Windows: Fix Dll hijacking vulnerability affecting installer that allows arbitrary code execution with elevation of privilege (CVE-2016-1281)

This commit is contained in:
Mounir IDRASSI 2016-01-02 17:54:55 +01:00
parent 6cb1eefc49
commit 5872be28a2
13 changed files with 221 additions and 111 deletions

View File

@ -13,7 +13,6 @@
#include "Tcdefs.h" #include "Tcdefs.h"
#include "Platform/Finally.h" #include "Platform/Finally.h"
#include "Platform/ForEach.h" #include "Platform/ForEach.h"
#include <Setupapi.h>
#include <devguid.h> #include <devguid.h>
#include <io.h> #include <io.h>
#include <shlobj.h> #include <shlobj.h>
@ -810,16 +809,6 @@ namespace VeraCrypt
} }
wstring BootEncryption::GetTempPath ()
{
wchar_t tempPath[MAX_PATH];
DWORD tempLen = ::GetTempPath (ARRAYSIZE (tempPath), tempPath);
if (tempLen == 0 || tempLen > ARRAYSIZE (tempPath))
throw ParameterIncorrect (SRC_POS);
return wstring (tempPath);
}
uint16 BootEncryption::GetInstalledBootLoaderVersion () uint16 BootEncryption::GetInstalledBootLoaderVersion ()
{ {
@ -1953,7 +1942,7 @@ namespace VeraCrypt
case VolumeFilter: case VolumeFilter:
filter = "veracrypt"; filter = "veracrypt";
filterReg = "UpperFilters"; filterReg = "UpperFilters";
regKey = SetupDiOpenClassRegKey (deviceClassGuid, KEY_READ | KEY_WRITE); regKey = OpenDeviceClassRegKey (deviceClassGuid);
throw_sys_if (regKey == INVALID_HANDLE_VALUE); throw_sys_if (regKey == INVALID_HANDLE_VALUE);
break; break;
@ -1994,24 +1983,7 @@ namespace VeraCrypt
} }
else else
{ {
wstring infFileName = GetTempPath() + L"\\veracrypt_driver_setup.inf"; RegisterDriverInf (registerFilter, filter, filterReg, ParentWindow, regKey);
File infFile (infFileName, false, true);
finally_do_arg (wstring, infFileName, { DeleteFile (finally_arg.c_str()); });
string infTxt = "[veracrypt]\r\n"
+ string (registerFilter ? "Add" : "Del") + "Reg=veracrypt_reg\r\n\r\n"
"[veracrypt_reg]\r\n"
"HKR,,\"" + filterReg + "\",0x0001" + string (registerFilter ? "0008" : "8002") + ",\"" + filter + "\"\r\n";
infFile.Write ((byte *) infTxt.c_str(), (DWORD) infTxt.size());
infFile.Close();
HINF hInf = SetupOpenInfFile (infFileName.c_str(), NULL, INF_STYLE_OLDNT | INF_STYLE_WIN4, NULL);
throw_sys_if (hInf == INVALID_HANDLE_VALUE);
finally_do_arg (HINF, hInf, { SetupCloseInfFile (finally_arg); });
throw_sys_if (!SetupInstallFromInfSection (ParentWindow, hInf, L"veracrypt", SPINST_REGISTRY, regKey, NULL, 0, NULL, NULL, NULL, NULL));
} }
} }
@ -2304,7 +2276,7 @@ namespace VeraCrypt
} }
// Temporary files // Temporary files
if (towupper (GetTempPath()[0]) != windowsDrive) if (towupper (GetTempPathString()[0]) != windowsDrive)
{ {
throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION")) throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS); + GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);

View File

@ -166,7 +166,6 @@ namespace VeraCrypt
Partition GetPartitionForHiddenOS (); Partition GetPartitionForHiddenOS ();
bool IsBootLoaderOnDrive (wchar_t *devicePath); bool IsBootLoaderOnDrive (wchar_t *devicePath);
BootEncryptionStatus GetStatus (); BootEncryptionStatus GetStatus ();
wstring GetTempPath ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties); void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration (); SystemDriveConfiguration GetSystemDriveConfiguration ();
void Install (bool hiddenSystem); void Install (bool hiddenSystem);

