VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/libzip/zip_source_win32handle.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2018-03-18 23:13:40 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2018-03-18 23:13:40 +0100
commitcd7a01c34fc4304ef8161ee617568f274ace5d24 (patch)
tree41ed56e75a5feedc5f7d4fedb6338569d54d6076 /src/Common/libzip/zip_source_win32handle.c
parent49a8e52139b960afd3913053380190cf2d03ceda (diff)
downloadVeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.tar.gz
VeraCrypt-cd7a01c34fc4304ef8161ee617568f274ace5d24.zip
Windows: Update libzip to version 1.5.0 that include fixes for some security issues.
Diffstat (limited to 'src/Common/libzip/zip_source_win32handle.c')
-rw-r--r--src/Common/libzip/zip_source_win32handle.c133
1 files changed, 60 insertions, 73 deletions
diff --git a/src/Common/libzip/zip_source_win32handle.c b/src/Common/libzip/zip_source_win32handle.c
index 7fe003dc..8cef9198 100644
--- a/src/Common/libzip/zip_source_win32handle.c
+++ b/src/Common/libzip/zip_source_win32handle.c
@@ -1,40 +1,41 @@
/*
-zip_source_win32file.c -- create data source from HANDLE (Win32)
-Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
-
-This file is part of libzip, a library to manipulate ZIP archives.
-The authors can be contacted at <libzip@nih.at>
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in
-the documentation and/or other materials provided with the
-distribution.
-3. The names of the authors may not be used to endorse or promote
-products derived from this software without specific prior
-written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
-OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
-GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
-IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ zip_source_win32file.c -- create data source from HANDLE (Win32)
+ Copyright (C) 1999-2016 Dieter Baron and Thomas Klausner
+
+ This file is part of libzip, a library to manipulate ZIP archives.
+ The authors can be contacted at <libzip@nih.at>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ 3. The names of the authors may not be used to endorse or promote
+ products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#include <wchar.h>
+#include <aclapi.h>
#include <stdlib.h>
#include <string.h>
+#include <wchar.h>
#include "zipint.h"
#include "zipwin32.h"
@@ -48,8 +49,7 @@ static int _zip_win32_error_to_errno(unsigned long win32err);
static int _zip_stat_win32(void *h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx);
ZIP_EXTERN zip_source_t *
-zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len)
-{
+zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len) {
if (za == NULL)
return NULL;
@@ -58,8 +58,7 @@ zip_source_win32handle(zip_t *za, HANDLE h, zip_uint64_t start, zip_int64_t len)
ZIP_EXTERN zip_source_t *
-zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length, zip_error_t *error)
-{
+zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length, zip_error_t *error) {
if (h == INVALID_HANDLE_VALUE || length < -1) {
zip_error_set(error, ZIP_ER_INVAL, 0);
return NULL;
@@ -70,8 +69,7 @@ zip_source_win32handle_create(HANDLE h, zip_uint64_t start, zip_int64_t length,
zip_source_t *
-_zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start, zip_int64_t len, int closep, const zip_stat_t *st, _zip_source_win32_file_ops_t *ops, zip_error_t *error)
-{
+_zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start, zip_int64_t len, int closep, const zip_stat_t *st, _zip_source_win32_file_ops_t *ops, zip_error_t *error) {
_zip_source_win32_read_file_t *ctx;
zip_source_t *zs;
@@ -140,8 +138,7 @@ _zip_source_win32_handle_or_name(const void *fname, HANDLE h, zip_uint64_t start
static zip_int64_t
-_win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd)
-{
+_win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd) {
_zip_source_win32_read_file_t *ctx;
char *buf;
zip_uint64_t n;
@@ -347,8 +344,8 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
if (h == INVALID_HANDLE_VALUE) {
win32err = GetLastError();
if (win32err == ERROR_FILE_NOT_FOUND || win32err == ERROR_PATH_NOT_FOUND) {
- zip_error_set(&ctx->error, ZIP_ER_READ, ENOENT);
- return -1;
+ zip_error_set(&ctx->error, ZIP_ER_READ, ENOENT);
+ return -1;
}
}
}
@@ -376,8 +373,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
case ZIP_SOURCE_TELL:
return (zip_int64_t)ctx->current;
- case ZIP_SOURCE_TELL_WRITE:
- {
+ case ZIP_SOURCE_TELL_WRITE: {
LARGE_INTEGER zero;
LARGE_INTEGER offset;
@@ -390,8 +386,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
return offset.QuadPart;
}
- case ZIP_SOURCE_WRITE:
- {
+ case ZIP_SOURCE_WRITE: {
DWORD ret;
if (!WriteFile(ctx->hout, data, (DWORD)len, &ret, NULL) || ret != len) {
zip_error_set(&ctx->error, ZIP_ER_WRITE, _zip_win32_error_to_errno(GetLastError()));
@@ -409,8 +404,7 @@ _win32_read_file(void *state, void *data, zip_uint64_t len, zip_source_cmd_t cmd
static int
-_win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
-{
+_win32_create_temp_file(_zip_source_win32_read_file_t *ctx) {
zip_uint32_t value;
/*
Windows has GetTempFileName(), but it closes the file after
@@ -420,12 +414,12 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
int i;
HANDLE th = INVALID_HANDLE_VALUE;
void *temp = NULL;
- SECURITY_INFORMATION si;
- SECURITY_ATTRIBUTES sa;
PSECURITY_DESCRIPTOR psd = NULL;
PSECURITY_ATTRIBUTES psa = NULL;
- DWORD len;
- BOOL success;
+ SECURITY_ATTRIBUTES sa;
+ SECURITY_INFORMATION si;
+ DWORD success;
+ PACL dacl = NULL;
/*
Read the DACL from the original file, so we can copy it to the temp file.
