diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-01-02 17:54:55 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-01-03 00:15:05 +0100 |
commit | 5872be28a243acb3b5aafdf13248e07d30471893 (patch) | |
tree | 98e5d23a0b9965e7dd3b336d5349ff027d9570aa /src | |
parent | 6cb1eefc49dbac29fb5a5bd2bf42569b6882d9c7 (diff) | |
download | VeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.tar.gz VeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.zip |
Windows: Fix Dll hijacking vulnerability affecting installer that allows arbitrary code execution with elevation of privilege (CVE-2016-1281)
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/BootEncryption.cpp | 34 | ||||
-rw-r--r-- | src/Common/BootEncryption.h | 1 | ||||
-rw-r--r-- | src/Common/Dlgcode.c | 223 | ||||
-rw-r--r-- | src/Common/Dlgcode.h | 7 | ||||
-rw-r--r-- | src/Common/Language.xml | 2 | ||||
-rw-r--r-- | src/ExpandVolume/ExpandVolume.vcproj | 8 | ||||
-rw-r--r-- | src/ExpandVolume/WinMain.cpp | 1 | ||||
-rw-r--r-- | src/Format/Format.vcproj | 8 | ||||
-rw-r--r-- | src/Format/Tcformat.c | bin | 633882 -> 633832 bytes | |||
-rw-r--r-- | src/Mount/Mount.c | 7 | ||||
-rw-r--r-- | src/Mount/Mount.vcproj | 8 | ||||
-rw-r--r-- | src/Setup/Setup.c | 26 | ||||
-rw-r--r-- | src/Setup/Setup.vcproj | 7 |
13 files changed, 221 insertions, 111 deletions
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 9edc89e2..c51eadd8 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -13,7 +13,6 @@ #include "Tcdefs.h"
#include "Platform/Finally.h"
#include "Platform/ForEach.h"
-#include <Setupapi.h>
#include <devguid.h>
#include <io.h>
#include <shlobj.h>
@@ -810,16 +809,6 @@ namespace VeraCrypt }
- wstring BootEncryption::GetTempPath ()
- {
- wchar_t tempPath[MAX_PATH];
- DWORD tempLen = ::GetTempPath (ARRAYSIZE (tempPath), tempPath);
- if (tempLen == 0 || tempLen > ARRAYSIZE (tempPath))
- throw ParameterIncorrect (SRC_POS);
-
- return wstring (tempPath);
- }
-
uint16 BootEncryption::GetInstalledBootLoaderVersion ()
{
@@ -1953,7 +1942,7 @@ namespace VeraCrypt case VolumeFilter:
filter = "veracrypt";
filterReg = "UpperFilters";
- regKey = SetupDiOpenClassRegKey (deviceClassGuid, KEY_READ | KEY_WRITE);
+ regKey = OpenDeviceClassRegKey (deviceClassGuid);
throw_sys_if (regKey == INVALID_HANDLE_VALUE);
break;
@@ -1994,24 +1983,7 @@ namespace VeraCrypt }
else
{
- wstring infFileName = GetTempPath() + L"\\veracrypt_driver_setup.inf";
-
- File infFile (infFileName, false, true);
- finally_do_arg (wstring, infFileName, { DeleteFile (finally_arg.c_str()); });
-
- string infTxt = "[veracrypt]\r\n"
- + string (registerFilter ? "Add" : "Del") + "Reg=veracrypt_reg\r\n\r\n"
- "[veracrypt_reg]\r\n"
- "HKR,,\"" + filterReg + "\",0x0001" + string (registerFilter ? "0008" : "8002") + ",\"" + filter + "\"\r\n";
-
- infFile.Write ((byte *) infTxt.c_str(), (DWORD) infTxt.size());
- infFile.Close();
-
- HINF hInf = SetupOpenInfFile (infFileName.c_str(), NULL, INF_STYLE_OLDNT | INF_STYLE_WIN4, NULL);
- throw_sys_if (hInf == INVALID_HANDLE_VALUE);
- finally_do_arg (HINF, hInf, { SetupCloseInfFile (finally_arg); });
-
- throw_sys_if (!SetupInstallFromInfSection (ParentWindow, hInf, L"veracrypt", SPINST_REGISTRY, regKey, NULL, 0, NULL, NULL, NULL, NULL));
+ RegisterDriverInf (registerFilter, filter, filterReg, ParentWindow, regKey);
