2 * winmisc.c: miscellaneous Windows-specific things
13 OSVERSIONINFO osVersion;
15 char *platform_get_x_display(void) {
16 /* We may as well check for DISPLAY in case it's useful. */
17 return dupstr(getenv("DISPLAY"));
20 Filename *filename_from_str(const char *str)
22 Filename *ret = snew(Filename);
23 ret->path = dupstr(str);
27 Filename *filename_copy(const Filename *fn)
29 return filename_from_str(fn->path);
32 const char *filename_to_str(const Filename *fn)
37 int filename_equal(const Filename *f1, const Filename *f2)
39 return !strcmp(f1->path, f2->path);
42 int filename_is_null(const Filename *fn)
47 void filename_free(Filename *fn)
53 int filename_serialise(const Filename *f, void *vdata)
55 char *data = (char *)vdata;
56 int len = strlen(f->path) + 1; /* include trailing NUL */
58 strcpy(data, f->path);
62 Filename *filename_deserialise(void *vdata, int maxsize, int *used)
64 char *data = (char *)vdata;
66 end = memchr(data, '\0', maxsize);
71 return filename_from_str(data);
74 char filename_char_sanitise(char c)
76 if (strchr("<>:\"/\\|?*", c))
81 #ifndef NO_SECUREZEROMEMORY
83 * Windows implementation of smemclr (see misc.c) using SecureZeroMemory.
85 void smemclr(void *b, size_t n) {
87 SecureZeroMemory(b, n);
91 char *get_username(void)
95 int got_username = FALSE;
96 DECL_WINDOWS_FUNCTION(static, BOOLEAN, GetUserNameExA,
97 (EXTENDED_NAME_FORMAT, LPSTR, PULONG));
100 static int tried_usernameex = FALSE;
101 if (!tried_usernameex) {
102 /* Not available on Win9x, so load dynamically */
103 HMODULE secur32 = load_system32_dll("secur32.dll");
104 GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
105 tried_usernameex = TRUE;
109 if (p_GetUserNameExA) {
111 * If available, use the principal -- this avoids the problem
112 * that the local username is case-insensitive but Kerberos
113 * usernames are case-sensitive.
118 (void) p_GetUserNameExA(NameUserPrincipal, NULL, &namelen);
120 user = snewn(namelen, char);
121 got_username = p_GetUserNameExA(NameUserPrincipal, user, &namelen);
123 char *p = strchr(user, '@');
131 /* Fall back to local user name */
133 if (GetUserName(NULL, &namelen) == FALSE) {
135 * Apparently this doesn't work at least on Windows XP SP2.
136 * Thus assume a maximum of 256. It will fail again if it
142 user = snewn(namelen, char);
143 got_username = GetUserName(user, &namelen);
149 return got_username ? user : NULL;
152 void dll_hijacking_protection(void)
155 * If the OS provides it, call SetDefaultDllDirectories() to
156 * prevent DLLs from being loaded from the directory containing
157 * our own binary, and instead only load from system32.
159 * This is a protection against hijacking attacks, if someone runs
160 * PuTTY directly from their web browser's download directory
161 * having previously been enticed into clicking on an unwise link
162 * that downloaded a malicious DLL to the same directory under one
163 * of various magic names that seem to be things that standard
164 * Windows DLLs delegate to.
166 * It shouldn't break deliberate loading of user-provided DLLs
167 * such as GSSAPI providers, because those are specified by their
168 * full pathname by the user-provided configuration.
170 static HMODULE kernel32_module;
171 DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD));
173 if (!kernel32_module) {
174 kernel32_module = load_system32_dll("kernel32.dll");
175 GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories);
178 if (p_SetDefaultDllDirectories) {
179 /* LOAD_LIBRARY_SEARCH_SYSTEM32 | LOAD_LIBRARY_SEARCH_USER_DIRS only */
180 p_SetDefaultDllDirectories(0x800|0x400);
184 void dll_hijacking_protection_add_path(const wchar_t *path)
186 static HMODULE kernel32_module;
187 DECL_WINDOWS_FUNCTION(static, BOOL, AddDllDirectory, (PCWSTR));
189 if (!kernel32_module) {
190 kernel32_module = load_system32_dll("kernel32.dll");
191 GET_WINDOWS_FUNCTION(kernel32_module, AddDllDirectory);
194 if (p_AddDllDirectory) {
195 p_AddDllDirectory(path);
198 BOOL init_winver(void)
200 ZeroMemory(&osVersion, sizeof(osVersion));
201 osVersion.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
202 return GetVersionEx ( (OSVERSIONINFO *) &osVersion);
205 HMODULE load_system32_dll(const char *libname)
208 * Wrapper function to load a DLL out of c:\windows\system32
209 * without going through the full DLL search path. (Hence no
210 * attack is possible by placing a substitute DLL earlier on that
213 static char *sysdir = NULL;
220 size = 3*size/2 + 512;
221 sysdir = sresize(sysdir, size, char);
222 len = GetSystemDirectory(sysdir, size);
223 } while (len >= size);
226 fullpath = dupcat(sysdir, "\\", libname, NULL);
227 ret = LoadLibrary(fullpath);
233 * A tree234 containing mappings from system error codes to strings.