View File

@ -16,6 +16,7 @@
#include <windowsx.h> #include <windowsx.h>
#include <dbghelp.h> #include <dbghelp.h>
#include <dbt.h> #include <dbt.h>
#include <Setupapi.h>
#include <fcntl.h> #include <fcntl.h>
#include <io.h> #include <io.h>
#include <math.h> #include <math.h>
@ -190,6 +191,34 @@ DWORD SystemFileSelectorCallerThreadId;
#define RANDPOOL_DISPLAY_COLUMNS 20 #define RANDPOOL_DISPLAY_COLUMNS 20
HMODULE hRichEditDll = NULL; HMODULE hRichEditDll = NULL;
HMODULE hComctl32Dll = NULL;
HMODULE hSetupDll = NULL;
HMODULE hShlwapiDll = NULL;
#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
typedef void (WINAPI *InitCommonControlsPtr)(void);
typedef HIMAGELIST (WINAPI *ImageList_CreatePtr)(int cx, int cy, UINT flags, int cInitial, int cGrow);
typedef int (WINAPI *ImageList_AddPtr)(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask);
typedef VOID (WINAPI *SetupCloseInfFilePtr)(HINF InfHandle);
typedef HKEY (WINAPI *SetupDiOpenClassRegKeyPtr)(CONST GUID *ClassGuid,REGSAM samDesired);
typedef BOOL (WINAPI *SetupInstallFromInfSectionWPtr)(HWND,HINF,PCWSTR,UINT,HKEY,PCWSTR,UINT,PSP_FILE_CALLBACK_W,PVOID,HDEVINFO,PSP_DEVINFO_DATA);
typedef HINF (WINAPI *SetupOpenInfFileWPtr)(PCWSTR FileName,PCWSTR InfClass,DWORD InfStyle,PUINT ErrorLine);
typedef LSTATUS (STDAPICALLTYPE *SHDeleteKeyWPtr)(HKEY hkey, LPCWSTR pszSubKey);
typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
ImageList_CreatePtr ImageList_CreateFn = NULL;
ImageList_AddPtr ImageList_AddFn = NULL;
SetupCloseInfFilePtr SetupCloseInfFileFn = NULL;
SetupDiOpenClassRegKeyPtr SetupDiOpenClassRegKeyFn = NULL;
SetupInstallFromInfSectionWPtr SetupInstallFromInfSectionWFn = NULL;
SetupOpenInfFileWPtr SetupOpenInfFileWFn = NULL;
SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
SHStrDupWPtr SHStrDupWFn = NULL;
/* Windows dialog class */ /* Windows dialog class */
#define WINDOWS_DIALOG_CLASS L"#32770" #define WINDOWS_DIALOG_CLASS L"#32770"
@ -476,11 +505,11 @@ void AbortProcessDirect (wchar_t *abortMsg)
// Note that this function also causes localcleanup() to be called (see atexit()) // Note that this function also causes localcleanup() to be called (see atexit())
MessageBeep (MB_ICONEXCLAMATION); MessageBeep (MB_ICONEXCLAMATION);
MessageBoxW (NULL, abortMsg, lpszTitle, ICON_HAND); MessageBoxW (NULL, abortMsg, lpszTitle, ICON_HAND);
if (hRichEditDll) FREE_DLL (hRichEditDll);
{ FREE_DLL (hComctl32Dll);
FreeLibrary (hRichEditDll); FREE_DLL (hSetupDll);
hRichEditDll = NULL; FREE_DLL (hShlwapiDll);
}
exit (1); exit (1);
} }
@ -492,11 +521,10 @@ void AbortProcess (char *stringId)
void AbortProcessSilent (void) void AbortProcessSilent (void)
{ {
if (hRichEditDll) FREE_DLL (hRichEditDll);
{ FREE_DLL (hComctl32Dll);
FreeLibrary (hRichEditDll); FREE_DLL (hSetupDll);
hRichEditDll = NULL; FREE_DLL (hShlwapiDll);
}
// Note that this function also causes localcleanup() to be called (see atexit()) // Note that this function also causes localcleanup() to be called (see atexit())
exit (1); exit (1);
} }
@ -2288,10 +2316,10 @@ void DoPostInstallTasks (HWND hwndDlg)
void InitOSVersionInfo () void InitOSVersionInfo ()
{ {
OSVERSIONINFO os; OSVERSIONINFOW os;
os.dwOSVersionInfoSize = sizeof (OSVERSIONINFO); os.dwOSVersionInfoSize = sizeof (OSVERSIONINFOW);