@@ -434,16 +428,8 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
*/
if (ctx->h != INVALID_HANDLE_VALUE && GetFileType(ctx->h) == FILE_TYPE_DISK) {
si = DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION;
- len = 0;
- success = GetUserObjectSecurity(ctx->h, &si, NULL, len, &len);
- if (!success && GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
- if ((psd = (PSECURITY_DESCRIPTOR)malloc(len)) == NULL) {
- zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
- return -1;
- }
- success = GetUserObjectSecurity(ctx->h, &si, psd, len, &len);
- }
- if (success) {
+ success = GetSecurityInfo(ctx->h, SE_FILE_OBJECT, si, NULL, NULL, &dacl, NULL, &psd);
+ if (success == ERROR_SUCCESS) {
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.bInheritHandle = FALSE;
sa.lpSecurityDescriptor = psd;
@@ -451,7 +437,13 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
}
}
+
+#ifndef MS_UWP
value = GetTickCount();
+#else
+ value = (zip_uint32_t)GetTickCount64();
+#endif
+
for (i = 0; i < 1024 && th == INVALID_HANDLE_VALUE; i++) {
th = ctx->ops->op_create_temp(ctx, &temp, value + i, psa);
if (th == INVALID_HANDLE_VALUE && GetLastError() != ERROR_FILE_EXISTS)
@@ -460,12 +452,12 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
if (th == INVALID_HANDLE_VALUE) {
free(temp);
- free(psd);
+ LocalFree(psd);
zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, _zip_win32_error_to_errno(GetLastError()));
return -1;
}
- free(psd);
+ LocalFree(psd);
ctx->hout = th;
ctx->tmpname = temp;
@@ -474,8 +466,7 @@ _win32_create_temp_file(_zip_source_win32_read_file_t *ctx)
static int
-_zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error)
-{
+_zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error) {
if (offset > ZIP_INT64_MAX) {
zip_error_set(error, ZIP_ER_SEEK, EOVERFLOW);
return -1;
@@ -485,8 +476,7 @@ _zip_seek_win32_u(HANDLE h, zip_uint64_t offset, int whence, zip_error_t *error)
static int
-_zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error)
-{
+_zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error) {
LARGE_INTEGER li;
DWORD method;
@@ -516,8 +506,7 @@ _zip_seek_win32(HANDLE h, zip_int64_t offset, int whence, zip_error_t *error)
static int
-_zip_win32_error_to_errno(DWORD win32err)
-{
+_zip_win32_error_to_errno(DWORD win32err) {
/*
Note: This list isn't exhaustive, but should cover common cases.
*/
@@ -543,8 +532,7 @@ _zip_win32_error_to_errno(DWORD win32err)
static int
-_zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx)
-{
+_zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx) {
FILETIME mtimeft;
time_t mtime;
LARGE_INTEGER size;
@@ -586,8 +574,7 @@ _zip_stat_win32(HANDLE h, zip_stat_t *st, _zip_source_win32_read_file_t *ctx)
static int
-_zip_filetime_to_time_t(FILETIME ft, time_t *t)
-{
+_zip_filetime_to_time_t(FILETIME ft, time_t *t) {
/*
Inspired by http://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux
*/