241 static int errstring_find(void *av, void *bv)
244 struct errstring *b = (struct errstring *)bv;
251 static int errstring_compare(void *av, void *bv)
253 struct errstring *a = (struct errstring *)av;
254 return errstring_find(&a->error, bv);
257 static tree234 *errstrings = NULL;
259 const char *win_strerror(int error)
261 struct errstring *es;
264 errstrings = newtree234(errstring_compare);
266 es = find234(errstrings, &error, errstring_find);
269 char msgtext[65536]; /* maximum size for FormatMessage is 64K */
271 es = snew(struct errstring);
273 if (!FormatMessage((FORMAT_MESSAGE_FROM_SYSTEM |
274 FORMAT_MESSAGE_IGNORE_INSERTS), NULL, error,
275 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
276 msgtext, lenof(msgtext)-1, NULL)) {
278 "(unable to format: FormatMessage returned %u)",
279 (unsigned int)GetLastError());
281 int len = strlen(msgtext);
282 if (len > 0 && msgtext[len-1] == '\n')
283 msgtext[len-1] = '\0';
285 es->text = dupprintf("Error %d: %s", error, msgtext);
286 add234(errstrings, es);
293 static FILE *debug_fp = NULL;
294 static HANDLE debug_hdl = INVALID_HANDLE_VALUE;
295 static int debug_got_console = 0;
297 void dputs(const char *buf)
301 if (!debug_got_console) {
302 if (AllocConsole()) {
303 debug_got_console = 1;
304 debug_hdl = GetStdHandle(STD_OUTPUT_HANDLE);
308 debug_fp = fopen("debug.log", "w");
311 if (debug_hdl != INVALID_HANDLE_VALUE) {
312 WriteFile(debug_hdl, buf, strlen(buf), &dw, NULL);
314 fputs(buf, debug_fp);
321 * Minefield - a Windows equivalent for Electric Fence
324 #define PAGESIZE 4096
329 * We start by reserving as much virtual address space as Windows
330 * will sensibly (or not sensibly) let us have. We flag it all as
333 * Any allocation attempt is satisfied by committing one or more
334 * pages, with an uncommitted page on either side. The returned
335 * memory region is jammed up against the _end_ of the pages.
337 * Freeing anything causes instantaneous decommitment of the pages
338 * involved, so stale pointers are caught as soon as possible.
341 static int minefield_initialised = 0;
342 static void *minefield_region = NULL;
343 static long minefield_size = 0;
344 static long minefield_npages = 0;
345 static long minefield_curpos = 0;
346 static unsigned short *minefield_admin = NULL;
347 static void *minefield_pages = NULL;
349 static void minefield_admin_hide(int hide)
351 int access = hide ? PAGE_NOACCESS : PAGE_READWRITE;
352 VirtualProtect(minefield_admin, minefield_npages * 2, access, NULL);
355 static void minefield_init(void)
361 for (size = 0x40000000; size > 0; size = ((size >> 3) * 7) & ~0xFFF) {
362 minefield_region = VirtualAlloc(NULL, size,
363 MEM_RESERVE, PAGE_NOACCESS);
364 if (minefield_region)
367 minefield_size = size;
370 * Firstly, allocate a section of that to be the admin block.
371 * We'll need a two-byte field for each page.
373 minefield_admin = minefield_region;
374 minefield_npages = minefield_size / PAGESIZE;
375 admin_size = (minefield_npages * 2 + PAGESIZE - 1) & ~(PAGESIZE - 1);
376 minefield_npages = (minefield_size - admin_size) / PAGESIZE;
377 minefield_pages = (char *) minefield_region + admin_size;
380 * Commit the admin region.
382 VirtualAlloc(minefield_admin, minefield_npages * 2,
383 MEM_COMMIT, PAGE_READWRITE);
386 * Mark all pages as unused (0xFFFF).
388 for (i = 0; i < minefield_npages; i++)
389 minefield_admin[i] = 0xFFFF;
392 * Hide the admin region.