if (GetVersionEx (&os) == FALSE) if (GetVersionExW (&os) == FALSE)
AbortProcess ("NO_OS_VER"); AbortProcess ("NO_OS_VER");
CurrentOSMajor = os.dwMajorVersion; CurrentOSMajor = os.dwMajorVersion;
@ -2303,10 +2331,10 @@ void InitOSVersionInfo ()
nCurrentOS = WIN_XP; nCurrentOS = WIN_XP;
else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 5 && CurrentOSMinor == 2) else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 5 && CurrentOSMinor == 2)
{ {
OSVERSIONINFOEX osEx; OSVERSIONINFOEXW osEx;
osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX); osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
GetVersionEx ((LPOSVERSIONINFOW) &osEx); GetVersionExW ((LPOSVERSIONINFOW) &osEx);
if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER) if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER)
nCurrentOS = WIN_SERVER_2003; nCurrentOS = WIN_SERVER_2003;
@ -2315,10 +2343,10 @@ void InitOSVersionInfo ()
} }
else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 6 && CurrentOSMinor == 0) else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 6 && CurrentOSMinor == 0)
{ {
OSVERSIONINFOEX osEx; OSVERSIONINFOEXW osEx;
osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX); osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
GetVersionEx ((LPOSVERSIONINFOW) &osEx); GetVersionExW ((LPOSVERSIONINFOW) &osEx);
if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER) if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER)
nCurrentOS = WIN_SERVER_2008; nCurrentOS = WIN_SERVER_2008;
@ -2341,6 +2369,24 @@ void InitOSVersionInfo ()
nCurrentOS = WIN_UNKNOWN; nCurrentOS = WIN_UNKNOWN;
} }
static void LoadSystemDll (LPCTSTR szModuleName, HMODULE *pHandle)
{
wchar_t dllPath[MAX_PATH];
/* Load dll explictely from System32 to avoid Dll hijacking attacks*/
if (!GetSystemDirectory(dllPath, MAX_PATH))
StringCbCopyW(dllPath, sizeof(dllPath), L"C:\\Windows\\System32");
StringCbCatW(dllPath, sizeof(dllPath), L"\\");
StringCbCatW(dllPath, sizeof(dllPath), szModuleName);
if ((*pHandle = LoadLibrary(dllPath)) == NULL)
{
// This error is fatal
handleWin32Error (NULL, SRC_POS);
AbortProcess ("INIT_DLL");
}
}
/* InitApp - initialize the application, this function is called once in the /* InitApp - initialize the application, this function is called once in the
applications WinMain function, but before the main dialog has been created */ applications WinMain function, but before the main dialog has been created */
@ -2348,7 +2394,39 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
{ {
WNDCLASSW wc; WNDCLASSW wc;
char langId[6]; char langId[6];
wchar_t dllPath[MAX_PATH]; InitCommonControlsPtr InitCommonControlsFn = NULL;
LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll);
LoadSystemDll (L"Riched20.dll", &hRichEditDll);
LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll);
LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll);
// call InitCommonControls function
InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");
ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");
ImageList_CreateFn = (ImageList_CreatePtr) GetProcAddress (hComctl32Dll, "ImageList_Create");
if (InitCommonControlsFn && ImageList_AddFn && ImageList_CreateFn)
{
InitCommonControlsFn();
}
else
AbortProcess ("INIT_DLL");
// Get SetupAPI functions pointers
