2 * winmisc.c: miscellaneous Windows-specific things
13 OSVERSIONINFO osVersion;
15 char *platform_get_x_display(void) {
16 /* We may as well check for DISPLAY in case it's useful. */
17 return dupstr(getenv("DISPLAY"));
20 Filename *filename_from_str(const char *str)
22 Filename *ret = snew(Filename);
23 ret->path = dupstr(str);
27 Filename *filename_copy(const Filename *fn)
29 return filename_from_str(fn->path);
32 const char *filename_to_str(const Filename *fn)
37 int filename_equal(const Filename *f1, const Filename *f2)
39 return !strcmp(f1->path, f2->path);
42 int filename_is_null(const Filename *fn)
47 void filename_free(Filename *fn)
53 int filename_serialise(const Filename *f, void *vdata)
55 char *data = (char *)vdata;
56 int len = strlen(f->path) + 1; /* include trailing NUL */
58 strcpy(data, f->path);
62 Filename *filename_deserialise(void *vdata, int maxsize, int *used)
64 char *data = (char *)vdata;
66 end = memchr(data, '\0', maxsize);
71 return filename_from_str(data);
74 char filename_char_sanitise(char c)
76 if (strchr("<>:\"/\\|?*", c))
81 #ifndef NO_SECUREZEROMEMORY
83 * Windows implementation of smemclr (see misc.c) using SecureZeroMemory.
85 void smemclr(void *b, size_t n) {
87 SecureZeroMemory(b, n);
91 char *get_username(void)
95 int got_username = FALSE;
96 DECL_WINDOWS_FUNCTION(static, BOOLEAN, GetUserNameExA,
97 (EXTENDED_NAME_FORMAT, LPSTR, PULONG));
100 static int tried_usernameex = FALSE;
101 if (!tried_usernameex) {
102 /* Not available on Win9x, so load dynamically */
103 HMODULE secur32 = load_system32_dll("secur32.dll");
104 GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
105 tried_usernameex = TRUE;
109 if (p_GetUserNameExA) {
111 * If available, use the principal -- this avoids the problem
112 * that the local username is case-insensitive but Kerberos
113 * usernames are case-sensitive.
118 (void) p_GetUserNameExA(NameUserPrincipal, NULL, &namelen);
120 user = snewn(namelen, char);
121 got_username = p_GetUserNameExA(NameUserPrincipal, user, &namelen);
123 char *p = strchr(user, '@');
131 /* Fall back to local user name */
133 if (GetUserName(NULL, &namelen) == FALSE) {
135 * Apparently this doesn't work at least on Windows XP SP2.
136 * Thus assume a maximum of 256. It will fail again if it
142 user = snewn(namelen, char);
143 got_username = GetUserName(user, &namelen);
149 return got_username ? user : NULL;
152 void dll_hijacking_protection(void)
155 * If the OS provides it, call SetDefaultDllDirectories() to
156 * prevent DLLs from being loaded from the directory containing
157 * our own binary, and instead only load from system32.
159 * This is a protection against hijacking attacks, if someone runs
160 * PuTTY directly from their web browser's download directory
161 * having previously been enticed into clicking on an unwise link
162 * that downloaded a malicious DLL to the same directory under one
163 * of various magic names that seem to be things that standard
164 * Windows DLLs delegate to.
166 * It shouldn't break deliberate loading of user-provided DLLs
167 * such as GSSAPI providers, because those are specified by their
168 * full pathname by the user-provided configuration.
170 static HMODULE kernel32_module;
171 DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD));
173 if (!kernel32_module) {
174 kernel32_module = load_system32_dll("kernel32.dll");
175 GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories);
178 if (p_SetDefaultDllDirectories) {
179 /* LOAD_LIBRARY_SEARCH_SYSTEM32 only */
180 p_SetDefaultDllDirectories(0x800);
184 BOOL init_winver(void)
186 ZeroMemory(&osVersion, sizeof(osVersion));
187 osVersion.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
188 return GetVersionEx ( (OSVERSIONINFO *) &osVersion);
191 HMODULE load_system32_dll(const char *libname)
194 * Wrapper function to load a DLL out of c:\windows\system32
195 * without going through the full DLL search path. (Hence no
196 * attack is possible by placing a substitute DLL earlier on that
199 static char *sysdir = NULL;
206 size = 3*size/2 + 512;
207 sysdir = sresize(sysdir, size, char);
208 len = GetSystemDirectory(sysdir, size);
209 } while (len >= size);
212 fullpath = dupcat(sysdir, "\\", libname, NULL);
213 ret = LoadLibrary(fullpath);
219 * A tree234 containing mappings from system error codes to strings.