}
}
@@ -2304,7 +2276,7 @@ namespace VeraCrypt }
// Temporary files
- if (towupper (GetTempPath()[0]) != windowsDrive)
+ if (towupper (GetTempPathString()[0]) != windowsDrive)
{
throw ErrorException (wstring (GetString ("TEMP_NOT_ON_SYS_PARTITION"))
+ GetString ("LEAKS_OUTSIDE_SYSPART_UNIVERSAL_EXPLANATION"), SRC_POS);
diff --git a/src/Common/BootEncryption.h b/src/Common/BootEncryption.h index ae2d85ec..f6d5457b 100644 --- a/src/Common/BootEncryption.h +++ b/src/Common/BootEncryption.h @@ -166,7 +166,6 @@ namespace VeraCrypt Partition GetPartitionForHiddenOS ();
bool IsBootLoaderOnDrive (wchar_t *devicePath);
BootEncryptionStatus GetStatus ();
- wstring GetTempPath ();
void GetVolumeProperties (VOLUME_PROPERTIES_STRUCT *properties);
SystemDriveConfiguration GetSystemDriveConfiguration ();
void Install (bool hiddenSystem);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index db14ecea..3df20001 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -16,6 +16,7 @@ #include <windowsx.h>
#include <dbghelp.h>
#include <dbt.h>
+#include <Setupapi.h>
#include <fcntl.h>
#include <io.h>
#include <math.h>
@@ -190,6 +191,34 @@ DWORD SystemFileSelectorCallerThreadId; #define RANDPOOL_DISPLAY_COLUMNS 20
HMODULE hRichEditDll = NULL;
+HMODULE hComctl32Dll = NULL;
+HMODULE hSetupDll = NULL;
+HMODULE hShlwapiDll = NULL;
+
+#define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;}
+
+typedef void (WINAPI *InitCommonControlsPtr)(void);
+typedef HIMAGELIST (WINAPI *ImageList_CreatePtr)(int cx, int cy, UINT flags, int cInitial, int cGrow);
+typedef int (WINAPI *ImageList_AddPtr)(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask);
+
+typedef VOID (WINAPI *SetupCloseInfFilePtr)(HINF InfHandle);
+typedef HKEY (WINAPI *SetupDiOpenClassRegKeyPtr)(CONST GUID *ClassGuid,REGSAM samDesired);
+typedef BOOL (WINAPI *SetupInstallFromInfSectionWPtr)(HWND,HINF,PCWSTR,UINT,HKEY,PCWSTR,UINT,PSP_FILE_CALLBACK_W,PVOID,HDEVINFO,PSP_DEVINFO_DATA);
+typedef HINF (WINAPI *SetupOpenInfFileWPtr)(PCWSTR FileName,PCWSTR InfClass,DWORD InfStyle,PUINT ErrorLine);
+
+typedef LSTATUS (STDAPICALLTYPE *SHDeleteKeyWPtr)(HKEY hkey, LPCWSTR pszSubKey);
+
+typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz);
+
+ImageList_CreatePtr ImageList_CreateFn = NULL;
+ImageList_AddPtr ImageList_AddFn = NULL;
+
+SetupCloseInfFilePtr SetupCloseInfFileFn = NULL;
+SetupDiOpenClassRegKeyPtr SetupDiOpenClassRegKeyFn = NULL;
+SetupInstallFromInfSectionWPtr SetupInstallFromInfSectionWFn = NULL;
+SetupOpenInfFileWPtr SetupOpenInfFileWFn = NULL;
+SHDeleteKeyWPtr SHDeleteKeyWFn = NULL;
+SHStrDupWPtr SHStrDupWFn = NULL;
/* Windows dialog class */
#define WINDOWS_DIALOG_CLASS L"#32770"
@@ -476,11 +505,11 @@ void AbortProcessDirect (wchar_t *abortMsg) // Note that this function also causes localcleanup() to be called (see atexit())
MessageBeep (MB_ICONEXCLAMATION);
MessageBoxW (NULL, abortMsg, lpszTitle, ICON_HAND);
- if (hRichEditDll)
- {
- FreeLibrary (hRichEditDll);
- hRichEditDll = NULL;
- }
+ FREE_DLL (hRichEditDll);
+ FREE_DLL (hComctl32Dll);
+ FREE_DLL (hSetupDll);
+ FREE_DLL (hShlwapiDll);
+
exit (1);
}
@@ -492,11 +521,10 @@ void AbortProcess (char *stringId) void AbortProcessSilent (void)
{
- if (hRichEditDll)
- {
- FreeLibrary (hRichEditDll);
- hRichEditDll = NULL;