SetupCloseInfFileFn = (SetupCloseInfFilePtr) GetProcAddress (hSetupDll, "SetupCloseInfFile");
SetupDiOpenClassRegKeyFn = (SetupDiOpenClassRegKeyPtr) GetProcAddress (hSetupDll, "SetupDiOpenClassRegKey");
SetupInstallFromInfSectionWFn = (SetupInstallFromInfSectionWPtr) GetProcAddress (hSetupDll, "SetupInstallFromInfSectionW");
SetupOpenInfFileWFn = (SetupOpenInfFileWPtr) GetProcAddress (hSetupDll, "SetupOpenInfFileW");
if (!SetupCloseInfFileFn || !SetupDiOpenClassRegKeyFn || !SetupInstallFromInfSectionWFn || !SetupOpenInfFileWFn)
AbortProcess ("INIT_DLL");
// Get SHDeleteKeyW function pointer
SHDeleteKeyWFn = (SHDeleteKeyWPtr) GetProcAddress (hShlwapiDll, "SHDeleteKeyW");
SHStrDupWFn = (SHStrDupWPtr) GetProcAddress (hShlwapiDll, "SHStrDupW");
if (!SHDeleteKeyWFn || !SHStrDupWFn)
AbortProcess ("INIT_DLL");
/* Save the instance handle for later */ /* Save the instance handle for later */
hInst = hInstance; hInst = hInstance;
@ -2448,11 +2526,11 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
} }
else else
{ {
OSVERSIONINFOEX osEx; OSVERSIONINFOEXW osEx;
// Service pack check & warnings about critical MS issues // Service pack check & warnings about critical MS issues
osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX); osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
if (GetVersionEx ((LPOSVERSIONINFOW) &osEx) != 0) if (GetVersionExW ((LPOSVERSIONINFOW) &osEx) != 0)
{ {
CurrentOSServicePack = osEx.wServicePackMajor; CurrentOSServicePack = osEx.wServicePackMajor;
switch (nCurrentOS) switch (nCurrentOS)
@ -2529,18 +2607,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
AbortProcess ("INIT_REGISTER"); AbortProcess ("INIT_REGISTER");
} }
if (GetSystemDirectory(dllPath, MAX_PATH))
StringCbCatW(dllPath, sizeof(dllPath), L"\\Riched20.dll");
else
StringCbCopyW(dllPath, sizeof(dllPath), L"c:\\Windows\\System32\\Riched20.dll");
// Required for RichEdit text fields to work
if ((hRichEditDll = LoadLibrary(dllPath)) == NULL)
{
// This error is fatal e.g. because legal notices could not be displayed
handleWin32Error (NULL, SRC_POS);
AbortProcess ("INIT_RICHEDIT");
}
// DPI and GUI aspect ratio // DPI and GUI aspect ratio
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_AUXILIARY_DLG), NULL, DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_AUXILIARY_DLG), NULL,
(DLGPROC) AuxiliaryDlgProc, (LPARAM) 1); (DLGPROC) AuxiliaryDlgProc, (LPARAM) 1);
@ -2551,11 +2617,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
if (!EncryptionThreadPoolStart (ReadEncryptionThreadPoolFreeCpuCountLimit())) if (!EncryptionThreadPoolStart (ReadEncryptionThreadPoolFreeCpuCountLimit()))
{ {
handleWin32Error (NULL, SRC_POS); handleWin32Error (NULL, SRC_POS);
if (hRichEditDll) FREE_DLL (hRichEditDll);
{ FREE_DLL (hComctl32Dll);
FreeLibrary (hRichEditDll); FREE_DLL (hSetupDll);
hRichEditDll = NULL; FREE_DLL (hShlwapiDll);
}
exit (1); exit (1);
} }
#endif #endif
@ -2563,11 +2628,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
void FinalizeApp (void) void FinalizeApp (void)
{ {
if (hRichEditDll) FREE_DLL (hRichEditDll);
{ FREE_DLL (hComctl32Dll);
FreeLibrary (hRichEditDll); FREE_DLL (hSetupDll);
hRichEditDll = NULL; FREE_DLL (hShlwapiDll);
}
} }
void InitHelpFileName (void) void InitHelpFileName (void)
@ -4377,6 +4441,16 @@ wstring IntToWideString (int val)
