diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-07-14 17:18:01 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:21:13 +0100 |
| commit | 016edc150b034d7401a1652bd3482d613ff4b9d4 (patch) | |
| tree | cf79aeef0f7e593eb776ee6e9ca393e39a292a09 /src/Setup/SelfExtract.c | |
| parent | 5c1db9d0e1287c873d180021cf82e89677fe4aa0 (diff) | |
| download | VeraCrypt-016edc150b034d7401a1652bd3482d613ff4b9d4.tar.gz VeraCrypt-016edc150b034d7401a1652bd3482d613ff4b9d4.zip | |
Static Code Analysis : Use Safe String functions in Setup code to avoid potential security issues.
Diffstat (limited to 'src/Setup/SelfExtract.c')
| -rw-r--r-- | src/Setup/SelfExtract.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/src/Setup/SelfExtract.c b/src/Setup/SelfExtract.c index a14a0db4..55f14114 100644 --- a/src/Setup/SelfExtract.c +++ b/src/Setup/SelfExtract.c @@ -18,6 +18,7 @@ #include "Dir.h"
#include "Language.h"
#include "Resource.h"
+#include <Strsafe.h>
#define OutputPackageFile "VeraCrypt Setup " VERSION_STRING ".exe"
@@ -240,12 +241,12 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir) goto err;
if (szDestDir[x - 1] != '\\')
- strcat (szDestDir, "\\");
+ StringCbCatA (szDestDir, MAX_PATH, "\\");
GetModuleFileName (NULL, inputFile, sizeof (inputFile));
- strcpy (outputFile, szDestDir);
- strncat (outputFile, OutputPackageFile, sizeof (outputFile) - strlen (outputFile) - 1);
+ StringCbCopyA (outputFile, sizeof(outputFile), szDestDir);
+ StringCbCatA (outputFile, sizeof(outputFile), OutputPackageFile);
// Clone 'VeraCrypt Setup.exe' to create the base of the new self-extracting archive
@@ -262,13 +263,13 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir) for (i = 0; i < sizeof (szCompressedFiles) / sizeof (szCompressedFiles[0]); i++)
{
- _snprintf (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
+ StringCbPrintfA (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
if (!FileExists (szTmpFilePath))
{
char tmpstr [1000];
- _snprintf (tmpstr, sizeof(tmpstr), "File not found:\n\n'%s'", szTmpFilePath);
+ StringCbPrintfA (tmpstr, sizeof(tmpstr), "File not found:\n\n'%s'", szTmpFilePath);
remove (outputFile);
PkgError (tmpstr);
goto err;
@@ -308,7 +309,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir) DWORD tmpFileSize;
unsigned char *tmpBuffer;
- _snprintf (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
+ StringCbPrintfA (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
tmpBuffer = LoadFile (szTmpFilePath, &tmpFileSize);
@@ -317,7 +318,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir) char tmpstr [1000];
free (tmpBuffer);
- _snprintf (tmpstr, sizeof(tmpstr), "Cannot load file \n'%s'", szTmpFilePath);
+ StringCbPrintfA (tmpstr, sizeof(tmpstr), "Cannot load file \n'%s'", szTmpFilePath);
remove (outputFile);
PkgError (tmpstr);
goto err;
@@ -436,7 +437,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir) }
}
- sprintf (tmpStr, "Self-extracting package successfully created (%s)", outputFile);
+ StringCbPrintfA (tmpStr, sizeof(tmpStr), "Self-extracting package successfully created (%s)", outputFile);
PkgInfo (tmpStr);
return TRUE;
@@ -697,7 +698,7 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg) wchar_t szTmp[TC_MAX_PATH];
handleWin32Error (hwndDlg);
- wsprintfW (szTmp, GetString ("CANT_CREATE_FOLDER"), DestExtractPath);
+ StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("CANT_CREATE_FOLDER"), DestExtractPath);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONHAND);
bSuccess = FALSE;
goto eaf_end;
@@ -710,10 +711,9 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg) char filePath [TC_MAX_PATH] = {0};
// Filename
- strncpy (fileName, Decompressed_Files[fileNo].fileName, Decompressed_Files[fileNo].fileNameLength);
- fileName [Decompressed_Files[fileNo].fileNameLength] = 0;
- strcpy (filePath, DestExtractPath);
- strcat (filePath, fileName);
+ StringCbCopyNA (fileName, sizeof(fileName), Decompressed_Files[fileNo].fileName, Decompressed_Files[fileNo].fileNameLength);
+ StringCbCopyA (filePath, sizeof(filePath), DestExtractPath);
+ StringCbCatA (filePath, sizeof(filePath), fileName);
StatusMessageParam (hwndDlg, "EXTRACTING_VERB", filePath);
@@ -726,7 +726,7 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg) {
wchar_t szTmp[512];
- _snwprintf (szTmp, sizeof (szTmp) / 2, GetString ("CANNOT_WRITE_FILE_X"), filePath);
+ StringCbPrintfW (szTmp, sizeof (szTmp), GetString ("CANNOT_WRITE_FILE_X"), filePath);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONERROR | MB_SETFOREGROUND | MB_TOPMOST);
bSuccess = FALSE;
goto eaf_end;
|