- }
+ FREE_DLL (hRichEditDll);
+ FREE_DLL (hComctl32Dll);
+ FREE_DLL (hSetupDll);
+ FREE_DLL (hShlwapiDll);
// Note that this function also causes localcleanup() to be called (see atexit())
exit (1);
}
@@ -2288,10 +2316,10 @@ void DoPostInstallTasks (HWND hwndDlg) void InitOSVersionInfo ()
{
- OSVERSIONINFO os;
- os.dwOSVersionInfoSize = sizeof (OSVERSIONINFO);
+ OSVERSIONINFOW os;
+ os.dwOSVersionInfoSize = sizeof (OSVERSIONINFOW);
- if (GetVersionEx (&os) == FALSE)
+ if (GetVersionExW (&os) == FALSE)
AbortProcess ("NO_OS_VER");
CurrentOSMajor = os.dwMajorVersion;
@@ -2303,10 +2331,10 @@ void InitOSVersionInfo () nCurrentOS = WIN_XP;
else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 5 && CurrentOSMinor == 2)
{
- OSVERSIONINFOEX osEx;
+ OSVERSIONINFOEXW osEx;
- osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX);
- GetVersionEx ((LPOSVERSIONINFOW) &osEx);
+ osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
+ GetVersionExW ((LPOSVERSIONINFOW) &osEx);
if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER)
nCurrentOS = WIN_SERVER_2003;
@@ -2315,10 +2343,10 @@ void InitOSVersionInfo () }
else if (os.dwPlatformId == VER_PLATFORM_WIN32_NT && CurrentOSMajor == 6 && CurrentOSMinor == 0)
{
- OSVERSIONINFOEX osEx;
+ OSVERSIONINFOEXW osEx;
- osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX);
- GetVersionEx ((LPOSVERSIONINFOW) &osEx);
+ osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
+ GetVersionExW ((LPOSVERSIONINFOW) &osEx);
if (osEx.wProductType == VER_NT_SERVER || osEx.wProductType == VER_NT_DOMAIN_CONTROLLER)
nCurrentOS = WIN_SERVER_2008;
@@ -2341,14 +2369,64 @@ void InitOSVersionInfo () nCurrentOS = WIN_UNKNOWN;
}
+static void LoadSystemDll (LPCTSTR szModuleName, HMODULE *pHandle)
+{
+ wchar_t dllPath[MAX_PATH];
+
+ /* Load dll explictely from System32 to avoid Dll hijacking attacks*/
+ if (!GetSystemDirectory(dllPath, MAX_PATH))
+ StringCbCopyW(dllPath, sizeof(dllPath), L"C:\\Windows\\System32");
+
+ StringCbCatW(dllPath, sizeof(dllPath), L"\\");
+ StringCbCatW(dllPath, sizeof(dllPath), szModuleName);
+
+ if ((*pHandle = LoadLibrary(dllPath)) == NULL)
+ {
+ // This error is fatal
+ handleWin32Error (NULL, SRC_POS);
+ AbortProcess ("INIT_DLL");
+ }
+}
/* InitApp - initialize the application, this function is called once in the
applications WinMain function, but before the main dialog has been created */
void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
{
WNDCLASSW wc;
- char langId[6];
- wchar_t dllPath[MAX_PATH];
+ char langId[6];
+ InitCommonControlsPtr InitCommonControlsFn = NULL;
+
+ LoadSystemDll (L"COMCTL32.DLL", &hComctl32Dll);
+ LoadSystemDll (L"Riched20.dll", &hRichEditDll);
+ LoadSystemDll (L"SETUPAPI.DLL", &hSetupDll);
+ LoadSystemDll (L"SHLWAPI.DLL", &hShlwapiDll);
+
+ // call InitCommonControls function
+ InitCommonControlsFn = (InitCommonControlsPtr) GetProcAddress (hComctl32Dll, "InitCommonControls");
+ ImageList_AddFn = (ImageList_AddPtr) GetProcAddress (hComctl32Dll, "ImageList_Add");
+ ImageList_CreateFn = (ImageList_CreatePtr) GetProcAddress (hComctl32Dll, "ImageList_Create");
+
+ if (InitCommonControlsFn && ImageList_AddFn && ImageList_CreateFn)
+ {
+ InitCommonControlsFn();
+ }
+ else
+ AbortProcess ("INIT_DLL");
+
+ // Get SetupAPI functions pointers