return szTmp; return szTmp;
} }
wstring GetTempPathString ()
{
wchar_t tempPath[MAX_PATH];
DWORD tempLen = ::GetTempPath (ARRAYSIZE (tempPath), tempPath);
if (tempLen == 0 || tempLen > ARRAYSIZE (tempPath))
throw ParameterIncorrect (SRC_POS);
return wstring (tempPath);
}
void GetSizeString (unsigned __int64 size, wchar_t *str, size_t cbStr) void GetSizeString (unsigned __int64 size, wchar_t *str, size_t cbStr)
{ {
static wchar_t *b, *kb, *mb, *gb, *tb, *pb; static wchar_t *b, *kb, *mb, *gb, *tb, *pb;
@ -9051,9 +9125,9 @@ BOOL Is64BitOs ()
BOOL IsServerOS () BOOL IsServerOS ()
{ {
OSVERSIONINFOEXA osVer; OSVERSIONINFOEXW osVer;
osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXA); osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
GetVersionExA ((LPOSVERSIONINFOA) &osVer); GetVersionExW ((LPOSVERSIONINFOW) &osVer);
return (osVer.wProductType == VER_NT_SERVER || osVer.wProductType == VER_NT_DOMAIN_CONTROLLER); return (osVer.wProductType == VER_NT_SERVER || osVer.wProductType == VER_NT_DOMAIN_CONTROLLER);
} }
@ -9134,7 +9208,7 @@ std::wstring GetWindowsEdition ()
wstring osname = L"win"; wstring osname = L"win";
OSVERSIONINFOEXW osVer; OSVERSIONINFOEXW osVer;
osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXA); osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
GetVersionExW ((LPOSVERSIONINFOW) &osVer); GetVersionExW ((LPOSVERSIONINFOW) &osVer);
BOOL home = (osVer.wSuiteMask & VER_SUITE_PERSONAL); BOOL home = (osVer.wSuiteMask & VER_SUITE_PERSONAL);
@ -10987,3 +11061,50 @@ void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id,
InvalidateRect (GetDlgItem (hwndDlg, edit2Id), NULL, TRUE); InvalidateRect (GetDlgItem (hwndDlg, edit2Id), NULL, TRUE);
} }
} }
void RegisterDriverInf (bool registerFilter, const string& filter, const string& filterReg, HWND ParentWindow, HKEY regKey)
{
wstring infFileName = GetTempPathString() + L"\\veracrypt_driver_setup.inf";
File infFile (infFileName, false, true);
finally_do_arg (wstring, infFileName, { DeleteFile (finally_arg.c_str()); });
string infTxt = "[veracrypt]\r\n"
+ string (registerFilter ? "Add" : "Del") + "Reg=veracrypt_reg\r\n\r\n"
"[veracrypt_reg]\r\n"
"HKR,,\"" + filterReg + "\",0x0001" + string (registerFilter ? "0008" : "8002") + ",\"" + filter + "\"\r\n";
infFile.Write ((byte *) infTxt.c_str(), (DWORD) infTxt.size());
infFile.Close();
HINF hInf = SetupOpenInfFileWFn (infFileName.c_str(), NULL, INF_STYLE_OLDNT | INF_STYLE_WIN4, NULL);
throw_sys_if (hInf == INVALID_HANDLE_VALUE);
finally_do_arg (HINF, hInf, { SetupCloseInfFileFn (finally_arg); });
throw_sys_if (!SetupInstallFromInfSectionWFn (ParentWindow, hInf, L"veracrypt", SPINST_REGISTRY, regKey, NULL, 0, NULL, NULL, NULL, NULL));
}
HKEY OpenDeviceClassRegKey (const GUID *deviceClassGuid)
{
return SetupDiOpenClassRegKeyFn (deviceClassGuid, KEY_READ | KEY_WRITE);
}
LSTATUS DeleteRegistryKey (HKEY hKey, LPCTSTR keyName)
{
return SHDeleteKeyWFn(hKey, keyName);
}
HIMAGELIST CreateImageList(int cx, int cy, UINT flags, int cInitial, int cGrow)
{
return ImageList_CreateFn(cx, cy, flags, cInitial, cGrow);
}
int AddBitmapToImageList(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask)
{
return ImageList_AddFn(himl, hbmImage, hbmMask);
}
HRESULT VCStrDupW(LPCWSTR psz, LPWSTR *ppwsz)
{
return SHStrDupWFn (psz, ppwsz);
}

