VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2020-08-02 18:03:50 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2020-08-02 18:05:15 +0200
commitfb505b71f5ee9533831560a4a8d8ebe4257e4a3c (patch)
tree2acd8fef6b3bbff2ec21b1dee8a6701604ff3caf
parent7702095ed06c0f12e8706deb4f435dd5a7de3cd3 (diff)
downloadVeraCrypt-fb505b71f5ee9533831560a4a8d8ebe4257e4a3c.tar.gz
VeraCrypt-fb505b71f5ee9533831560a4a8d8ebe4257e4a3c.zip
Windows: use fix for CVE-2019-19501 only if standard Windows Shell is running since we rely on it for the implementation of the fix. If Windows Shell has been modified or is not running, then we can't really protect the user is such non standard environment
-rw-r--r--src/Common/Dlgcode.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index d426f02a..b50d429e 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -14313,10 +14313,12 @@ BOOL IsElevated()
// This function always loads a URL in a non-privileged mode
// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
-// Use this security mechanism only starting from Windows Vista
+// Use this security mechanism only starting from Windows Vista and only if we can get the window of the Shell's desktop since
+// we rely on the Shell to be already running in a non-privileges mode. If the Shell is not running or if it has been modified,
+// then we can't protect the user in such non standard environment
void SafeOpenURL (LPCWSTR szUrl)
{
- if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated())
+ if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated() && GetShellWindow())
{
WCHAR szRunDllPath[TC_MAX_PATH];
WCHAR szUrlDllPath[TC_MAX_PATH];