+ SetupCloseInfFileFn = (SetupCloseInfFilePtr) GetProcAddress (hSetupDll, "SetupCloseInfFile");
+ SetupDiOpenClassRegKeyFn = (SetupDiOpenClassRegKeyPtr) GetProcAddress (hSetupDll, "SetupDiOpenClassRegKey");
+ SetupInstallFromInfSectionWFn = (SetupInstallFromInfSectionWPtr) GetProcAddress (hSetupDll, "SetupInstallFromInfSectionW");
+ SetupOpenInfFileWFn = (SetupOpenInfFileWPtr) GetProcAddress (hSetupDll, "SetupOpenInfFileW");
+
+ if (!SetupCloseInfFileFn || !SetupDiOpenClassRegKeyFn || !SetupInstallFromInfSectionWFn || !SetupOpenInfFileWFn)
+ AbortProcess ("INIT_DLL");
+
+ // Get SHDeleteKeyW function pointer
+ SHDeleteKeyWFn = (SHDeleteKeyWPtr) GetProcAddress (hShlwapiDll, "SHDeleteKeyW");
+ SHStrDupWFn = (SHStrDupWPtr) GetProcAddress (hShlwapiDll, "SHStrDupW");
+ if (!SHDeleteKeyWFn || !SHStrDupWFn)
+ AbortProcess ("INIT_DLL");
/* Save the instance handle for later */
hInst = hInstance;
@@ -2448,11 +2526,11 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) }
else
{
- OSVERSIONINFOEX osEx;
+ OSVERSIONINFOEXW osEx;
// Service pack check & warnings about critical MS issues
- osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEX);
- if (GetVersionEx ((LPOSVERSIONINFOW) &osEx) != 0)
+ osEx.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
+ if (GetVersionExW ((LPOSVERSIONINFOW) &osEx) != 0)
{
CurrentOSServicePack = osEx.wServicePackMajor;
switch (nCurrentOS)
@@ -2528,18 +2606,6 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) handleWin32Error (NULL, SRC_POS);
AbortProcess ("INIT_REGISTER");
}
-
- if (GetSystemDirectory(dllPath, MAX_PATH))
- StringCbCatW(dllPath, sizeof(dllPath), L"\\Riched20.dll");
- else
- StringCbCopyW(dllPath, sizeof(dllPath), L"c:\\Windows\\System32\\Riched20.dll");
- // Required for RichEdit text fields to work
- if ((hRichEditDll = LoadLibrary(dllPath)) == NULL)
- {
- // This error is fatal e.g. because legal notices could not be displayed
- handleWin32Error (NULL, SRC_POS);
- AbortProcess ("INIT_RICHEDIT");
- }
// DPI and GUI aspect ratio
DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_AUXILIARY_DLG), NULL,
@@ -2551,11 +2617,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) if (!EncryptionThreadPoolStart (ReadEncryptionThreadPoolFreeCpuCountLimit()))
{
handleWin32Error (NULL, SRC_POS);
- if (hRichEditDll)
- {
- FreeLibrary (hRichEditDll);
- hRichEditDll = NULL;
- }
+ FREE_DLL (hRichEditDll);
+ FREE_DLL (hComctl32Dll);
+ FREE_DLL (hSetupDll);
+ FREE_DLL (hShlwapiDll);
exit (1);
}
#endif
@@ -2563,11 +2628,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) void FinalizeApp (void)
{
- if (hRichEditDll)
- {
- FreeLibrary (hRichEditDll);
- hRichEditDll = NULL;
- }
+ FREE_DLL (hRichEditDll);
+ FREE_DLL (hComctl32Dll);
+ FREE_DLL (hSetupDll);
+ FREE_DLL (hShlwapiDll);
}
void InitHelpFileName (void)
@@ -4377,6 +4441,16 @@ wstring IntToWideString (int val) return szTmp;
}
+wstring GetTempPathString ()
+{
+ wchar_t tempPath[MAX_PATH];
+ DWORD tempLen = ::GetTempPath (ARRAYSIZE (tempPath), tempPath);
+ if (tempLen == 0 || tempLen > ARRAYSIZE (tempPath))
+ throw ParameterIncorrect (SRC_POS);
+
+ return wstring (tempPath);
+}
+
void GetSizeString (unsigned __int64 size, wchar_t *str, size_t cbStr)
{
static wchar_t *b, *kb, *mb, *gb, *tb, *pb;
@@ -9051,9 +9125,9 @@ BOOL Is64BitOs () BOOL IsServerOS ()
{
- OSVERSIONINFOEXA osVer;
- osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXA);
- GetVersionExA ((LPOSVERSIONINFOA) &osVer);
+ OSVERSIONINFOEXW osVer;
+ osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
+ GetVersionExW ((LPOSVERSIONINFOW) &osVer);
return (osVer.wProductType == VER_NT_SERVER || osVer.wProductType == VER_NT_DOMAIN_CONTROLLER);
}
@@ -9134,7 +9208,7 @@ std::wstring GetWindowsEdition () wstring osname = L"win";
OSVERSIONINFOEXW osVer;
- osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXA);
+ osVer.dwOSVersionInfoSize = sizeof (OSVERSIONINFOEXW);
GetVersionExW ((LPOSVERSIONINFOW) &osVer);
BOOL home = (osVer.wSuiteMask & VER_SUITE_PERSONAL);
@@ -10986,4 +11060,51 @@ void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id, 0);
InvalidateRect (GetDlgItem (hwndDlg, edit2Id), NULL, TRUE);
}
-}
\ No newline at end of file +}
+
+void RegisterDriverInf (bool registerFilter, const string& filter, const string& filterReg, HWND ParentWindow, HKEY regKey)
+{
+ wstring infFileName = GetTempPathString() + L"\\veracrypt_driver_setup.inf";
+
+ File infFile (infFileName, false, true);
+ finally_do_arg (wstring, infFileName, { DeleteFile (finally_arg.c_str()); });
+
+ string infTxt = "[veracrypt]\r\n"
+ + string (registerFilter ? "Add" : "Del") + "Reg=veracrypt_reg\r\n\r\n"
+ "[veracrypt_reg]\r\n"
+ "HKR,,\"" + filterReg + "\",0x0001" + string (registerFilter ? "0008" : "8002") + ",\"" + filter + "\"\r\n";
+
+ infFile.Write ((byte *) infTxt.c_str(), (DWORD) infTxt.size());
+ infFile.Close();
+
+ HINF hInf = SetupOpenInfFileWFn (infFileName.c_str(), NULL, INF_STYLE_OLDNT | INF_STYLE_WIN4, NULL);
+ throw_sys_if (hInf == INVALID_HANDLE_VALUE);
+ finally_do_arg (HINF, hInf, { SetupCloseInfFileFn (finally_arg); });
+
+ throw_sys_if (!SetupInstallFromInfSectionWFn (ParentWindow, hInf, L"veracrypt", SPINST_REGISTRY, regKey, NULL, 0, NULL, NULL, NULL, NULL));
+}
+
+HKEY OpenDeviceClassRegKey (const GUID *deviceClassGuid)
+{
+ return SetupDiOpenClassRegKeyFn (deviceClassGuid, KEY_READ | KEY_WRITE);
+}
+
+LSTATUS DeleteRegistryKey (HKEY hKey, LPCTSTR keyName)
+{
+ return SHDeleteKeyWFn(hKey, keyName);
+}
+
+HIMAGELIST CreateImageList(int cx, int cy, UINT flags, int cInitial, int cGrow)
+{
+ return ImageList_CreateFn(cx, cy, flags, cInitial, cGrow);
+}
+
+int AddBitmapToImageList(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask)
+{
+ return ImageList_AddFn(himl, hbmImage, hbmMask);
+}
+
+HRESULT VCStrDupW(LPCWSTR psz, LPWSTR *ppwsz)
+{
+ return SHStrDupWFn (psz, ppwsz);
+}
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 1081420d..7ab74c08 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -491,6 +491,11 @@ void SetPim (HWND hwndDlg, UINT ctrlId, int pim); BOOL GetPassword (HWND hwndDlg, UINT ctrlID, char* passValue, int bufSize, BOOL bShowError);
void SetPassword (HWND hwndDlg, UINT ctrlID, char* passValue);
void HandleShowPasswordFieldAction (HWND hwndDlg, UINT checkBoxId, UINT edit1Id, UINT edit2Id);
+HKEY OpenDeviceClassRegKey (const GUID *deviceClassGuid);
+LSTATUS DeleteRegistryKey (HKEY, LPCTSTR);
+HIMAGELIST CreateImageList(int cx, int cy, UINT flags, int cInitial, int cGrow);
+int AddBitmapToImageList(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask);
+HRESULT VCStrDupW(LPCWSTR psz, LPWSTR *ppwsz);
#ifdef __cplusplus
