diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2020-01-22 18:08:09 +0100 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2020-01-22 18:20:35 +0100 |
| commit | 11aa708076910d5aaf187eecc4e33ea207155b12 (patch) | |
| tree | 0ec4bf0de53465a2791d1d3bf48defa2bda42077 | |
| parent | 3874e9af97427c42aa0a789a3e75c6f841cd14e4 (diff) | |
| download | VeraCrypt-11aa708076910d5aaf187eecc4e33ea207155b12.tar.gz VeraCrypt-11aa708076910d5aaf187eecc4e33ea207155b12.zip | |
Windows: use fix for CVE-2019-19501 only when process elevated otherwise it will not add any benefit compared to standard ShellExecute while at the same time potentially causing issue when opening links.
| -rw-r--r-- | src/Common/Dlgcode.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 261ec33e..7640b59e 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -14243,12 +14243,33 @@ cleanup: return retval; } +// This function checks if the process is running with elevated privileges or not +BOOL IsElevated() +{ + DWORD dwSize = 0; + HANDLE hToken = NULL; + TOKEN_ELEVATION tokenInformation; + BOOL bReturn = FALSE; + + if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) + { + if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize)) + { + if (tokenInformation.TokenIsElevated) + bReturn = TRUE; + } + + CloseHandle(hToken); + } + return bReturn; +} + // This function always loads a URL in a non-privileged mode // If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated // Use this security mechanism only starting from Windows Vista void SafeOpenURL (LPCWSTR szUrl) { - if (IsAdmin () && IsOSAtLeast (WIN_VISTA)) + if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated()) { WCHAR szRunDllPath[TC_MAX_PATH]; WCHAR szUrlDllPath[TC_MAX_PATH]; |