#include <stdio.h>
#include <assert.h>
+#if !defined NO_SECURITY
+
#define DEFINE_PLUG_METHOD_MACROS
#include "tree234.h"
#include "putty.h"
#include "proxy.h"
#include "ssh.h"
-#if !defined NO_SECURITY
-
#include "winsecur.h"
#define CONNSHARE_PIPE_PREFIX "\\\\.\\pipe\\putty-connshare"
* key every time since its API permits returning more data than
* was input, so calling _that_ and hashing the output would not
* be stable.)
+ *
+ * We don't worry too much if this doesn't work for some reason.
+ * Omitting this step still has _some_ privacy value (in that
+ * another user can test-hash things to confirm guesses as to
+ * where you might be connecting to, but cannot invert SHA-256 in
+ * the absence of any plausible guess). So we don't abort if we
+ * can't call CryptProtectMemory at all, or if it fails.
*/
- if (!p_CryptProtectMemory(cryptdata, cryptlen,
- CRYPTPROTECTMEMORY_CROSS_PROCESS)) {
- return NULL;
- }
+ if (got_crypt())
+ p_CryptProtectMemory(cryptdata, cryptlen,
+ CRYPTPROTECTMEMORY_CROSS_PROCESS);
/*
* We don't want to give away the length of the hostname either,
Socket retsock;
PSECURITY_DESCRIPTOR psd;
PACL acl;
- PSID networksid;
-
- if (!got_crypt()) {
- *logtext = dupprintf("Unable to load crypt32.dll");
- return SHARE_NONE;
- }
/*
* Transform the platform-independent version of the connection
mutexname = make_name(CONNSHARE_MUTEX_PREFIX, name);
if (!make_private_security_descriptor(MUTEX_ALL_ACCESS,
- &psd, &networksid,
- &acl, logtext)) {
+ &psd, &acl, logtext)) {
sfree(mutexname);
return SHARE_NONE;
}
mutexname, win_strerror(GetLastError()));
sfree(mutexname);
LocalFree(psd);
- LocalFree(networksid);
LocalFree(acl);
return SHARE_NONE;
}
sfree(mutexname);
LocalFree(psd);
- LocalFree(networksid);
LocalFree(acl);
WaitForSingleObject(mutex, INFINITE);
projects / PuTTY.git / blobdiff