}
@@ -555,6 +560,8 @@ std::wstring HarddiskVolumePathToPartitionPath (const std::wstring &harddiskVolu std::wstring FindLatestFileOrDirectory (const std::wstring &directory, const wchar_t *namePattern, bool findDirectory, bool findFile);
std::wstring GetUserFriendlyVersionString (int version);
std::wstring IntToWideString (int val);
+void RegisterDriverInf (bool registerFilter, const std::string& filter, const std::string& filterReg, HWND ParentWindow, HKEY regKey);
+std::wstring GetTempPathString ();
inline std::wstring AppendSrcPos (const wchar_t* msg, const char* srcPos)
{
return std::wstring (msg? msg : L"") + L"\n\nSource: " + SingleStringToWide (srcPos);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml index b4ac5b33..393da4f7 100644 --- a/src/Common/Language.xml +++ b/src/Common/Language.xml @@ -563,7 +563,7 @@ <string lang="en" key="INIT_RAND">Failed to initialize the random number generator!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string>
<string lang="en" key="CAPI_RAND">Windows Crypto API failed!\n\n\n(If you report a bug in connection with this, please include the following technical information in the bug report:\n%hs, Last Error = 0x%.8X)</string>
<string lang="en" key="INIT_REGISTER">Unable to initialize the application. Failed to register the Dialog class.</string>
- <string lang="en" key="INIT_RICHEDIT">Error: Failed to load the Rich Edit system library.</string>
+ <string lang="en" key="INIT_DLL">Error: Failed to load a system library.</string>
<string lang="en" key="INTRO_TITLE">VeraCrypt Volume Creation Wizard</string>
<string lang="en" key="MAX_HIDVOL_SIZE_BYTES">Maximum possible hidden volume size for this volume is %.2f bytes.</string>
<string lang="en" key="MAX_HIDVOL_SIZE_KB">Maximum possible hidden volume size for this volume is %.2f KB.</string>
diff --git a/src/ExpandVolume/ExpandVolume.vcproj b/src/ExpandVolume/ExpandVolume.vcproj index 897a34af..544104f4 100644 --- a/src/ExpandVolume/ExpandVolume.vcproj +++ b/src/ExpandVolume/ExpandVolume.vcproj @@ -75,7 +75,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="version.lib comctl32.lib setupapi.lib ..\Crypto\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -168,7 +168,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="version.lib comctl32.lib setupapi.lib ..\Crypto\x64\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -256,7 +256,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="1"
GenerateManifest="false"
@@ -347,7 +347,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptExpander.exe"
LinkIncremental="1"
GenerateManifest="false"
diff --git a/src/ExpandVolume/WinMain.cpp b/src/ExpandVolume/WinMain.cpp index 58d95501..ec32d405 100644 --- a/src/ExpandVolume/WinMain.cpp +++ b/src/ExpandVolume/WinMain.cpp @@ -986,7 +986,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz VirtualLock (&VeraCryptExpander::defaultMountOptions, sizeof (VeraCryptExpander::defaultMountOptions)); VirtualLock (&VeraCryptExpander::szFileName, sizeof(VeraCryptExpander::szFileName)); - InitCommonControls (); InitApp (hInstance, lpszCommandLine); /* application title */ diff --git a/src/Format/Format.vcproj b/src/Format/Format.vcproj index 72adc4d9..5c4deb31 100644 --- a/src/Format/Format.vcproj +++ b/src/Format/Format.vcproj @@ -68,7 +68,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -154,7 +154,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\x64\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -240,7 +240,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="1"
