VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Setup
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-02 17:54:55 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-03 00:15:05 +0100
commit5872be28a243acb3b5aafdf13248e07d30471893 (patch)
tree98e5d23a0b9965e7dd3b336d5349ff027d9570aa /src/Setup
parent6cb1eefc49dbac29fb5a5bd2bf42569b6882d9c7 (diff)
downloadVeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.tar.gz
VeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.zip
Windows: Fix Dll hijacking vulnerability affecting installer that allows arbitrary code execution with elevation of privilege (CVE-2016-1281)
Diffstat (limited to 'src/Setup')
-rw-r--r--src/Setup/Setup.c26
-rw-r--r--src/Setup/Setup.vcproj7
2 files changed, 23 insertions, 10 deletions
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index 828de703..e81c2a31 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -329,13 +329,13 @@ void SearchAndDeleteRegistrySubString (HKEY hKey, const wchar_t *subKey, const w
// if the string to search for is empty, delete the sub key, otherwise, look for matching value and delete them
if (subStringLength == 0)
{
- if (ERROR_ACCESS_DENIED == SHDeleteKeyW (hKey, ItSubKey->c_str()))
+ if (ERROR_ACCESS_DENIED == DeleteRegistryKey (hKey, ItSubKey->c_str()))
{
// grant permission to delete
AllowKeyAccess (hKey, ItSubKey->c_str());
// try again
- SHDeleteKeyW (hKey, ItSubKey->c_str());
+ DeleteRegistryKey (hKey, ItSubKey->c_str());
}
}
else
@@ -427,6 +427,22 @@ BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable)
return bStatus;
}
+/*
+ * Creates a VT_LPWSTR propvariant.
+ * we use our own implementation to use SHStrDupW function pointer
+ * that we retreive ourselves to avoid dll hijacking attacks
+ */
+inline HRESULT VCInitPropVariantFromString(__in PCWSTR psz, __out PROPVARIANT *ppropvar)
+{
+ ppropvar->vt = VT_LPWSTR;
+ HRESULT hr = VCStrDupW(psz, &ppropvar->pwszVal);
+ if (FAILED(hr))
+ {
+ PropVariantInit(ppropvar);
+ }
+ return hr;
+}
+
HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
wchar_t *lpszPathLink, const wchar_t* iconFile, int iconIndex)
{
@@ -457,7 +473,7 @@ HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
if (SUCCEEDED (psl->QueryInterface (IID_PPV_ARGS (&propStore))))
{
PROPVARIANT propVariant;
- if (SUCCEEDED (InitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
+ if (SUCCEEDED (VCInitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
{
if (SUCCEEDED (propStore->SetValue (PKEY_AppUserModel_ID, propVariant)))
propStore->Commit();
@@ -1287,7 +1303,7 @@ BOOL DoRegUninstall (HWND hwndDlg, BOOL bRemoveDeprecated)
GetStartupRegKeyName (regk, sizeof(regk));
DeleteRegistryValue (regk, L"VeraCrypt");
- SHDeleteKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
+ DeleteRegistryKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
// enable the SE_TAKE_OWNERSHIP_NAME privilege for this operation
SetPrivilege (SE_TAKE_OWNERSHIP_NAME, TRUE);
@@ -2447,8 +2463,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
lpszTitle = L"VeraCrypt Setup";
- InitCommonControls ();
-
/* Call InitApp to initialize the common code */
InitApp (hInstance, NULL);
diff --git a/src/Setup/Setup.vcproj b/src/Setup/Setup.vcproj
index 8e70aa6e..b27b6963 100644
--- a/src/Setup/Setup.vcproj
+++ b/src/Setup/Setup.vcproj
@@ -43,7 +43,7 @@
Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
- PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS"
+ PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="1"
@@ -65,7 +65,7 @@
<Tool
Name="VCLinkerTool"
AdditionalOptions="/NODEFAULTLIB:LIBCMTD"
- AdditionalDependencies="libcmtd.lib comctl32.lib setupapi.lib"
+ AdditionalDependencies="libcmtd.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -130,7 +130,7 @@
AdditionalOptions="/w34189"
Optimization="2"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
- PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS"
+ PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
RuntimeLibrary="0"
BufferSecurityCheck="true"
UsePrecompiledHeader="0"
@@ -152,7 +152,6 @@
<Tool
Name="VCLinkerTool"
AdditionalOptions="/IGNORE:4089"
- AdditionalDependencies="comctl32.lib setupapi.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="1"
GenerateManifest="false"