227 static int errstring_find(void *av, void *bv)
230 struct errstring *b = (struct errstring *)bv;
237 static int errstring_compare(void *av, void *bv)
239 struct errstring *a = (struct errstring *)av;
240 return errstring_find(&a->error, bv);
243 static tree234 *errstrings = NULL;
245 const char *win_strerror(int error)
247 struct errstring *es;
250 errstrings = newtree234(errstring_compare);
252 es = find234(errstrings, &error, errstring_find);
255 char msgtext[65536]; /* maximum size for FormatMessage is 64K */
257 es = snew(struct errstring);
259 if (!FormatMessage((FORMAT_MESSAGE_FROM_SYSTEM |
260 FORMAT_MESSAGE_IGNORE_INSERTS), NULL, error,
261 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
262 msgtext, lenof(msgtext)-1, NULL)) {
264 "(unable to format: FormatMessage returned %u)",
265 (unsigned int)GetLastError());
267 int len = strlen(msgtext);
268 if (len > 0 && msgtext[len-1] == '\n')
269 msgtext[len-1] = '\0';
271 es->text = dupprintf("Error %d: %s", error, msgtext);
272 add234(errstrings, es);
279 static FILE *debug_fp = NULL;
280 static HANDLE debug_hdl = INVALID_HANDLE_VALUE;
281 static int debug_got_console = 0;
283 void dputs(const char *buf)
287 if (!debug_got_console) {
288 if (AllocConsole()) {
289 debug_got_console = 1;
290 debug_hdl = GetStdHandle(STD_OUTPUT_HANDLE);
294 debug_fp = fopen("debug.log", "w");
297 if (debug_hdl != INVALID_HANDLE_VALUE) {
298 WriteFile(debug_hdl, buf, strlen(buf), &dw, NULL);
300 fputs(buf, debug_fp);
307 * Minefield - a Windows equivalent for Electric Fence
310 #define PAGESIZE 4096
315 * We start by reserving as much virtual address space as Windows
316 * will sensibly (or not sensibly) let us have. We flag it all as
319 * Any allocation attempt is satisfied by committing one or more
320 * pages, with an uncommitted page on either side. The returned
321 * memory region is jammed up against the _end_ of the pages.
323 * Freeing anything causes instantaneous decommitment of the pages
324 * involved, so stale pointers are caught as soon as possible.
327 static int minefield_initialised = 0;
328 static void *minefield_region = NULL;
329 static long minefield_size = 0;
330 static long minefield_npages = 0;
331 static long minefield_curpos = 0;
332 static unsigned short *minefield_admin = NULL;
333 static void *minefield_pages = NULL;
335 static void minefield_admin_hide(int hide)
337 int access = hide ? PAGE_NOACCESS : PAGE_READWRITE;
338 VirtualProtect(minefield_admin, minefield_npages * 2, access, NULL);
341 static void minefield_init(void)
347 for (size = 0x40000000; size > 0; size = ((size >> 3) * 7) & ~0xFFF) {
348 minefield_region = VirtualAlloc(NULL, size,
349 MEM_RESERVE, PAGE_NOACCESS);
350 if (minefield_region)
353 minefield_size = size;
356 * Firstly, allocate a section of that to be the admin block.
357 * We'll need a two-byte field for each page.
359 minefield_admin = minefield_region;
360 minefield_npages = minefield_size / PAGESIZE;
361 admin_size = (minefield_npages * 2 + PAGESIZE - 1) & ~(PAGESIZE - 1);
362 minefield_npages = (minefield_size - admin_size) / PAGESIZE;
363 minefield_pages = (char *) minefield_region + admin_size;
366 * Commit the admin region.
368 VirtualAlloc(minefield_admin, minefield_npages * 2,
369 MEM_COMMIT, PAGE_READWRITE);
372 * Mark all pages as unused (0xFFFF).
374 for (i = 0; i < minefield_npages; i++)
375 minefield_admin[i] = 0xFFFF;
378 * Hide the admin region.
380 minefield_admin_hide(1);
382 minefield_initialised = 1;
385 static void minefield_bomb(void)
387 div(1, *(int *) minefield_pages);
390 static void *minefield_alloc(int size)
393 int pos, lim, region_end, region_start;
397 npages = (size + PAGESIZE - 1) / PAGESIZE;
399 minefield_admin_hide(0);
402 * Search from current position until we find a contiguous
403 * bunch of npages+2 unused pages.