GenerateManifest="false"
@@ -329,7 +329,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib ..\Crypto\x64\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCryptFormat.exe"
LinkIncremental="1"
GenerateManifest="false"
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c Binary files differindex 61b21df3..c660e10b 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 6d88512f..59023200 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -4286,8 +4286,8 @@ void BuildTree (HWND hwndDlg, HWND hTree) return;
hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_DRIVEICON_MASK));
- hList = ImageList_Create (16, 12, ILC_COLOR8|ILC_MASK, 2, 2);
- if (ImageList_Add (hList, hBitmap, hBitmapMask) == -1)
+ hList = CreateImageList (16, 12, ILC_COLOR8|ILC_MASK, 2, 2);
+ if (AddBitmapToImageList (hList, hBitmap, hBitmapMask) == -1)
{
DeleteObject (hBitmap);
DeleteObject (hBitmapMask);
@@ -4306,7 +4306,7 @@ void BuildTree (HWND hwndDlg, HWND hTree) return;
hBitmapMask = LoadBitmap (hInst, MAKEINTRESOURCE (IDB_SYS_DRIVEICON_MASK));
- if (ImageList_Add (hList, hBitmap, hBitmapMask) == -1)
+ if (AddBitmapToImageList (hList, hBitmap, hBitmapMask) == -1)
{
DeleteObject (hBitmap);
DeleteObject (hBitmapMask);
@@ -8663,7 +8663,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz if (BootEncObj == NULL)
AbortProcess ("INIT_SYS_ENC");
- InitCommonControls ();
InitApp (hInstance, lpszCommandLine);
RegisterRedTick(hInstance);
diff --git a/src/Mount/Mount.vcproj b/src/Mount/Mount.vcproj index 58a199b0..260e3041 100644 --- a/src/Mount/Mount.vcproj +++ b/src/Mount/Mount.vcproj @@ -74,7 +74,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -166,7 +166,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Debug\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Debug\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -254,7 +254,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="1"
GenerateManifest="false"
@@ -345,7 +345,7 @@ />
<Tool
Name="VCLinkerTool"
- AdditionalDependencies="comctl32.lib setupapi.lib version.lib ..\Crypto\x64\Release\crypto.lib"
+ AdditionalDependencies="..\Crypto\x64\Release\crypto.lib"
OutputFile="$(OutDir)/VeraCrypt.exe"
LinkIncremental="1"
GenerateManifest="false"
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c index 828de703..e81c2a31 100644 --- a/src/Setup/Setup.c +++ b/src/Setup/Setup.c @@ -329,13 +329,13 @@ void SearchAndDeleteRegistrySubString (HKEY hKey, const wchar_t *subKey, const w // if the string to search for is empty, delete the sub key, otherwise, look for matching value and delete them
if (subStringLength == 0)
{
- if (ERROR_ACCESS_DENIED == SHDeleteKeyW (hKey, ItSubKey->c_str()))
+ if (ERROR_ACCESS_DENIED == DeleteRegistryKey (hKey, ItSubKey->c_str()))
{
// grant permission to delete
AllowKeyAccess (hKey, ItSubKey->c_str());
// try again
- SHDeleteKeyW (hKey, ItSubKey->c_str());
+ DeleteRegistryKey (hKey, ItSubKey->c_str());
}
}
else
@@ -427,6 +427,22 @@ BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable) return bStatus;
}
+/*
+ * Creates a VT_LPWSTR propvariant.
