VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/Common/Dlgcode.c10
-rw-r--r--src/Common/Language.c3
-rw-r--r--src/Common/Tests.c54
-rw-r--r--src/Crypto/cpu.c4
-rw-r--r--src/ExpandVolume/ExpandVolume.c6
-rw-r--r--src/Format/InPlace.c2
-rw-r--r--src/Format/Tcformat.c17
-rw-r--r--src/Mount/Mount.c10
-rw-r--r--src/Setup/Dir.c12
-rw-r--r--src/Setup/Setup.c3
-rw-r--r--src/SetupDLL/Dir.c12
11 files changed, 105 insertions, 28 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 9d5c0d06..7b3d2d45 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -613,2 +613,3 @@ char *LoadFile (const wchar_t *fileName, DWORD *size)
HANDLE h = CreateFile (fileName, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL);
+ *size = 0;
if (h == INVALID_HANDLE_VALUE)
@@ -622,4 +623,3 @@ char *LoadFile (const wchar_t *fileName, DWORD *size)
- *size = fileSize;
- buf = (char *) calloc (*size + 1, 1);
+ buf = (char *) calloc (fileSize + 1, 1);
@@ -631,3 +631,3 @@ char *LoadFile (const wchar_t *fileName, DWORD *size)
- if (!ReadFile (h, buf, *size, size, NULL))
+ if (!ReadFile (h, buf, fileSize, size, NULL))
{
@@ -636,2 +636,6 @@ char *LoadFile (const wchar_t *fileName, DWORD *size)
}
+ else
+ {
+ buf[*size] = 0; //make coverity happy eventhough buf is guaranteed to be null terminated because of fileSize+1 in calloc call
+ }
diff --git a/src/Common/Language.c b/src/Common/Language.c
index 844f4dad..278b7dd1 100644
--- a/src/Common/Language.c
+++ b/src/Common/Language.c
@@ -613,3 +613,4 @@ void SetPreferredLangId (char *langId)
{
- StringCbCopyA (PreferredLangId, sizeof(PreferredLangId), langId);
+ if (strlen(langId) < sizeof(PreferredLangId))
+ StringCbCopyA (PreferredLangId, sizeof(PreferredLangId), langId);
}
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index 0fcd93ce..4f53d4ed 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -1521,8 +1521,16 @@ BOOL test_hmac_sha256 ()
char digest[1024]; /* large enough to hold digets and test vector inputs */
- memcpy (digest, hmac_sha256_test_data[i], strlen (hmac_sha256_test_data[i]));
- hmac_sha256 (hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) strlen (hmac_sha256_test_data[i]));
- if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0)
- return FALSE;
+ size_t dataLen = strlen (hmac_sha256_test_data[i]);
+ if (dataLen <= sizeof(digest))
+ {
+ memcpy (digest, hmac_sha256_test_data[i], dataLen);
+ hmac_sha256 (hmac_sha256_test_keys[i], (int) strlen (hmac_sha256_test_keys[i]), digest, (int) dataLen);
+ if (memcmp (digest, hmac_sha256_test_vectors[i], SHA256_DIGESTSIZE) != 0)
+ return FALSE;
+ else
+ nTestsPerformed++;
+ }
else
- nTestsPerformed++;
+ {
+ return FALSE;
+ }
}
@@ -1540,8 +1548,16 @@ BOOL test_hmac_sha512 ()
char digest[1024]; /* large enough to hold digets and test vector inputs */
- memcpy (digest, hmac_sha512_test_data[i], (int) strlen (hmac_sha512_test_data[i]));
- hmac_sha512 (hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) strlen (hmac_sha512_test_data[i]));
- if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0)
- return FALSE;
+ size_t dataLen = strlen (hmac_sha512_test_data[i]);
+ if (dataLen <= sizeof(digest))
+ {
+ memcpy (digest, hmac_sha512_test_data[i], dataLen );
+ hmac_sha512 (hmac_sha512_test_keys[i], (int) strlen (hmac_sha512_test_keys[i]), digest, (int) dataLen);
+ if (memcmp (digest, hmac_sha512_test_vectors[i], SHA512_DIGESTSIZE) != 0)
+ return FALSE;
+ else
+ nTestsPerformed++;
+ }
else
- nTestsPerformed++;
+ {
+ return FALSE;
+ }
}
@@ -1559,8 +1575,16 @@ BOOL test_hmac_blake2s ()
char digest[1024]; /* large enough to hold digets and test vector inputs */
- memcpy (digest, hmac_blake2s_test_data[i], strlen (hmac_blake2s_test_data[i]));
- hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) strlen (hmac_blake2s_test_data[i]));
- if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
- return FALSE;
+ size_t dataLen = strlen (hmac_blake2s_test_data[i]);
+ if (dataLen <= sizeof(digest))
+ {
+ memcpy (digest, hmac_blake2s_test_data[i], dataLen);
+ hmac_blake2s (hmac_blake2s_test_keys[i], (int) strlen (hmac_blake2s_test_keys[i]), digest, (int) dataLen);
+ if (memcmp (digest, hmac_blake2s_test_vectors[i], BLAKE2S_DIGESTSIZE) != 0)
+ return FALSE;
+ else
+ nTestsPerformed++;
+ }
else
- nTestsPerformed++;
+ {
+ return FALSE;
+ }
}
diff --git a/src/Crypto/cpu.c b/src/Crypto/cpu.c
index 27d62e43..c3a769c8 100644
--- a/src/Crypto/cpu.c
+++ b/src/Crypto/cpu.c
@@ -282,3 +282,3 @@ static int Detect_MS_HyperV_AES ()