View File

@ -491,6 +491,11 @@ void SetPim (HWND hwndDlg, UINT ctrlId, int pim);
BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bShowError); BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bShowError);
void SetPassword (HWND hwndDlg, UINT ctrlID, char* passValue); void SetPassword (HWND hwndDlg, UINT ctrlID, char* passValue);
void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id, UINT edit2Id); void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id, UINT edit2Id);
HKEY OpenDeviceClassRegKey (const GUID *deviceClassGuid);
LSTATUS DeleteRegistryKey (HKEY, LPCTSTR);
HIMAGELIST CreateImageList(int cx, int cy, UINT flags, int cInitial, int cGrow);
int AddBitmapToImageList(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask);
HRESULT VCStrDupW(LPCWSTR psz, LPWSTR *ppwsz);
#ifdef __cplusplus #ifdef __cplusplus
} }
@ -555,6 +560,8 @@ std::wstring HarddiskVolumePathToPartitionPath (const std::wstring &harddiskVolu
std::wstring FindLatestFileOrDirectory (const std::wstring &directory, const wchar_t *namePattern, bool findDirectory, bool findFile); std::wstring FindLatestFileOrDirectory (const std::wstring &directory, const wchar_t *namePattern, bool findDirectory, bool findFile);
std::wstring GetUserFriendlyVersionString (int version); std::wstring GetUserFriendlyVersionString (int version);
std::wstring IntToWideString (int val); std::wstring IntToWideString (int val);
void RegisterDriverInf (bool registerFilter, const std::string& filter, const std::string& filterReg, HWND ParentWindow, HKEY regKey);
std::wstring GetTempPathString ();
inline std::wstring AppendSrcPos (const wchar_t* msg, const char* srcPos) inline std::wstring AppendSrcPos (const wchar_t* msg, const char* srcPos)
{ {
return std::wstring (msg? msg : L"") + L"\n\nSource: " + SingleStringToWide (srcPos); return std::wstring (msg? msg : L"") + L"\n\nSource: " + SingleStringToWide (srcPos);

View File

@ -563,7 +563,7 @@
<string lang="en" key="INIT_RAND">Failed to initialize the random number generator!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string> <string lang="en" key="INIT_RAND">Failed to initialize the random number generator!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string>
<string lang="en" key="CAPI_RAND">Windows Crypto API failed!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string> <string lang="en" key="CAPI_RAND">Windows Crypto API failed!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string>
<string lang="en" key="INIT_REGISTER">Unable to initialize the application. Failed to register the Dialog class.</string> <string lang="en" key="INIT_REGISTER">Unable to initialize the application. Failed to register the Dialog class.</string>
<string lang="en" key="INIT_RICHEDIT">Error: Failed to load the Rich Edit system library.</string> <string lang="en" key="INIT_DLL">Error: Failed to load a system library.</string>
<string lang="en" key="INTRO_TITLE">VeraCrypt Volume Creation Wizard</string> <string lang="en" key="INTRO_TITLE">VeraCrypt Volume Creation Wizard</string>
<string lang="en" key="MAX_HIDVOL_SIZE_BYTES">Maximum possible hidden volume size for this volume is %.2f bytes.</string> <string lang="en" key="MAX_HIDVOL_SIZE_BYTES">Maximum possible hidden volume size for this volume is %.2f bytes.</string>
<string lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KB.</string> <string lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KB.</string>

View File

@ -75,7 +75,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="version.lib comctl32.lib setupapi.lib ..\Crypto\Debug\crypto.lib" AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe" OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -168,7 +168,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="version.lib comctl32.lib setupapi.lib ..\Crypto\x64\Debug\crypto.lib" AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe" OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -256,7 +256,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Release\crypto.lib" AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe" OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"
@ -347,7 +347,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Release\crypto.lib" AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe" OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"

