X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=windows%2Fwinpgnt.c;h=86998a2bb49127c90e04ce8ce75c435335a23d5f;hb=1de7240eb88fa24a8532ded116b4ec72dd213008;hp=2109d1c6feb94c56f243da497aa8a0512f1468da;hpb=3ad0c89feca43af8c4e8ddb913bc232ad4fb5521;p=PuTTY.git diff --git a/windows/winpgnt.c b/windows/winpgnt.c index 2109d1c6..86998a2b 100644 --- a/windows/winpgnt.c +++ b/windows/winpgnt.c @@ -49,7 +49,7 @@ #define APPNAME "Pageant" -extern char ver[]; +extern const char ver[]; static HWND keylist; static HWND aboutbox; @@ -301,11 +301,32 @@ void keylist_update(void) for (i = 0; NULL != (skey = pageant_nth_ssh2_key(i)); i++) { char *listentry, *p; int pos; - /* - * Replace spaces with tabs in the fingerprint prefix, for - * nice alignment in the list box, until we encounter a : - * meaning we're into the fingerprint proper. - */ + + /* + * For nice alignment in the list box, we would ideally + * want every entry to align to the tab stop settings, and + * have a column for algorithm name, one for bit count, + * one for hex fingerprint, and one for key comment. + * + * Unfortunately, some of the algorithm names are so long + * that they overflow into the bit-count field. + * Fortunately, at the moment, those are _precisely_ the + * algorithm names that don't need a bit count displayed + * anyway (because for NIST-style ECDSA the bit count is + * mentioned in the algorithm name, and for ssh-ed25519 + * there is only one possible value anyway). So we fudge + * this by simply omitting the bit count field in that + * situation. + * + * This is fragile not only in the face of further key + * types that don't follow this pattern, but also in the + * face of font metrics changes - the Windows semantics + * for list box tab stops is that \t aligns to the next + * one you haven't already exceeded, so I have to guess + * when the key type will overflow past the bit-count tab + * stop and leave out a tab character. Urgh. + */ + p = ssh2_fingerprint(skey->alg, skey->data); listentry = dupprintf("%s\t%s", p, skey->comment); sfree(p); @@ -317,6 +338,26 @@ void keylist_update(void) break; listentry[pos++] = '\t'; } + if (skey->alg != &ssh_dss && skey->alg != &ssh_rsa) { + /* + * Remove the bit-count field, which is between the + * first and second \t. + */ + int outpos; + pos = 0; + while (listentry[pos] && listentry[pos] != '\t') + pos++; + outpos = pos; + pos++; + while (listentry[pos] && listentry[pos] != '\t') + pos++; + while (1) { + if ((listentry[outpos] = listentry[pos]) == '\0') + break; + outpos++; + pos++; + } + } SendDlgItemMessage(keylist, 100, LB_ADDSTRING, 0, (LPARAM) listentry); @@ -921,7 +962,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message, debug(("couldn't get default SID\n")); #endif CloseHandle(filemap); - sfree(ourself); return 0; } @@ -934,7 +974,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message, rc)); #endif CloseHandle(filemap); - sfree(ourself); sfree(ourself2); return 0; } @@ -955,7 +994,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message, !EqualSid(mapowner, ourself2)) { CloseHandle(filemap); LocalFree(psd); - sfree(ourself); sfree(ourself2); return 0; /* security ID mismatch! */ } @@ -963,7 +1001,6 @@ static LRESULT CALLBACK WndProc(HWND hwnd, UINT message, debug(("security stuff matched\n")); #endif LocalFree(psd); - sfree(ourself); sfree(ourself2); } else { #ifdef DEBUG_IPC @@ -1137,6 +1174,23 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show) } } +#if !defined UNPROTECT && !defined NO_SECURITY + /* + * Protect our process. + */ + { + char *error = NULL; + if (!setprocessacl(error)) { + char *message = dupprintf("Could not restrict process ACL: %s", + error); + MessageBox(NULL, message, "Pageant Warning", + MB_ICONWARNING | MB_OK); + sfree(message); + sfree(error); + } + } +#endif + /* * Forget any passphrase that we retained while going over * command line keyfiles.