+ * we use our own implementation to use SHStrDupW function pointer
+ * that we retreive ourselves to avoid dll hijacking attacks
+ */
+inline HRESULT VCInitPropVariantFromString(__in PCWSTR psz, __out PROPVARIANT *ppropvar)
+{
+ ppropvar->vt = VT_LPWSTR;
+ HRESULT hr = VCStrDupW(psz, &ppropvar->pwszVal);
+ if (FAILED(hr))
+ {
+ PropVariantInit(ppropvar);
+ }
+ return hr;
+}
+
HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
wchar_t *lpszPathLink, const wchar_t* iconFile, int iconIndex)
{
@@ -457,7 +473,7 @@ HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments, if (SUCCEEDED (psl->QueryInterface (IID_PPV_ARGS (&propStore))))
{
PROPVARIANT propVariant;
- if (SUCCEEDED (InitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
+ if (SUCCEEDED (VCInitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
{
if (SUCCEEDED (propStore->SetValue (PKEY_AppUserModel_ID, propVariant)))
propStore->Commit();
@@ -1287,7 +1303,7 @@ BOOL DoRegUninstall (HWND hwndDlg, BOOL bRemoveDeprecated) GetStartupRegKeyName (regk, sizeof(regk));
DeleteRegistryValue (regk, L"VeraCrypt");
- SHDeleteKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
+ DeleteRegistryKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
// enable the SE_TAKE_OWNERSHIP_NAME privilege for this operation
SetPrivilege (SE_TAKE_OWNERSHIP_NAME, TRUE);
@@ -2447,8 +2463,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz lpszTitle = L"VeraCrypt Setup";
- InitCommonControls ();
-
/* Call InitApp to initialize the common code */
InitApp (hInstance, NULL);
diff --git a/src/Setup/Setup.vcproj b/src/Setup/Setup.vcproj index 8e70aa6e..b27b6963 100644 --- a/src/Setup/Setup.vcproj +++ b/src/Setup/Setup.vcproj @@ -43,7 +43,7 @@ Name="VCCLCompilerTool"
Optimization="0"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
- PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS"
+ PreprocessorDefinitions="SETUP;WIN32;DEBUG;_DEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
MinimalRebuild="true"
BasicRuntimeChecks="3"
RuntimeLibrary="1"
@@ -65,7 +65,7 @@ <Tool
Name="VCLinkerTool"
AdditionalOptions="/NODEFAULTLIB:LIBCMTD"
- AdditionalDependencies="libcmtd.lib comctl32.lib setupapi.lib"
+ AdditionalDependencies="libcmtd.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="2"
GenerateManifest="false"
@@ -130,7 +130,7 @@ AdditionalOptions="/w34189"
Optimization="2"
AdditionalIncludeDirectories="..\Common;..\Crypto;..\;..\PKCS11"
- PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS"
+ PreprocessorDefinitions="SETUP;WIN32;NDEBUG;_WINDOWS;_CRT_SECURE_NO_DEPRECATE;_CRT_NON_CONFORMING_SWPRINTFS;_ATL_NO_DEFAULT_LIBS"
RuntimeLibrary="0"
BufferSecurityCheck="true"
UsePrecompiledHeader="0"
@@ -152,7 +152,6 @@ <Tool
Name="VCLinkerTool"
AdditionalOptions="/IGNORE:4089"
- AdditionalDependencies="comctl32.lib setupapi.lib"
OutputFile="$(OutDir)/VeraCryptSetup.exe"
LinkIncremental="1"
GenerateManifest="false"
|