mirror of
https://github.com/veracrypt/VeraCrypt
synced 2024-09-20 21:06:22 +02:00
Static Code Analysis : fix non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).
This commit is contained in:
parent
d6817f941a
commit
f67748ae8e
@ -1844,7 +1844,7 @@ void ExceptionHandlerThread (void *threadArg)
|
|||||||
|
|
||||||
if (IDYES == MessageBoxW (0, msg, GetString ("EXCEPTION_REPORT_TITLE"), MB_ICONERROR | MB_YESNO | MB_DEFBUTTON1))
|
if (IDYES == MessageBoxW (0, msg, GetString ("EXCEPTION_REPORT_TITLE"), MB_ICONERROR | MB_YESNO | MB_DEFBUTTON1))
|
||||||
ShellExecute (NULL, "open", urlStr.c_str(), NULL, NULL, SW_SHOWNORMAL);
|
ShellExecute (NULL, "open", urlStr.c_str(), NULL, NULL, SW_SHOWNORMAL);
|
||||||
else*/
|
else */
|
||||||
UnhandledExceptionFilter (ep);
|
UnhandledExceptionFilter (ep);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2276,6 +2276,7 @@ void InitApp (HINSTANCE hInstance, char *lpszCommandLine)
|
|||||||
{
|
{
|
||||||
WNDCLASS wc;
|
WNDCLASS wc;
|
||||||
char langId[6];
|
char langId[6];
|
||||||
|
char dllPath[MAX_PATH];
|
||||||
|
|
||||||
/* Save the instance handle for later */
|
/* Save the instance handle for later */
|
||||||
hInst = hInstance;
|
hInst = hInstance;
|
||||||
@ -2442,8 +2443,12 @@ void InitApp (HINSTANCE hInstance, char *lpszCommandLine)
|
|||||||
AbortProcess ("INIT_REGISTER");
|
AbortProcess ("INIT_REGISTER");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (GetSystemDirectory(dllPath, MAX_PATH))
|
||||||
|
strcat(dllPath, "\\Riched20.dll");
|
||||||
|
else
|
||||||
|
strcpy(dllPath, "c:\\Windows\\System32\\Riched20.dll");
|
||||||
// Required for RichEdit text fields to work
|
// Required for RichEdit text fields to work
|
||||||
if (LoadLibrary("Riched20.dll") == NULL)
|
if (LoadLibrary(dllPath) == NULL)
|
||||||
{
|
{
|
||||||
// This error is fatal e.g. because legal notices could not be displayed
|
// This error is fatal e.g. because legal notices could not be displayed
|
||||||
handleWin32Error (NULL);
|
handleWin32Error (NULL);
|
||||||
@ -6951,6 +6956,16 @@ BOOL PrintHardCopyTextUTF16 (wchar_t *text, char *title, int textByteLen)
|
|||||||
strcat (cl, path);
|
strcat (cl, path);
|
||||||
strcat (cl, "\"");
|
strcat (cl, "\"");
|
||||||
|
|
||||||
|
// Get the absolute path for notepad
|
||||||
|
if (GetWindowsDirectory(filename, MAX_PATH))
|
||||||
|
{
|
||||||
|
if (filename[strlen (filename) - 1] != '\\')
|
||||||
|
strcat (filename, "\\");
|
||||||
|
strcat(filename, PRINT_TOOL);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
strcpy(filename, "C:\\Windows\\" PRINT_TOOL);
|
||||||
|
|
||||||
WaitCursor ();
|
WaitCursor ();
|
||||||
ShellExecute (NULL, "open", PRINT_TOOL, cl, NULL, SW_HIDE);
|
ShellExecute (NULL, "open", PRINT_TOOL, cl, NULL, SW_HIDE);
|
||||||
Sleep (6000);
|
Sleep (6000);
|
||||||
@ -9496,7 +9511,7 @@ BOOL IsFileOnReadOnlyFilesystem (const char *path)
|
|||||||
|
|
||||||
void CheckFilesystem (int driveNo, BOOL fixErrors)
|
void CheckFilesystem (int driveNo, BOOL fixErrors)
|
||||||
{
|
{
|
||||||
wchar_t msg[1024], param[1024];
|
wchar_t msg[1024], param[1024], cmdPath[MAX_PATH];
|
||||||
char driveRoot[] = { 'A' + (char) driveNo, ':', 0 };
|
char driveRoot[] = { 'A' + (char) driveNo, ':', 0 };
|
||||||
|
|
||||||
if (fixErrors && AskWarnYesNo ("FILESYS_REPAIR_CONFIRM_BACKUP") == IDNO)
|
if (fixErrors && AskWarnYesNo ("FILESYS_REPAIR_CONFIRM_BACKUP") == IDNO)
|
||||||
@ -9505,7 +9520,14 @@ void CheckFilesystem (int driveNo, BOOL fixErrors)
|
|||||||
wsprintfW (msg, GetString (fixErrors ? "REPAIRING_FS" : "CHECKING_FS"), driveRoot);
|
wsprintfW (msg, GetString (fixErrors ? "REPAIRING_FS" : "CHECKING_FS"), driveRoot);
|
||||||
wsprintfW (param, fixErrors ? L"/C echo %s & chkdsk %hs /F /X & pause" : L"/C echo %s & chkdsk %hs & pause", msg, driveRoot);
|
wsprintfW (param, fixErrors ? L"/C echo %s & chkdsk %hs /F /X & pause" : L"/C echo %s & chkdsk %hs & pause", msg, driveRoot);
|
||||||
|
|
||||||
ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", L"cmd.exe", param, NULL, SW_SHOW);
