Key rollover: rewrite the PGP keys manual appendix.

[PuTTY.git] / windows / winshare.c

diff --git a/windows/winshare.c b/windows/winshare.c
index ad1cea4d6e06f9aa55f8a7b397cded236e6f74c9..2f21638e76c6c01b914a576291c171b4c0768156 100644 (file)
--- a/windows/winshare.c
+++ b/windows/winshare.c
@@ -5,6 +5,8 @@
 #include <stdio.h>
 #include <assert.h>
 
+#if !defined NO_SECURITY
+
 #define DEFINE_PLUG_METHOD_MACROS
 #include "tree234.h"
 #include "putty.h"
@@ -12,10 +14,24 @@
 #include "proxy.h"
 #include "ssh.h"
 
-#if !defined NO_SECURITY
-
 #include "winsecur.h"
 
+#ifdef COVERITY
+/*
+ * The hack I use to build for Coverity scanning, using winegcc and
+ * Makefile.cyg, didn't provide some defines in wincrypt.h last time I
+ * looked. Therefore, define them myself here, but enclosed in #ifdef
+ * COVERITY to ensure I don't make up random nonsense values for any
+ * real build.
+ */
+#ifndef CRYPTPROTECTMEMORY_BLOCK_SIZE
+#define CRYPTPROTECTMEMORY_BLOCK_SIZE 16
+#endif
+#ifndef CRYPTPROTECTMEMORY_CROSS_PROCESS
+#define CRYPTPROTECTMEMORY_CROSS_PROCESS 1
+#endif
+#endif
+
 #define CONNSHARE_PIPE_PREFIX "\\\\.\\pipe\\putty-connshare"
 #define CONNSHARE_MUTEX_PREFIX "Local\\putty-connshare-mutex"
 
@@ -56,11 +72,17 @@ static char *obfuscate_name(const char *realname)
      * key every time since its API permits returning more data than
      * was input, so calling _that_ and hashing the output would not
      * be stable.)
+     *
+     * We don't worry too much if this doesn't work for some reason.
+     * Omitting this step still has _some_ privacy value (in that
+     * another user can test-hash things to confirm guesses as to
+     * where you might be connecting to, but cannot invert SHA-256 in
+     * the absence of any plausible guess). So we don't abort if we
+     * can't call CryptProtectMemory at all, or if it fails.
      */
-    if (!p_CryptProtectMemory(cryptdata, cryptlen,
-                              CRYPTPROTECTMEMORY_CROSS_PROCESS)) {
-        return NULL;
-    }
+    if (got_crypt())
+        p_CryptProtectMemory(cryptdata, cryptlen,
+                             CRYPTPROTECTMEMORY_CROSS_PROCESS);
 
     /*
      * We don't want to give away the length of the hostname either,
@@ -109,12 +131,6 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
     Socket retsock;
     PSECURITY_DESCRIPTOR psd;
     PACL acl;
-    PSID networksid;
-
-    if (!got_crypt()) {
-        *logtext = dupprintf("Unable to load crypt32.dll");
-        return SHARE_NONE;
-    }
 
     /*
      * Transform the platform-independent version of the connection
@@ -139,9 +155,9 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
 
         mutexname = make_name(CONNSHARE_MUTEX_PREFIX, name);
         if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
-                                              &psd, &networksid,
-                                              &acl, logtext)) {
+                                              &psd, &acl, logtext)) {
             sfree(mutexname);
+            sfree(name);
             return SHARE_NONE;
         }
 
@@ -156,15 +172,14 @@ int platform_ssh_share(const char *pi_name, Conf *conf,
             *logtext = dupprintf("CreateMutex(\"%s\") failed: %s",
                                  mutexname, win_strerror(GetLastError()));
             sfree(mutexname);
+            sfree(name);
             LocalFree(psd);
-            LocalFree(networksid);
             LocalFree(acl);
             return SHARE_NONE;
         }
 
         sfree(mutexname);
         LocalFree(psd);
-        LocalFree(networksid);
         LocalFree(acl);
 
         WaitForSingleObject(mutex, INFINITE);