405 pos = minefield_curpos;
406 lim = minefield_npages;
408 /* Skip over used pages. */
409 while (pos < lim && minefield_admin[pos] != 0xFFFF)
411 /* Count unused pages. */
413 while (pos < lim && pos - start < npages + 2 &&
414 minefield_admin[pos] == 0xFFFF)
416 if (pos - start == npages + 2)
418 /* If we've reached the limit, reset the limit or stop. */
420 if (lim == minefield_npages) {
421 /* go round and start again at zero */
422 lim = minefield_curpos;
425 minefield_admin_hide(1);
431 minefield_curpos = pos - 1;
434 * We have npages+2 unused pages starting at start. We leave
435 * the first and last of these alone and use the rest.
437 region_end = (start + npages + 1) * PAGESIZE;
438 region_start = region_end - size;
439 /* FIXME: could align here if we wanted */
442 * Update the admin region.
444 for (i = start + 2; i < start + npages + 1; i++)
445 minefield_admin[i] = 0xFFFE; /* used but no region starts here */
446 minefield_admin[start + 1] = region_start % PAGESIZE;
448 minefield_admin_hide(1);
450 VirtualAlloc((char *) minefield_pages + region_start, size,
451 MEM_COMMIT, PAGE_READWRITE);
452 return (char *) minefield_pages + region_start;
455 static void minefield_free(void *ptr)
457 int region_start, i, j;
459 minefield_admin_hide(0);
461 region_start = (char *) ptr - (char *) minefield_pages;
462 i = region_start / PAGESIZE;
463 if (i < 0 || i >= minefield_npages ||
464 minefield_admin[i] != region_start % PAGESIZE)
466 for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++) {
467 minefield_admin[j] = 0xFFFF;
470 VirtualFree(ptr, j * PAGESIZE - region_start, MEM_DECOMMIT);
472 minefield_admin_hide(1);
475 static int minefield_get_size(void *ptr)
477 int region_start, i, j;
479 minefield_admin_hide(0);
481 region_start = (char *) ptr - (char *) minefield_pages;
482 i = region_start / PAGESIZE;
483 if (i < 0 || i >= minefield_npages ||
484 minefield_admin[i] != region_start % PAGESIZE)
486 for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++);
488 minefield_admin_hide(1);
490 return j * PAGESIZE - region_start;
493 void *minefield_c_malloc(size_t size)
495 if (!minefield_initialised)
497 return minefield_alloc(size);
500 void minefield_c_free(void *p)
502 if (!minefield_initialised)
508 * realloc _always_ moves the chunk, for rapid detection of code
509 * that assumes it won't.
511 void *minefield_c_realloc(void *p, size_t size)
515 if (!minefield_initialised)
517 q = minefield_alloc(size);
518 oldsize = minefield_get_size(p);
519 memcpy(q, p, (oldsize < size ? oldsize : size));
524 #endif /* MINEFIELD */
526 FontSpec *fontspec_new(const char *name,
527 int bold, int height, int charset)
529 FontSpec *f = snew(FontSpec);
530 f->name = dupstr(name);
533 f->charset = charset;
536 FontSpec *fontspec_copy(const FontSpec *f)
538 return fontspec_new(f->name, f->isbold, f->height, f->charset);
540 void fontspec_free(FontSpec *f)
545 int fontspec_serialise(FontSpec *f, void *vdata)
547 char *data = (char *)vdata;
548 int len = strlen(f->name) + 1; /* include trailing NUL */
550 strcpy(data, f->name);
551 PUT_32BIT_MSB_FIRST(data + len, f->isbold);
552 PUT_32BIT_MSB_FIRST(data + len + 4, f->height);
553 PUT_32BIT_MSB_FIRST(data + len + 8, f->charset);
555 return len + 12; /* also include three 4-byte ints */
557 FontSpec *fontspec_deserialise(void *vdata, int maxsize, int *used)
559 char *data = (char *)vdata;
563 end = memchr(data, '\0', maxsize-12);
567 *used = end - data + 12;
568 return fontspec_new(data,
569 GET_32BIT_MSB_FIRST(end),
570 GET_32BIT_MSB_FIRST(end + 4),
571 GET_32BIT_MSB_FIRST(end + 8));