|
if (GetSystemDirectoryW(cmdPath, MAX_PATH))
|
||||||
|
{
|
||||||
|
lstrcatW(cmdPath, L"\\cmd.exe");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
lstrcpyW(cmdPath, L"C:\\Windows\\System32\\cmd.exe");
|
||||||
|
|
||||||
|
ShellExecuteW (NULL, (!IsAdmin() && IsUacSupported()) ? L"runas" : L"open", cmdPath, param, NULL, SW_SHOW);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -9701,7 +9723,15 @@ BOOL IsWindowsIsoBurnerAvailable ()
|
|||||||
|
|
||||||
BOOL LaunchWindowsIsoBurner (HWND hwnd, const char *isoPath)
|
BOOL LaunchWindowsIsoBurner (HWND hwnd, const char *isoPath)
|
||||||
{
|
{
|
||||||
int r = (int) ShellExecute (hwnd, "open", ISO_BURNER_TOOL, (string ("\"") + isoPath + "\"").c_str(), NULL, SW_SHOWNORMAL);
|
char path[MAX_PATH*2] = { 0 };
|
||||||
|
int r;
|
||||||
|
|
||||||
|
if (SUCCEEDED(SHGetFolderPath (NULL, CSIDL_SYSTEM, NULL, 0, path)))
|
||||||
|
strcat (path, "\\" ISO_BURNER_TOOL);
|
||||||
|
else
|
||||||
|
strcpy (path, "C:\\Windows\\System32\\" ISO_BURNER_TOOL);
|
||||||
|
|
||||||
|
r = (int) ShellExecute (hwnd, "open", path, (string ("\"") + isoPath + "\"").c_str(), NULL, SW_SHOWNORMAL);
|
||||||
|
|
||||||
if (r <= 32)
|
if (r <= 32)
|
||||||
{
|
{
|
||||||
|
@ -218,7 +218,7 @@ typedef struct
|
|||||||
#define YES_NO MB_YESNO
|
#define YES_NO MB_YESNO
|
||||||
|
|
||||||
#define ISO_BURNER_TOOL "isoburn.exe"
|
#define ISO_BURNER_TOOL "isoburn.exe"
|
||||||
#define PRINT_TOOL "notepad"
|
#define PRINT_TOOL "notepad.exe"
|
||||||
|
|
||||||
void cleanup ( void );
|
void cleanup ( void );
|
||||||
void LowerCaseCopy ( char *lpszDest , const char *lpszSource );
|
void LowerCaseCopy ( char *lpszDest , const char *lpszSource );
|
||||||
|
@ -795,11 +795,21 @@ BOOLEAN __stdcall FormatExCallback (int command, DWORD subCommand, PVOID paramet
|
|||||||
|
|
||||||
BOOL FormatNtfs (int driveNo, int clusterSize)
|
BOOL FormatNtfs (int driveNo, int clusterSize)
|
||||||
{
|
{
|
||||||
|
char dllPath[MAX_PATH] = {0};
|
||||||
WCHAR dir[8] = { (WCHAR) driveNo + 'A', 0 };
|
WCHAR dir[8] = { (WCHAR) driveNo + 'A', 0 };
|
||||||
PFORMATEX FormatEx;
|
PFORMATEX FormatEx;
|
||||||
HMODULE hModule = LoadLibrary ("fmifs.dll");
|
HMODULE hModule;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
if (GetSystemDirectory (dllPath, MAX_PATH))
|
||||||
|
{
|
||||||
|
strcat(dllPath, "\\fmifs.dll");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
strcpy(dllPath, "C:\\Windows\\System32\\fmifs.dll");
|
||||||
|
|
||||||
|
hModule = LoadLibrary (dllPath);
|
||||||
|
|
||||||
if (hModule == NULL)
|
if (hModule == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
@ -573,7 +573,15 @@ BOOL SlowPoll (void)
|
|||||||
{
|
{
|
||||||
/* Obtain a handle to the module containing the Lan Manager
|
/* Obtain a handle to the module containing the Lan Manager
|
||||||
functions */
|
functions */
|
||||||
hNetAPI32 = LoadLibrary ("NETAPI32.DLL");
|
char dllPath[MAX_PATH];
|
||||||
|
if (GetSystemDirectory (dllPath, MAX_PATH))
|
||||||
|
{
|
||||||
|
strcat(dllPath, "\\NETAPI32.DLL");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
strcpy(dllPath, "C:\\Windows\\System32\\NETAPI32.DLL");
|
||||||
|
|
||||||
|
hNetAPI32 = LoadLibrary (dllPath);
|
||||||
if (hNetAPI32 != NULL)
|
if (hNetAPI32 != NULL)
|
||||||
{
|
{
|
||||||
/* Now get pointers to the functions */
|
/* Now get pointers to the functions */
|
||||||
|
@ -2012,7 +2012,14 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, char *lpszComm
|
|||||||
}
|
}
|
||||||
|
|
||||||
// System Restore
|
// System Restore
|
||||||
SystemRestoreDll = LoadLibrary ("srclient.dll");
|
char dllPath[MAX_PATH];
|
||||||
|
if (GetSystemDirectory (dllPath, MAX_PATH))
|
||||||
|
{
|
||||||
|
strcat(dllPath, "\\srclient.dll");
|
||||||
|
}
|
||||||
|
else
|
||||||
|
strcpy(dllPath, "C:\\Windows\\System32\\srclient.dll");
|
||||||
|
SystemRestoreDll = LoadLibrary (dllPath);
|
||||||
|
|
||||||
if (!bUninstall)
|
if (!bUninstall)
|
||||||
{
|
{
|
||||||
|
Loading…
Reference in New Issue
Block a user