// We try to detect Hyper-V virtual CPU and perform a dummy AES-NI operation to check its real presence
- uint32 cpuid[4];
+ uint32 cpuid[4] = {0};
char HvProductName[13];
@@ -350,3 +350,3 @@ void DetectX86Features()
{
- uint32 cpuid2[4];
+ uint32 cpuid2[4] = {0};
CpuId(0x080000000, cpuid2);
diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c
index 84f6cfe8..f62d93ae 100644
--- a/src/ExpandVolume/ExpandVolume.c
+++ b/src/ExpandVolume/ExpandVolume.c
@@ -444,2 +444,8 @@ int ExtendFileSystem (HWND hwndDlg , wchar_t *lpszVolume, Password *pVolumePassw
+ if ((BytesPerSector == 0) || (BytesPerSector > (DWORD)INT_MAX))
+ {
+ nStatus = ERR_SECTOR_SIZE_INCOMPATIBLE;
+ goto error;
+ }
+
DebugAddProgressDlgStatus (hwndDlg, L"Extending file system ...\r\n");
diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c
index 4a16fd4f..f6166dab 100644
--- a/src/Format/InPlace.c
+++ b/src/Format/InPlace.c
@@ -91,2 +91,4 @@ static __int64 NewFileSysSizeAfterShrink (HANDLE dev, const wchar_t *devicePath,
if ( (ntfsVolData.NumberSectors.QuadPart <= 0)
+ || (ntfsVolData.BytesPerSector == 0)
+ || (ntfsVolData.BytesPerSector >= (DWORD) UINT_MAX)
|| (ntfsVolData.NumberSectors.QuadPart > (INT64_MAX / (__int64) ntfsVolData.BytesPerSector)) // overflow test
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index 477306ea..efd95caf 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -9758,7 +9758,14 @@ int AnalyzeHiddenVolumeHost (HWND hwndDlg, int *driveNo, __int64 hiddenVolHostSi
// The value will then be used to determine the maximum possible size of the hidden volume.
-
- return ScanVolClusterBitmap (hwndDlg,
- driveNo,
- hiddenVolHostSize / *realClusterSize,
- pnbrFreeClusters);
+ if (*realClusterSize > 0)
+ {
+ return ScanVolClusterBitmap (hwndDlg,
+ driveNo,
+ hiddenVolHostSize / *realClusterSize,
+ pnbrFreeClusters);
+ }
+ else
+ {
+ // should never happen
+ return -1;
+ }
}
diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c
index a0370861..a5798afc 100644
--- a/src/Mount/Mount.c
+++ b/src/Mount/Mount.c
@@ -6585,2 +6585,10 @@ static void ShowSystemEncryptionStatus (HWND hwndDlg)
// Ctrl+Shift held (for debugging purposes)
+ int64 encryptedRatio = 0;
+ if (BootEncStatus.DriveEncrypted
+ && (BootEncStatus.ConfiguredEncryptedAreaStart >= 0)
+ && (BootEncStatus.ConfiguredEncryptedAreaEnd >= BootEncStatus.ConfiguredEncryptedAreaStart)
+ )
+ {
+ encryptedRatio = (BootEncStatus.EncryptedAreaEnd + 1 - BootEncStatus.EncryptedAreaStart) * 100I64 / (BootEncStatus.ConfiguredEncryptedAreaEnd + 1 - BootEncStatus.ConfiguredEncryptedAreaStart);
+ }
@@ -6602,3 +6610,3 @@ static void ShowSystemEncryptionStatus (HWND hwndDlg)
BootEncStatus.EncryptedAreaEnd,
- !BootEncStatus.DriveEncrypted ? 0 : (BootEncStatus.EncryptedAreaEnd + 1 - BootEncStatus.EncryptedAreaStart) * 100I64 / (BootEncStatus.ConfiguredEncryptedAreaEnd + 1 - BootEncStatus.ConfiguredEncryptedAreaStart));
+ encryptedRatio);
}
diff --git a/src/Setup/Dir.c b/src/Setup/Dir.c
index 2d4feecd..3275567f 100644
--- a/src/Setup/Dir.c
+++ b/src/Setup/Dir.c
@@ -33,2 +33,8 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
+ if (wcslen(oriPath) >= TC_MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexepected behavior
+ return -1;
+ }
+
StringCbCopyW (path, TC_MAX_PATH, oriPath);
@@ -68,2 +74,8 @@ mkfulldir_internal (wchar_t *path)
+ if (wcslen(path) >= _MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexepected behavior
+ return -1;
+ }
+
StringCbCopyW (tokpath, _MAX_PATH, path);
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index 9433bd40..43c951f5 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -821,3 +821,4 @@ BOOL DoFilesInstall (HWND hwndDlg, wchar_t *szDestDir)
- GetSystemDirectory (szDir, ARRAYSIZE (szDir));
+ if (!GetSystemDirectory (szDir, ARRAYSIZE (szDir)))
+ StringCbCopyW(szDir, sizeof(szDir), L"C:\\Windows\\System32");
diff --git a/src/SetupDLL/Dir.c b/src/SetupDLL/Dir.c
index 2d4feecd..3275567f 100644
--- a/src/SetupDLL/Dir.c
+++ b/src/SetupDLL/Dir.c
@@ -33,2 +33,8 @@ mkfulldir (wchar_t *oriPath, BOOL bCheckonly)
+ if (wcslen(oriPath) >= TC_MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexepected behavior
+ return -1;
+ }
+
StringCbCopyW (path, TC_MAX_PATH, oriPath);
@@ -68,2 +74,8 @@ mkfulldir_internal (wchar_t *path)
+ if (wcslen(path) >= _MAX_PATH)
+ {
+ // directory name will be truncated so return failure to avoid unexepected behavior
+ return -1;
+ }
+
StringCbCopyW (tokpath, _MAX_PATH, path);