X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinmisc.c;h=8bd4c77f88171fbea6672425a5eabed1817ba4bc;hb=510f49e405e71ba5c97875e7a019364e1ef5fac9;hp=525d52c587c20b18f4474d3a8cdad5569eb98feb;hpb=54693d40798a5a5fc51e2aedf355a5aa1b3ee4cd;p=PuTTY.git diff --git a/windows/winmisc.c b/windows/winmisc.c index 525d52c5..8bd4c77f 100644 --- a/windows/winmisc.c +++ b/windows/winmisc.c @@ -5,6 +5,9 @@ #include #include #include "putty.h" +#ifndef SECURITY_WIN32 +#define SECURITY_WIN32 +#endif #include OSVERSIONINFO osVersion; @@ -68,6 +71,13 @@ Filename *filename_deserialise(void *vdata, int maxsize, int *used) return filename_from_str(data); } +char filename_char_sanitise(char c) +{ + if (strchr("<>:\"/\\|?*", c)) + return '.'; + return c; +} + #ifndef NO_SECUREZEROMEMORY /* * Windows implementation of smemclr (see misc.c) using SecureZeroMemory. @@ -139,6 +149,52 @@ char *get_username(void) return got_username ? user : NULL; } +void dll_hijacking_protection(void) +{ + /* + * If the OS provides it, call SetDefaultDllDirectories() to + * prevent DLLs from being loaded from the directory containing + * our own binary, and instead only load from system32. + * + * This is a protection against hijacking attacks, if someone runs + * PuTTY directly from their web browser's download directory + * having previously been enticed into clicking on an unwise link + * that downloaded a malicious DLL to the same directory under one + * of various magic names that seem to be things that standard + * Windows DLLs delegate to. + * + * It shouldn't break deliberate loading of user-provided DLLs + * such as GSSAPI providers, because those are specified by their + * full pathname by the user-provided configuration. + */ + static HMODULE kernel32_module; + DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD)); + + if (!kernel32_module) { + kernel32_module = load_system32_dll("kernel32.dll"); + GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories); + } + + if (p_SetDefaultDllDirectories) { + /* LOAD_LIBRARY_SEARCH_SYSTEM32 | LOAD_LIBRARY_SEARCH_USER_DIRS only */ + p_SetDefaultDllDirectories(0x800|0x400); + } +} + +void dll_hijacking_protection_add_path(const wchar_t *path) +{ + static HMODULE kernel32_module; + DECL_WINDOWS_FUNCTION(static, BOOL, AddDllDirectory, (PCWSTR)); + + if (!kernel32_module) { + kernel32_module = load_system32_dll("kernel32.dll"); + GET_WINDOWS_FUNCTION(kernel32_module, AddDllDirectory); + } + + if (p_AddDllDirectory) { + p_AddDllDirectory(path); + } +} BOOL init_winver(void) { ZeroMemory(&osVersion, sizeof(osVersion)); @@ -210,26 +266,23 @@ const char *win_strerror(int error) es = find234(errstrings, &error, errstring_find); if (!es) { - int bufsize, bufused; + char msgtext[65536]; /* maximum size for FormatMessage is 64K */ es = snew(struct errstring); es->error = error; - /* maximum size for FormatMessage is 64K */ - bufsize = 65535; - es->text = snewn(bufsize, char); if (!FormatMessage((FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS), NULL, error, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), - es->text + bufused, bufsize - bufused, NULL)) { - sprintf(es->text, - "Windows error code %d (and FormatMessage returned %d)", - error, GetLastError()); + msgtext, lenof(msgtext)-1, NULL)) { + sprintf(msgtext, + "(unable to format: FormatMessage returned %u)", + (unsigned int)GetLastError()); } else { - int len = strlen(es->text); - if (len > 0 && es->text[len-1] == '\n') - es->text[len-1] = '\0'; + int len = strlen(msgtext); + if (len > 0 && msgtext[len-1] == '\n') + msgtext[len-1] = '\0'; } - es->text = sresize(es->text, strlen(es->text) + 1, char); + es->text = dupprintf("Error %d: %s", error, msgtext); add234(errstrings, es); } @@ -241,7 +294,7 @@ static FILE *debug_fp = NULL; static HANDLE debug_hdl = INVALID_HANDLE_VALUE; static int debug_got_console = 0; -void dputs(char *buf) +void dputs(const char *buf) { DWORD dw;