with-help function out into winutils.c, although it's
still only used for the host key popups. Side-effects:
 - requested_help is a winstuff.h global
 - Pageant now defines winstuff.h globals

(Also, my previous fix to my improved host-key dialogs only got the "changed"
case, not the "unknown" case. Some days I shouldn't be let near a keyboard.)

[originally from svn r5415]
2005-03-01 00:00:09 +00:00
Jacob Nevins
d7b50f8066 Fix for pageant-dirhandle': a new wrapper functions request_file()' maintains
a separate CWD for the file requester, so that when the Open File box is not
open Pageant should stay where it was started.
(Also some other minor cleanups in this area of Pageant.)

[originally from svn r5413]
[this svn revision also touched putty-wishlist]
2005-02-28 02:40:43 +00:00
Jacob Nevins
c60aa6b2f5 Improve Pageant's error reporting for private key load failures.
[originally from svn r5409]
2005-02-27 23:15:22 +00:00
Jacob Nevins
db19a6aff1 Minor reorganisations to WinHelp support. (Done as part of a - failed -
attempt to fix `winhelp-crash', but we may as well keep them.)

[originally from svn r5314]
2005-02-16 01:47:10 +00:00
Jacob Nevins
693f062397 UI tweak from Malcolm Rowe: set IDM_VIEWKEYS as the default menu item and use
that mechanism to invoke it on double-click; this emboldens it in the right-
click menu.

[originally from svn r4851]
2004-11-20 18:29:58 +00:00
Simon Tatham
cb45b9cc25 Now that we have Subversion's file renaming ability, it's time at
long last to move all the Windows-specific source files down into a
`windows' subdirectory. Only platform-specific files remain at the
top level. With any luck this will act as a hint to anyone still
contemplating sending us a Windows-centric patch...

[originally from svn r4792]
2004-11-16 22:14:56 +00:00