View File

@ -986,7 +986,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
VirtualLock (&VeraCryptExpander::defaultMountOptions, sizeof (VeraCryptExpander::defaultMountOptions)); VirtualLock (&VeraCryptExpander::defaultMountOptions, sizeof (VeraCryptExpander::defaultMountOptions));
VirtualLock (&VeraCryptExpander::szFileName, sizeof(VeraCryptExpander::szFileName)); VirtualLock (&VeraCryptExpander::szFileName, sizeof(VeraCryptExpander::szFileName));
InitCommonControls ();
InitApp (hInstance, lpszCommandLine); InitApp (hInstance, lpszCommandLine);
/* application title */ /* application title */

View File

@ -68,7 +68,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\Debug\crypto.lib" AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe" OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -154,7 +154,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\x64\Debug\crypto.lib" AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe" OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -240,7 +240,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\Release\crypto.lib" AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe" OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"
@ -329,7 +329,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\x64\Release\crypto.lib" AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe" OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"

Binary file not shown.

View File

@ -4286,8 +4286,8 @@ void BuildTree (HWND hwndDlg, HWND hTree)
return; return;
hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_DRIVEICON_MASK)); hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_DRIVEICON_MASK));
hList = ImageList_Create (16, 12, ILC_COLOR8|ILC_MASK, 2, 2); hList = CreateImageList (16, 12, ILC_COLOR8|ILC_MASK, 2, 2);
if (ImageList_Add (hList, hBitmap, hBitmapMask) == -1) if (AddBitmapToImageList (hList, hBitmap, hBitmapMask) == -1)
{ {
DeleteObject (hBitmap); DeleteObject (hBitmap);
DeleteObject (hBitmapMask); DeleteObject (hBitmapMask);
@ -4306,7 +4306,7 @@ void BuildTree (HWND hwndDlg, HWND hTree)
return; return;
hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_SYS_DRIVEICON_MASK)); hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_SYS_DRIVEICON_MASK));
if (ImageList_Add (hList, hBitmap, hBitmapMask) == -1) if (AddBitmapToImageList (hList, hBitmap, hBitmapMask) == -1)
{ {
DeleteObject (hBitmap); DeleteObject (hBitmap);
DeleteObject (hBitmapMask); DeleteObject (hBitmapMask);
@ -8663,7 +8663,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
if (BootEncObj == NULL) if (BootEncObj == NULL)
AbortProcess ("INIT_SYS_ENC"); AbortProcess ("INIT_SYS_ENC");
InitCommonControls ();
InitApp (hInstance, lpszCommandLine); InitApp (hInstance, lpszCommandLine);
RegisterRedTick(hInstance); RegisterRedTick(hInstance);

View File

@ -74,7 +74,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Debug\crypto.lib" AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe" OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -166,7 +166,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Debug\crypto.lib" AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe" OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -254,7 +254,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Release\crypto.lib" AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe" OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"
@ -345,7 +345,7 @@
/> />
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Release\crypto.lib" AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe" OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"

