simon-git: putty (master): Simon Tatham

Commits to Tartarus hosted VCS tartarus-commits at lists.tartarus.org
Mon Jul 9 20:26:20 BST 2018


TL;DR:
  fecd4285 winpgnt.c: put all file-mapping code in one function.
  ac51a712 winpgnt.c: handle arbitrarily large file mappings.
  98528db2 Raise AGENT_MAX_MSGLEN to 256Kb.
  daa086fe winpgnt.c: fix an outdated error message.

Repository:     https://git.tartarus.org/simon/putty.git
On the web:     https://git.tartarus.org/?p=simon/putty.git
Branch updated: master
Committer:      Simon Tatham <anakin at pobox.com>
Date:           2018-07-09 20:26:20

commit fecd42858c3fb4abd5b9c9dae1d456141820d244
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=fecd42858c3fb4abd5b9c9dae1d456141820d244;hp=20e8fdece39dd1d680c0feb8eb1432e18c81ade2
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Jul 8 15:29:41 2018 +0100

    winpgnt.c: put all file-mapping code in one function.
    
    Previously, the code to recover and memory-map the file-mapping object
    Pageant uses for its IPC, and the code to convey its contents to and
    from the cross-platform agent code, were widely separated, with the
    former living in the WM_COPYDATA handler in the window procedure, and
    the latter in answer_msg.
    
    Now all of that code lives in answer_filemapping_message; WndProc only
    handles the _window message_ contents - i.e. ensures the WM_COPYDATA
    message has the right dwData id and that its lpData contains an ASCIZ
    string - and answer_filemapping_message goes all the way from that
    file-mapping object name to calling pageant_handle_msg.
    
    While I'm here, I've also tidied up the code so that it uses the 'goto
    cleanup' idiom rather than nesting everything inconveniently deeply,
    and arranged that if anything goes wrong then we at least _construct_
    an error message (although as yet we don't use that for anything
    unless we're compiled with DEBUG_IPC enabled).

 windows/winpgnt.c | 315 +++++++++++++++++++++++++++++-------------------------
 1 file changed, 170 insertions(+), 145 deletions(-)

commit ac51a712b3abf82277c086fdc76a99e5cdee5c13
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=ac51a712b3abf82277c086fdc76a99e5cdee5c13;hp=fecd42858c3fb4abd5b9c9dae1d456141820d244
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Jul 8 16:46:32 2018 +0100

    winpgnt.c: handle arbitrarily large file mappings.
    
    I heard recently that at least one third-party client of Pageant
    exists, and that it's used to generate signatures to use with TLS
    client certificates. Apparently the signature scheme is compatible,
    but TLS tends to need signatures over more data than will fit in
    AGENT_MAX_MSGLEN.
    
    Before the BinarySink refactor in commit b6cbad89f, this was OK
    because the Windows Pageant IPC didn't check the size of the _input_
    message against AGENT_MAX_MSGLEN, only the output one. But then we
    started checking both, so that third-party TLS client started failing.
    
    Now we use VirtualQuery to find out the actual size of the file
    mapping we've been passed, and our only requirement is that the input
    and output messages should both fit in _that_. So TLS should work
    again, and also, other clients should be able to retrieve longer lists
    of public keys if they pass a larger file mapping.
    
    One side effect of this change is that Pageant's reply message is now
    written directly into the shared-memory region. Previously, it was
    written into a separate buffer and then memcpy()ed over after
    pageant_handle_msg returned, but now the buffer is variable-size, it
    seems to me to make more sense to avoid that extra not-entirely
    controlled malloc. So I've done one very small reordering of
    statements in the cross-platform pageant_handle_msg(), which fixes the
    only case I could find where that function started writing its output
    before it had finished using the contents of the input buffer.

 pageant.c         |  4 ++--
 windows/winpgnt.c | 59 +++++++++++++++++++++++++++++++++++++++----------------
 2 files changed, 44 insertions(+), 19 deletions(-)

commit 98528db25a9df211141b8711a3756ee2b6ea26e9
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=98528db25a9df211141b8711a3756ee2b6ea26e9;hp=ac51a712b3abf82277c086fdc76a99e5cdee5c13
Author: Simon Tatham <anakin at pobox.com>
Date:   Sun Jul 8 17:04:12 2018 +0100

    Raise AGENT_MAX_MSGLEN to 256Kb.
    
    That's the same value as in the OpenSSH source code, so it should be
    large enough that anyone needing to sign a larger message will have
    other problems too.

 pageant.h | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

commit daa086fe73d667a92de8b380d78302bdad827b85
web diff https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=daa086fe73d667a92de8b380d78302bdad827b85;hp=98528db25a9df211141b8711a3756ee2b6ea26e9
Author: Simon Tatham <anakin at pobox.com>
Date:   Mon Jul 9 07:18:08 2018 +0100

    winpgnt.c: fix an outdated error message.
    
    I just spotted it while I was looking through this module anyway. It
    was using %.100s to prevent an sprintf buffer overflow, which hasn't
    been necessary since I switched everything over to dupprintf, and also
    it was printing the integer value of GetLastError() without using my
    convenient translation wrapper win_strerror.

 windows/winpgnt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)



More information about the tartarus-commits mailing list