diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2018-03-18 23:13:40 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2018-03-18 23:13:40 +0100 |
commit | cd7a01c34fc4304ef8161ee617568f274ace5d24 (patch) | |
tree | 41ed56e75a5feedc5f7d4fedb6338569d54d6076 /src/Common/libzip/zip_source_win32handle.c | |
parent | 49a8e52139b960afd3913053380190cf2d03ceda (diff) | |
download | VeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.tar.gz VeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.zip |
Windows: Update libzip to version 1.5.0 that include fixes for some security issues.
Diffstat (limited to 'src/Common/libzip/zip_source_win32handle.c')
-rw-r--r-- | src/Common/libzip/zip_source_win32handle.c | 133 |
1 files changed, 60 insertions, 73 deletions
diff --git a/src/Common/libzip/zip_source_win32handle.c b/src/Common/libzip/zip_source_win32handle.c index 7fe003dc..8cef9198 100644 --- a/src/Common/libzip/zip_source_win32handle.c +++ b/src/Common/libzip/zip_source_win32handle.c @@ -1,40 +1,41 @@ /* -zip_source_win32file.c -- create data source from HANDLE (Win32) -Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner - -This file is part of libzip, a library to manipulate ZIP archives. -The authors can be contacted at <libzip@nih.at> - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in -the documentation and/or other materials provided with the -distribution. -3. The names of the authors may not be used to endorse or promote -products derived from this software without specific prior -written permission. - -THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER -IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN -IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + zip_source_win32file.c -- create data source from HANDLE (Win32) + Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner + + This file is part of libzip, a library to manipulate ZIP archives. + The authors can be contacted at <libzip@nih.at> + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + 3. The names of the authors may not be used to endorse or promote + products derived from this software without specific prior + written permission. + + THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <wchar.h> +#include <aclapi.h> #include <stdlib.h> #include <string.h> +#include <wchar.h> #include "zipint.h" #include "zipwin32.h" @@ -48,8 +49,7 @@ static int _zip_win32_error_to_errno(unsigned long win32err); static int _zip_stat_win32(void *h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx); ZIP_EXTERN zip_source_t * -zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len) -{ +zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len) { if (za == NULL) return NULL; @@ -58,8 +58,7 @@ zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len) ZIP_EXTERN zip_source_t * -zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length, zip_error_t *error) -{ +zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length, zip_error_t *error) { if (h == INVALID_HANDLE_VALUE || length < -1) { zip_error_set(error, ZIP_ER_INVAL, 0); return NULL; @@ -70,8 +69,7 @@ zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length, zip_source_t * -_zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start, zip_int64_t len, int closep, const zip_stat_t *st, _zip_source_win32_file_ops_t *ops, zip_error_t *error) -{ +_zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start, zip_int64_t len, int closep, const zip_stat_t *st, _zip_source_win32_file_ops_t *ops, zip_error_t *error) { _zip_source_win32_read_file_t *ctx; zip_source_t *zs; @@ -140,8 +138,7 @@ _zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start static zip_int64_t -_win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) -{ +_win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) { _zip_source_win32_read_file_t *ctx; char *buf; zip_uint64_t n; @@ -347,8 +344,8 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd if (h == INVALID_HANDLE_VALUE) { win32err = GetLastError(); if (win32err == ERROR_FILE_NOT_FOUND || win32err == ERROR_PATH_NOT_FOUND) { - zip_error_set(&ctx->error, ZIP_ER_READ, ENOENT); - return -1; + zip_error_set(&ctx->error, ZIP_ER_READ, ENOENT); + return -1; } } } @@ -376,8 +373,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd case ZIP_SOURCE_TELL: return (zip_int64_t)ctx->current; - case ZIP_SOURCE_TELL_WRITE: - { + case ZIP_SOURCE_TELL_WRITE: { LARGE_INTEGER zero; LARGE_INTEGER offset; @@ -390,8 +386,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd return offset.QuadPart; } - case ZIP_SOURCE_WRITE: - { + case ZIP_SOURCE_WRITE: { DWORD ret; if (!WriteFile(ctx->hout, data, (DWORD)len, &ret, NULL) || ret != len) { zip_error_set(&ctx->error, ZIP_ER_WRITE, _zip_win32_error_to_errno(GetLastError())); @@ -409,8 +404,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd static int -_win32_create_temp_file(_zip_source_win32_read_file_t *ctx) -{ +_win32_create_temp_file(_zip_source_win32_read_file_t *ctx) { zip_uint32_t value; /* Windows has GetTempFileName(), but it closes the file after @@ -420,12 +414,12 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx) int i; HANDLE th = INVALID_HANDLE_VALUE; void *temp = NULL; - SECURITY_INFORMATION si; - SECURITY_ATTRIBUTES sa; PSECURITY_DESCRIPTOR psd = NULL; PSECURITY_ATTRIBUTES psa = NULL; - DWORD len; - BOOL success; + SECURITY_ATTRIBUTES sa; + SECURITY_INFORMATION si; + DWORD success; + PACL dacl = NULL; /* Read the DACL from the original file, so we can copy it to the temp file. @@ -434,16 +428,8 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx) */ if (ctx->h != INVALID_HANDLE_VALUE && GetFileType(ctx->h) == FILE_TYPE_DISK) { si = DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION; - len = 0; - success = GetUserObjectSecurity(ctx->h, &si, NULL, len, &len); - if (!success && GetLastError() == ERROR_INSUFFICIENT_BUFFER) { - if ((psd = (PSECURITY_DESCRIPTOR)malloc(len)) == NULL) { - zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0); - return -1; - } - success = GetUserObjectSecurity(ctx->h, &si, psd, len, &len); - } - if (success) { + success = GetSecurityInfo(ctx->h, SE_FILE_OBJECT, si, NULL, NULL, &dacl, NULL, &psd); + if (success == ERROR_SUCCESS) { sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.bInheritHandle = FALSE; sa.lpSecurityDescriptor = psd; @@ -451,7 +437,13 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx) } } + +#ifndef MS_UWP value = GetTickCount(); +#else + value = (zip_uint32_t)GetTickCount64(); +#endif + for (i = 0; i < 1024 && th == INVALID_HANDLE_VALUE; i++) { th = ctx->ops->op_create_temp(ctx, &temp, value + i, psa); if (th == INVALID_HANDLE_VALUE && GetLastError() != ERROR_FILE_EXISTS) @@ -460,12 +452,12 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx) if (th == INVALID_HANDLE_VALUE) { free(temp); - free(psd); + LocalFree(psd); zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, _zip_win32_error_to_errno(GetLastError())); return -1; } - free(psd); + LocalFree(psd); ctx->hout = th; ctx->tmpname = temp; @@ -474,8 +466,7 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx) static int -_zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error) -{ +_zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error) { if (offset > ZIP_INT64_MAX) { zip_error_set(error, ZIP_ER_SEEK, EOVERFLOW); return -1; @@ -485,8 +476,7 @@ _zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error) static int -_zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error) -{ +_zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error) { LARGE_INTEGER li; DWORD method; @@ -516,8 +506,7 @@ _zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error) static int -_zip_win32_error_to_errno(DWORD win32err) -{ +_zip_win32_error_to_errno(DWORD win32err) { /* Note: This list isn't exhaustive, but should cover common cases. */ @@ -543,8 +532,7 @@ _zip_win32_error_to_errno(DWORD win32err) static int -_zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx) -{ +_zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx) { FILETIME mtimeft; time_t mtime; LARGE_INTEGER size; @@ -586,8 +574,7 @@ _zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx) static int -_zip_filetime_to_time_t(FILETIME ft, time_t *t) -{ +_zip_filetime_to_time_t(FILETIME ft, time_t *t) { /* Inspired by http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux */ |