#include "ssh.h"
#include "misc.h"
#include "tree234.h"
+#include "winsecur.h"
#include <shellapi.h>
static tree234 *rsakeys, *ssh2keys;
static int has_security;
-#ifndef NO_SECURITY
-DECL_WINDOWS_FUNCTION(extern, DWORD, GetSecurityInfo,
- (HANDLE, SE_OBJECT_TYPE, SECURITY_INFORMATION,
- PSID *, PSID *, PACL *, PACL *,
- PSECURITY_DESCRIPTOR *));
-#endif
/*
* Forward references
{
while (count234(passphrases) > 0) {
char *pp = index234(passphrases, 0);
- memset(pp, 0, strlen(pp));
+ smemclr(pp, strlen(pp));
delpos234(passphrases, 0);
free(pp);
}
0, (LPARAM) listentry);
}
for (i = 0; NULL != (skey = index234(ssh2keys, i)); i++) {
- char listentry[512], *p;
- int len;
+ char *listentry, *p;
+ int fp_len;
/*
* Replace two spaces in the fingerprint with tabs, for
* nice alignment in the box.
*/
p = skey->alg->fingerprint(skey->data);
- strncpy(listentry, p, sizeof(listentry));
+ listentry = dupprintf("%s\t%s", p, skey->comment);
+ fp_len = strlen(listentry);
+ sfree(p);
+
p = strchr(listentry, ' ');
- if (p)
+ if (p && p < listentry + fp_len)
*p = '\t';
p = strchr(listentry, ' ');
- if (p)
+ if (p && p < listentry + fp_len)
*p = '\t';
- len = strlen(listentry);
- if (len < sizeof(listentry) - 2) {
- listentry[len] = '\t';
- strncpy(listentry + len + 1, skey->comment,
- sizeof(listentry) - len - 1);
- }
+
SendDlgItemMessage(keylist, 100, LB_ADDSTRING, 0,
(LPARAM) listentry);
+ sfree(listentry);
}
SendDlgItemMessage(keylist, 100, LB_SETCURSEL, (WPARAM) - 1, 0);
}
MB_OK | MB_ICONERROR);
return;
}
- nkeys = GET_32BIT(keylist);
+ nkeys = toint(GET_32BIT(keylist));
+ if (nkeys < 0) {
+ MessageBox(NULL, "Received broken key list?!", APPNAME,
+ MB_OK | MB_ICONERROR);
+ return;
+ }
p = keylist + 4;
keylistlen -= 4;
MB_OK | MB_ICONERROR);
return;
}
- n = 4 + GET_32BIT(p);
- if (keylistlen < n) {
+ n = toint(4 + GET_32BIT(p));
+ if (n < 0 || keylistlen < n) {
MessageBox(NULL, "Received broken key list?!", APPNAME,
MB_OK | MB_ICONERROR);
return;
MB_OK | MB_ICONERROR);
return;
}
- n = 4 + GET_32BIT(p);
- if (keylistlen < n) {
+ n = toint(4 + GET_32BIT(p));
+ if (n < 0 || keylistlen < n) {
MessageBox(NULL, "Received broken key list?!", APPNAME,
MB_OK | MB_ICONERROR);
return;
retval = agent_query(request, 5, &vresponse, &resplen, NULL, NULL);
assert(retval == 1);
response = vresponse;
- if (resplen < 5 || response[4] != SSH1_AGENT_RSA_IDENTITIES_ANSWER)
+ if (resplen < 5 || response[4] != SSH1_AGENT_RSA_IDENTITIES_ANSWER) {
+ sfree(response);
return NULL;
+ }
ret = snewn(resplen-5, unsigned char);
memcpy(ret, response+5, resplen-5);
retval = agent_query(request, 5, &vresponse, &resplen, NULL, NULL);
assert(retval == 1);
response = vresponse;
- if (resplen < 5 || response[4] != SSH2_AGENT_IDENTITIES_ANSWER)
+ if (resplen < 5 || response[4] != SSH2_AGENT_IDENTITIES_ANSWER) {
+ sfree(response);
return NULL;
+ }
ret = snewn(resplen-5, unsigned char);
memcpy(ret, response+5, resplen-5);
goto failure;
p += i;
i = ssh1_read_bignum(p, msgend - p, &reqkey.modulus);
- if (i < 0)
+ if (i < 0) {
+ freebn(reqkey.exponent);
goto failure;
+ }
p += i;
i = ssh1_read_bignum(p, msgend - p, &challenge);
- if (i < 0)
+ if (i < 0) {
+ freebn(reqkey.exponent);
+ freebn(reqkey.modulus);
goto failure;
+ }
p += i;
if (msgend < p+16) {
freebn(reqkey.exponent);
MD5Init(&md5c);
MD5Update(&md5c, response_source, 48);
MD5Final(response_md5, &md5c);
- memset(response_source, 0, 48); /* burn the evidence */
+ smemclr(response_source, 48); /* burn the evidence */
freebn(response); /* and that evidence */
freebn(challenge); /* yes, and that evidence */
freebn(reqkey.exponent); /* and free some memory ... */
if (msgend < p+4)
goto failure;
- b.len = GET_32BIT(p);
+ b.len = toint(GET_32BIT(p));