394 minefield_admin_hide(1);
396 minefield_initialised = 1;
399 static void minefield_bomb(void)
401 div(1, *(int *) minefield_pages);
404 static void *minefield_alloc(int size)
407 int pos, lim, region_end, region_start;
411 npages = (size + PAGESIZE - 1) / PAGESIZE;
413 minefield_admin_hide(0);
416 * Search from current position until we find a contiguous
417 * bunch of npages+2 unused pages.
419 pos = minefield_curpos;
420 lim = minefield_npages;
422 /* Skip over used pages. */
423 while (pos < lim && minefield_admin[pos] != 0xFFFF)
425 /* Count unused pages. */
427 while (pos < lim && pos - start < npages + 2 &&
428 minefield_admin[pos] == 0xFFFF)
430 if (pos - start == npages + 2)
432 /* If we've reached the limit, reset the limit or stop. */
434 if (lim == minefield_npages) {
435 /* go round and start again at zero */
436 lim = minefield_curpos;
439 minefield_admin_hide(1);
445 minefield_curpos = pos - 1;
448 * We have npages+2 unused pages starting at start. We leave
449 * the first and last of these alone and use the rest.
451 region_end = (start + npages + 1) * PAGESIZE;
452 region_start = region_end - size;
453 /* FIXME: could align here if we wanted */
456 * Update the admin region.
458 for (i = start + 2; i < start + npages + 1; i++)
459 minefield_admin[i] = 0xFFFE; /* used but no region starts here */
460 minefield_admin[start + 1] = region_start % PAGESIZE;
462 minefield_admin_hide(1);
464 VirtualAlloc((char *) minefield_pages + region_start, size,
465 MEM_COMMIT, PAGE_READWRITE);
466 return (char *) minefield_pages + region_start;
469 static void minefield_free(void *ptr)
471 int region_start, i, j;
473 minefield_admin_hide(0);
475 region_start = (char *) ptr - (char *) minefield_pages;
476 i = region_start / PAGESIZE;
477 if (i < 0 || i >= minefield_npages ||
478 minefield_admin[i] != region_start % PAGESIZE)
480 for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++) {
481 minefield_admin[j] = 0xFFFF;
484 VirtualFree(ptr, j * PAGESIZE - region_start, MEM_DECOMMIT);
486 minefield_admin_hide(1);
489 static int minefield_get_size(void *ptr)
491 int region_start, i, j;
493 minefield_admin_hide(0);
495 region_start = (char *) ptr - (char *) minefield_pages;
496 i = region_start / PAGESIZE;
497 if (i < 0 || i >= minefield_npages ||
498 minefield_admin[i] != region_start % PAGESIZE)
500 for (j = i; j < minefield_npages && minefield_admin[j] != 0xFFFF; j++);
502 minefield_admin_hide(1);
504 return j * PAGESIZE - region_start;
507 void *minefield_c_malloc(size_t size)
509 if (!minefield_initialised)
511 return minefield_alloc(size);
514 void minefield_c_free(void *p)
516 if (!minefield_initialised)
522 * realloc _always_ moves the chunk, for rapid detection of code
523 * that assumes it won't.
525 void *minefield_c_realloc(void *p, size_t size)
529 if (!minefield_initialised)
531 q = minefield_alloc(size);
532 oldsize = minefield_get_size(p);
533 memcpy(q, p, (oldsize < size ? oldsize : size));
538 #endif /* MINEFIELD */
540 FontSpec *fontspec_new(const char *name,
541 int bold, int height, int charset)
543 FontSpec *f = snew(FontSpec);
544 f->name = dupstr(name);
547 f->charset = charset;
550 FontSpec *fontspec_copy(const FontSpec *f)
552 return fontspec_new(f->name, f->isbold, f->height, f->charset);
554 void fontspec_free(FontSpec *f)
559 int fontspec_serialise(FontSpec *f, void *vdata)
561 char *data = (char *)vdata;
562 int len = strlen(f->name) + 1; /* include trailing NUL */
564 strcpy(data, f->name);
565 PUT_32BIT_MSB_FIRST(data + len, f->isbold);
566 PUT_32BIT_MSB_FIRST(data + len + 4, f->height);
567 PUT_32BIT_MSB_FIRST(data + len + 8, f->charset);
569 return len + 12; /* also include three 4-byte ints */
571 FontSpec *fontspec_deserialise(void *vdata, int maxsize, int *used)
573 char *data = (char *)vdata;
577 end = memchr(data, '\0', maxsize-12);
581 *used = end - data + 12;
582 return fontspec_new(data,
583 GET_32BIT_MSB_FIRST(end),
584 GET_32BIT_MSB_FIRST(end + 4),
585 GET_32BIT_MSB_FIRST(end + 8));