View File

@ -329,13 +329,13 @@ void SearchAndDeleteRegistrySubString (HKEY hKey, const wchar_t *subKey, const w
// if the string to search for is empty, delete the sub key, otherwise, look for matching value and delete them // if the string to search for is empty, delete the sub key, otherwise, look for matching value and delete them
if (subStringLength == 0) if (subStringLength == 0)
{ {
if (ERROR_ACCESS_DENIED == SHDeleteKeyW (hKey, ItSubKey->c_str())) if (ERROR_ACCESS_DENIED == DeleteRegistryKey (hKey, ItSubKey->c_str()))
{ {
// grant permission to delete // grant permission to delete
AllowKeyAccess (hKey, ItSubKey->c_str()); AllowKeyAccess (hKey, ItSubKey->c_str());
// try again // try again
SHDeleteKeyW (hKey, ItSubKey->c_str()); DeleteRegistryKey (hKey, ItSubKey->c_str());
} }
} }
else else
@ -427,6 +427,22 @@ BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable)
return bStatus; return bStatus;
} }
/*
* Creates a VT_LPWSTR propvariant.
* we use our own implementation to use SHStrDupW function pointer
* that we retreive ourselves to avoid dll hijacking attacks
*/
inline HRESULT VCInitPropVariantFromString(__in PCWSTR psz, __out PROPVARIANT *ppropvar)
{
ppropvar->vt = VT_LPWSTR;
HRESULT hr = VCStrDupW(psz, &ppropvar->pwszVal);
if (FAILED(hr))
{
PropVariantInit(ppropvar);
}
return hr;
}
HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments, HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
wchar_t *lpszPathLink, const wchar_t* iconFile, int iconIndex) wchar_t *lpszPathLink, const wchar_t* iconFile, int iconIndex)
{ {
@ -457,7 +473,7 @@ HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
if (SUCCEEDED (psl->QueryInterface (IID_PPV_ARGS (&propStore)))) if (SUCCEEDED (psl->QueryInterface (IID_PPV_ARGS (&propStore))))
{ {
PROPVARIANT propVariant; PROPVARIANT propVariant;
if (SUCCEEDED (InitPropVariantFromString (TC_APPLICATION_ID, &propVariant))) if (SUCCEEDED (VCInitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
{ {
if (SUCCEEDED (propStore->SetValue (PKEY_AppUserModel_ID, propVariant))) if (SUCCEEDED (propStore->SetValue (PKEY_AppUserModel_ID, propVariant)))
propStore->Commit(); propStore->Commit();
@ -1287,7 +1303,7 @@ BOOL DoRegUninstall (HWND hwndDlg, BOOL bRemoveDeprecated)
GetStartupRegKeyName (regk, sizeof(regk)); GetStartupRegKeyName (regk, sizeof(regk));
DeleteRegistryValue (regk, L"VeraCrypt"); DeleteRegistryValue (regk, L"VeraCrypt");
SHDeleteKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc"); DeleteRegistryKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
// enable the SE_TAKE_OWNERSHIP_NAME privilege for this operation // enable the SE_TAKE_OWNERSHIP_NAME privilege for this operation
SetPrivilege (SE_TAKE_OWNERSHIP_NAME, TRUE); SetPrivilege (SE_TAKE_OWNERSHIP_NAME, TRUE);
@ -2447,8 +2463,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
lpszTitle = L"VeraCrypt Setup"; lpszTitle = L"VeraCrypt Setup";
InitCommonControls ();
/* Call InitApp to initialize the common code */ /* Call InitApp to initialize the common code */
InitApp (hInstance, NULL); InitApp (hInstance, NULL);

View File

@ -43,7 +43,7 @@
Name="VCCLCompilerTool" Name="VCCLCompilerTool"
Optimization="0" Optimization="0"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11" AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS" PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
MinimalRebuild="true" MinimalRebuild="true"
BasicRuntimeChecks="3" BasicRuntimeChecks="3"
RuntimeLibrary="1" RuntimeLibrary="1"
@ -65,7 +65,7 @@
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalOptions="/NODEFAULTLIB:LIBCMTD" AdditionalOptions="/NODEFAULTLIB:LIBCMTD"
AdditionalDependencies="libcmtd.lib comctl32.lib setupapi.lib" AdditionalDependencies="libcmtd.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe" OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="2" LinkIncremental="2"
GenerateManifest="false" GenerateManifest="false"
@ -130,7 +130,7 @@
AdditionalOptions="/w34189" AdditionalOptions="/w34189"
Optimization="2" Optimization="2"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11" AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS" PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
RuntimeLibrary="0" RuntimeLibrary="0"
BufferSecurityCheck="true" BufferSecurityCheck="true"
UsePrecompiledHeader="0" UsePrecompiledHeader="0"
@ -152,7 +152,6 @@
<Tool <Tool
Name="VCLinkerTool" Name="VCLinkerTool"
AdditionalOptions="/IGNORE:4089" AdditionalOptions="/IGNORE:4089"
AdditionalDependencies="comctl32.lib setupapi.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe" OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="1" LinkIncremental="1"
GenerateManifest="false" GenerateManifest="false"