#include <stdio.h>
#include <assert.h>
+#if !defined NO_SECURITY
+
#define DEFINE_PLUG_METHOD_MACROS
#include "tree234.h"
#include "putty.h"
#include "proxy.h"
#include "ssh.h"
-#if !defined NO_SECURITY
+#include "wincapi.h"
-#include "winsecur.h"
+#ifdef COVERITY
+/*
+ * The hack I use to build for Coverity scanning, using winegcc and
+ * Makefile.cyg, didn't provide some defines in wincrypt.h last time I
+ * looked. Therefore, define them myself here, but enclosed in #ifdef
+ * COVERITY to ensure I don't make up random nonsense values for any
+ * real build.
+ */
+#ifndef CRYPTPROTECTMEMORY_BLOCK_SIZE
+#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
+#endif
+#ifndef CRYPTPROTECTMEMORY_CROSS_PROCESS
+#define CRYPTPROTECTMEMORY_CROSS_PROCESS 1
+#endif
+#endif
#define CONNSHARE_PIPE_PREFIX "\\\\.\\pipe\\putty-connshare"
#define CONNSHARE_MUTEX_PREFIX "Local\\putty-connshare-mutex"
* key every time since its API permits returning more data than
* was input, so calling _that_ and hashing the output would not
* be stable.)
+ *
+ * We don't worry too much if this doesn't work for some reason.
+ * Omitting this step still has _some_ privacy value (in that
+ * another user can test-hash things to confirm guesses as to
+ * where you might be connecting to, but cannot invert SHA-256 in
+ * the absence of any plausible guess). So we don't abort if we
+ * can't call CryptProtectMemory at all, or if it fails.
*/
- if (!p_CryptProtectMemory(cryptdata, cryptlen,
- CRYPTPROTECTMEMORY_CROSS_PROCESS)) {
- return NULL;
- }
+ if (got_crypt())
+ p_CryptProtectMemory(cryptdata, cryptlen,
+ CRYPTPROTECTMEMORY_CROSS_PROCESS);
/*
* We don't want to give away the length of the hostname either,
Socket retsock;
PSECURITY_DESCRIPTOR psd;
PACL acl;
- PSID networksid;
-
- if (!got_crypt()) {
- *logtext = dupprintf("Unable to load crypt32.dll");
- return SHARE_NONE;
- }
/*
* Transform the platform-independent version of the connection
mutexname = make_name(CONNSHARE_MUTEX_PREFIX, name);
if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
- &psd, &networksid,
- &acl, logtext)) {
+ &psd, &acl, logtext)) {
sfree(mutexname);
+ sfree(name);
return SHARE_NONE;
}
*logtext = dupprintf("CreateMutex(\"%s\") failed: %s",
mutexname, win_strerror(GetLastError()));
sfree(mutexname);
+ sfree(name);
LocalFree(psd);
- LocalFree(networksid);
LocalFree(acl);
return SHARE_NONE;
}
sfree(mutexname);
LocalFree(psd);
- LocalFree(networksid);
LocalFree(acl);
WaitForSingleObject(mutex, INFINITE);