diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/Dlgcode.c | 33 | ||||
-rw-r--r-- | src/Main/Application.cpp | 2 | ||||
-rw-r--r-- | src/Main/Forms/VolumeCreationWizard.cpp | 2 | ||||
-rw-r--r-- | src/Main/Resources.cpp | 4 | ||||
-rw-r--r-- | src/Main/StringFormatter.h | 2 | ||||
-rw-r--r-- | src/Main/TextUserInterface.cpp | 18 | ||||
-rw-r--r-- | src/Main/UserInterface.cpp | 4 |
7 files changed, 50 insertions, 15 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 78aa3844..4ea10aaa 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -14240,9 +14240,11 @@ BOOL BufferHasPattern (const unsigned char* buffer, size_t bufferLen, const void return bRet; } -/* Implementation borrowed from KeePassXC source code (https://github.com/keepassxreboot/keepassxc/blob/release/2.4.0/src/core/Bootstrap.cpp#L150) +/* Implementation borrowed from KeePassXC source code (https://github.com/keepassxreboot/keepassxc/blob/2.7.8/src/core/Bootstrap.cpp#L121) * * Reduce current user acess rights for this process to the minimum in order to forbid non-admin users from reading the process memory. + * Restrict access to changing DACL's after the process is started. This prevents the creator of veracrypt process from simply adding + * the permission to read memory back to the DACL list. */ BOOL ActivateMemoryProtection() { @@ -14252,6 +14254,8 @@ BOOL ActivateMemoryProtection() HANDLE hToken = NULL; PTOKEN_USER pTokenUser = NULL; DWORD cbBufferSize = 0; + PSID pOwnerRightsSid = NULL; + DWORD pOwnerRightsSidSize = SECURITY_MAX_SID_SIZE; // Access control list PACL pACL = NULL; @@ -14292,8 +14296,19 @@ BOOL ActivateMemoryProtection() goto Cleanup; } + // Retrieve CreaterOwnerRights SID + pOwnerRightsSid = (PSID) HeapAlloc(GetProcessHeap(), 0, pOwnerRightsSidSize); + if (pOwnerRightsSid == NULL) { + goto Cleanup; + } + + if (!CreateWellKnownSid(WinCreatorOwnerRightsSid, NULL, pOwnerRightsSid, &pOwnerRightsSidSize)) { + goto Cleanup; + } + // Calculate the amount of memory that must be allocated for the DACL - cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid); + cbACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pTokenUser->User.Sid) + + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pOwnerRightsSid); // Create and initialize an ACL pACL = (PACL) HeapAlloc(GetProcessHeap(), 0, cbACL); @@ -14315,6 +14330,17 @@ BOOL ActivateMemoryProtection() goto Cleanup; } + // Explicitly set "Process Owner" rights to Read Only. The default is Full Control. + if (!AddAccessAllowedAce( + pACL, + ACL_REVISION, + READ_CONTROL, + pOwnerRightsSid + )) { + goto Cleanup; + } + + // Set discretionary access control list bSuccess = (ERROR_SUCCESS == SetSecurityInfo(GetCurrentProcess(), // object handle SE_KERNEL_OBJECT, // type of object @@ -14333,6 +14359,9 @@ Cleanup: if (pACL != NULL) { HeapFree(GetProcessHeap(), 0, pACL); } + if (pOwnerRightsSid != NULL) { + HeapFree(GetProcessHeap(), 0, pOwnerRightsSid); + } if (pTokenUser != NULL) { HeapFree(GetProcessHeap(), 0, pTokenUser); } diff --git a/src/Main/Application.cpp b/src/Main/Application.cpp index c72e2cc6..27b8f55a 100644 --- a/src/Main/Application.cpp +++ b/src/Main/Application.cpp @@ -89,7 +89,7 @@ namespace VeraCrypt FilePath Application::GetConfigFilePath (const wxString &configFileName, bool createConfigDir) { - static wxScopedPtr<const wxString> configDirC; + static std::unique_ptr<const wxString> configDirC; static bool configDirExists = false; if (!configDirExists) diff --git a/src/Main/Forms/VolumeCreationWizard.cpp b/src/Main/Forms/VolumeCreationWizard.cpp index 2653ff66..0eae11d6 100644 --- a/src/Main/Forms/VolumeCreationWizard.cpp +++ b/src/Main/Forms/VolumeCreationWizard.cpp @@ -975,7 +975,7 @@ namespace VeraCrypt if (OuterVolume && VolumeSize > TC_MAX_FAT_SECTOR_COUNT * SectorSize) { uint64 limit = TC_MAX_FAT_SECTOR_COUNT * SectorSize / BYTES_PER_TB; - wstring err = StringFormatter (LangString["LINUX_ERROR_SIZE_HIDDEN_VOL"], limit, limit * 1024); + wstring err = static_cast<wstring>(StringFormatter (LangString["LINUX_ERROR_SIZE_HIDDEN_VOL"], limit, limit * 1024)); if (SectorSize < 4096) { diff --git a/src/Main/Resources.cpp b/src/Main/Resources.cpp index d8bab977..18a58181 100644 --- a/src/Main/Resources.cpp +++ b/src/Main/Resources.cpp @@ -71,12 +71,12 @@ namespace VeraCrypt UserPreferences Preferences; Preferences.Load(); - wstring preferredLang = Preferences.Language; + string preferredLang = string(Preferences.Language.begin(), Preferences.Language.end()); #ifdef DEBUG std::cout << "Config language: " << preferredLang << std::endl; #endif - if (preferredLang == L"system") { + if (preferredLang == "system") { if (const char *env_p = getenv("LANG")) { string lang(env_p); #ifdef DEBUG diff --git a/src/Main/StringFormatter.h b/src/Main/StringFormatter.h index 33a47a35..97c39ae2 100644 --- a/src/Main/StringFormatter.h +++ b/src/Main/StringFormatter.h @@ -52,7 +52,7 @@ namespace VeraCrypt StringFormatter (const wxString &format, StringFormatterArg arg0 = StringFormatterArg(), StringFormatterArg arg1 = StringFormatterArg(), StringFormatterArg arg2 = StringFormatterArg(), StringFormatterArg arg3 = StringFormatterArg(), StringFormatterArg arg4 = StringFormatterArg(), StringFormatterArg arg5 = StringFormatterArg(), StringFormatterArg arg6 = StringFormatterArg(), StringFormatterArg arg7 = StringFormatterArg(), StringFormatterArg arg8 = StringFormatterArg(), StringFormatterArg arg9 = StringFormatterArg()); virtual ~StringFormatter (); - operator wstring () const { return wstring (FormattedString); } + explicit operator wstring () const { return wstring (FormattedString); } operator wxString () const { return FormattedString; } operator StringFormatterArg () const { return FormattedString; } diff --git a/src/Main/TextUserInterface.cpp b/src/Main/TextUserInterface.cpp index 0de76c6b..94919296 100644 --- a/src/Main/TextUserInterface.cpp +++ b/src/Main/TextUserInterface.cpp @@ -668,7 +668,7 @@ namespace VeraCrypt { parentDir = wxT("."); } - if (wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace)) + if (options->Type == VolumeType::Normal && wxDirExists(parentDir) && wxGetDiskSpace (parentDir, nullptr, &diskSpace)) { AvailableDiskSpace = (uint64) diskSpace.GetValue (); if (maxVolumeSize > AvailableDiskSpace) @@ -678,10 +678,13 @@ namespace VeraCrypt if (options->Size == (uint64) (-1)) { - if (AvailableDiskSpace) + if (options->Type == VolumeType::Hidden) { + throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume.")); + } + else if (AvailableDiskSpace) { // caller requesting maximum size - // we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace + // we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes options->Size = maxVolumeSize; } else @@ -702,14 +705,17 @@ namespace VeraCrypt throw MissingArgument (SRC_POS); uint64 multiplier = 1024 * 1024; - wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT/max): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): ")); + wxString sizeStr = AskString (options->Type == VolumeType::Hidden ? _("\nEnter hidden volume size (sizeK/size[M]/sizeG/sizeT): ") : _("\nEnter volume size (sizeK/size[M]/sizeG.sizeT/max): ")); if (sizeStr.CmpNoCase(wxT("max")) == 0) { multiplier = 1; - if (AvailableDiskSpace) + if (options->Type == VolumeType::Hidden) { + throw_err (_("Please do not use maximum size for hidden volume. As we do not mount the outer volume to determine the available space, it is your responsibility to choose a value so that the hidden volume does not overlap the outer volume.")); + } + else if (AvailableDiskSpace) { // caller requesting maximum size - // we use maxVolumeSize because it is guaranteed to be less of equal to AvailableDiskSpace + // we use maxVolumeSize because it is guaranteed to be less or equal to AvailableDiskSpace for outer volumes options->Size = maxVolumeSize; } else diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index 3ec2e8dc..09b1fcdd 100644 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -390,7 +390,7 @@ namespace VeraCrypt errOutput += StringConverter::ToWide (execEx->GetErrorOutput()); if (errOutput.empty()) - return errOutput + StringFormatter (LangString["LINUX_COMMAND_GET_ERROR"], execEx->GetCommand(), execEx->GetExitCode()); + return errOutput + static_cast<wstring>(StringFormatter (LangString["LINUX_COMMAND_GET_ERROR"], execEx->GetCommand(), execEx->GetExitCode())); return wxString (errOutput).Trim (true); } @@ -1516,7 +1516,7 @@ namespace VeraCrypt EncryptionTest::TestAll(); // StringFormatter - if (StringFormatter (L"{9} {8} {7} {6} {5} {4} {3} {2} {1} {0} {{0}}", "1", L"2", '3', L'4', 5, 6, 7, 8, 9, 10) != L"10 9 8 7 6 5 4 3 2 1 {0}") + if (static_cast<wstring>(StringFormatter (L"{9} {8} {7} {6} {5} {4} {3} {2} {1} {0} {{0}}", "1", L"2", '3', L'4', 5, 6, 7, 8, 9, 10)) != L"10 9 8 7 6 5 4 3 2 1 {0}") throw TestFailed (SRC_POS); try { |