+ if (b.len < 0 || b.len > msgend - (p+4))
+ goto failure;
p += 4;
- if (msgend < p+b.len)
- goto failure;
b.blob = p;
p += b.len;
if (msgend < p+4)
goto failure;
- datalen = GET_32BIT(p);
+ datalen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+datalen)
+ if (datalen < 0 || datalen > msgend - p)
goto failure;
data = p;
key = find234(ssh2keys, &b, cmpkeys_ssh2_asymm);
sfree(key);
goto failure;
}
- commentlen = GET_32BIT(p);
+ commentlen = toint(GET_32BIT(p));
- if (msgend < p+commentlen) {
+ if (commentlen < 0 || commentlen > msgend - p) {
freersakey(key);
sfree(key);
goto failure;
if (msgend < p+4)
goto failure;
- alglen = GET_32BIT(p);
+ alglen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+alglen)
+ if (alglen < 0 || alglen > msgend - p)
goto failure;
alg = p;
p += alglen;
sfree(key);
goto failure;
}
- commlen = GET_32BIT(p);
+ commlen = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+commlen) {
+ if (commlen < 0 || commlen > msgend - p) {
key->alg->freekey(key->data);
sfree(key);
goto failure;
if (msgend < p+4)
goto failure;
- b.len = GET_32BIT(p);
+ b.len = toint(GET_32BIT(p));
p += 4;
- if (msgend < p+b.len)
+ if (b.len < 0 || b.len > msgend - p)
goto failure;
b.blob = p;
p += b.len;
of.lpstrTitle = "Select Private Key File";
of.Flags = OFN_ALLOWMULTISELECT | OFN_EXPLORER;
if (request_file(keypath, &of, TRUE, FALSE)) {
- if(strlen(filelist) > of.nFileOffset)
+ if(strlen(filelist) > of.nFileOffset) {
/* Only one filename returned? */
- add_keyfile(filename_from_str(filelist));
- else {
+ Filename *fn = filename_from_str(filelist);
+ add_keyfile(fn);
+ filename_free(fn);
+ } else {
/* we are returned a bunch of strings, end to
* end. first string is the directory, the
* rest the filenames. terminated with an
char *filewalker = filelist + strlen(dir) + 1;
while (*filewalker != '\0') {
char *filename = dupcat(dir, "\\", filewalker, NULL);
- add_keyfile(filename_from_str(filename));
+ Filename *fn = filename_from_str(filename);
+ add_keyfile(fn);
+ filename_free(fn);
sfree(filename);
filewalker += strlen(filewalker) + 1;
}
#ifdef DEBUG_IPC
debug(("couldn't get user SID\n"));
#endif
+ CloseHandle(filemap);
return 0;
}
#ifdef DEBUG_IPC
debug(("couldn't get default SID\n"));
#endif
+ CloseHandle(filemap);
+ sfree(ourself);
return 0;
}
debug(("couldn't get owner info for filemap: %d\n",
rc));
#endif
+ CloseHandle(filemap);
+ sfree(ourself);
+ sfree(ourself2);
return 0;
}
#ifdef DEBUG_IPC
if (!EqualSid(mapowner, ourself) &&
!EqualSid(mapowner, ourself2)) {
CloseHandle(filemap);
+ LocalFree(psd);
+ sfree(ourself);
+ sfree(ourself2);
return 0; /* security ID mismatch! */
}
#ifdef DEBUG_IPC
{
WNDCLASS wndclass;
MSG msg;
- HMODULE advapi;
char *command = NULL;
int added_keys = 0;
int argc, i;
/*
* Attempt to get the security API we need.
*/
- if (!init_advapi()) {
+ if (!got_advapi()) {
MessageBox(NULL,
"Unable to access security APIs. Pageant will\n"
"not run, in case it causes a security breach.",
"Pageant Fatal Error", MB_ICONERROR | MB_OK);
return 1;
#endif
- } else
- advapi = NULL;
+ }
/*
* See if we can find our Help file.
for (i = 0; i < argc; i++) {
if (!strcmp(argv[i], "-pgpfp")) {
pgp_fingerprints();
- if (advapi)
- FreeLibrary(advapi);
return 1;
} else if (!strcmp(argv[i], "-c")) {
/*
command = "";
break;
} else {
- add_keyfile(filename_from_str(argv[i]));
+ Filename *fn = filename_from_str(argv[i]);
+ add_keyfile(fn);
+ filename_free(fn);
added_keys = TRUE;
}
}
MessageBox(NULL, "Pageant is already running", "Pageant Error",
MB_ICONERROR | MB_OK);
}
- if (advapi)
- FreeLibrary(advapi);
return 0;
}
if (keypath) filereq_free(keypath);
- if (advapi)
- FreeLibrary(advapi);
-
cleanup_exit(msg.wParam);
return msg.wParam; /* just in case optimiser complains */
}