Windows: replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents

This fixed failure to build driver for ARM64 with latest VS 2019
author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2021-07-13 21:59:48 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2021-07-13 22:08:02 +0200
commit: c3747824367dbcbe74777c166b6d5d41d6de5dce (patch)
tree: f081557b6fd3fd5d572682f8397fad03fdfb148e /src/Common
parent: dce6d76b811f736e224550b22421ec1b963d5bd4 (diff)
download: VeraCrypt-c3747824367dbcbe74777c166b6d5d41d6de5dce.tar.gz
VeraCrypt-c3747824367dbcbe74777c166b6d5d41d6de5dce.zip
7 files changed, 42 insertions, 29 deletions
diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c
index 4745f981..f4f6202b 100644
--- a/src/Common/Crypto.c
+++ b/src/Common/Crypto.c
@@ -18,6 +18,7 @@
 #include "Common/Endian.h"
 #if !defined(_UEFI)
 #include <string.h>
+#include <strsafe.h>
 #ifndef TC_WINDOWS_BOOT
 #include "EncryptionThreadPool.h"
 #endif
@@ -555,33 +556,35 @@ BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2)
 	return TRUE;
 }
 
-static void EAGetDisplayName(wchar_t *buf, int ea, int i)
+static void EAGetDisplayName(wchar_t *buf, size_t bufLen, int ea, int i)
 {
-	wcscpy (buf, CipherGetName (i));
+	StringCchCopyW (buf, bufLen, CipherGetName (i));
 	if (i = EAGetPreviousCipher(ea, i))
 	{
-		wcscat (buf, L"(");
-		EAGetDisplayName (&buf[wcslen(buf)], ea, i);
-		wcscat (buf, L")");
+		size_t curLen;
+		StringCchCatW (buf, bufLen, L"(");
+		curLen = wcslen(buf);
+		EAGetDisplayName (&buf[curLen], bufLen - curLen, ea, i);
+		StringCchCatW (buf, bufLen, L")");
 	}
 }
 
 // Returns name of EA, cascaded cipher names are separated by hyphens
-wchar_t *EAGetName (wchar_t *buf, int ea, int guiDisplay)
+wchar_t *EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay)
 {
 	if (guiDisplay)
 	{
-		EAGetDisplayName (buf, ea, EAGetLastCipher(ea));
+		EAGetDisplayName (buf, bufLen, ea, EAGetLastCipher(ea));
 	}
 	else
 	{
 		int i = EAGetLastCipher(ea);
-		wcscpy (buf, (i != 0) ? CipherGetName (i) : L"?");
+		StringCchCopyW (buf, bufLen, (i != 0) ? CipherGetName (i) : L"?");
 
 		while (i = EAGetPreviousCipher(ea, i))
 		{
-			wcscat (buf, L"-");
-			wcscat (buf, CipherGetName (i));
+			StringCchCatW (buf, bufLen, L"-");
+			StringCchCatW (buf, bufLen, CipherGetName (i));
 		}
 	}
 	return buf;
@@ -595,7 +598,7 @@ int EAGetByName (wchar_t *name)
 
 	do
 	{
-		EAGetName(n, ea, 1);
+		EAGetName(n, 128, ea, 1);
 #if defined(_UEFI)
 		if (wcscmp(n, name) == 0)
 #else
@@ -785,11 +788,11 @@ const wchar_t *HashGetName (int hashId)
    return pHash? pHash -> Name : L"";
 }
 
-void HashGetName2 (wchar_t *buf, int hashId)
+void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId)
 {
    Hash* pHash = HashGet(hashId);
    if (pHash)
-		wcscpy(buf, pHash -> Name);
+		StringCchCopyW (buf, bufLen, pHash -> Name);
 	else
 		buf[0] = L'\0';
 }
diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h
index a31152f2..95222ba6 100644
--- a/src/Common/Crypto.h
+++ b/src/Common/Crypto.h
@@ -342,7 +342,7 @@ int EAGetFirst ();
 int EAGetCount (void);
 int EAGetNext (int previousEA);
 #ifndef TC_WINDOWS_BOOT
-wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay);
+wchar_t * EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay);
 int EAGetByName (wchar_t *name);
 #endif
 int EAGetKeySize (int ea);
@@ -373,7 +373,7 @@ const wchar_t *HashGetName (int hash_algo_id);
 int HashGetIdByName (wchar_t *name);
 #endif
 Hash *HashGet (int id);
-void HashGetName2 (wchar_t *buf, int hashId);
+void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId);
 BOOL HashIsDeprecated (int hashId);
 BOOL HashForSystemEncryption (int hashId);
 int GetMaxPkcs5OutSize (void);
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index 2e0b507a..8209f2b2 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -5903,7 +5903,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg)
 				benchmarkTable[benchmarkTotalItems].decSpeed = performanceCountEnd.QuadPart - performanceCountStart.QuadPart;
 				benchmarkTable[benchmarkTotalItems].id = ci->ea;
 				benchmarkTable[benchmarkTotalItems].meanBytesPerSec = ((unsigned __int64) (benchmarkBufferSize / ((float) benchmarkTable[benchmarkTotalItems].encSpeed / benchmarkPerformanceFrequency.QuadPart)) + (unsigned __int64) (benchmarkBufferSize / ((float) benchmarkTable[benchmarkTotalItems].decSpeed / benchmarkPerformanceFrequency.QuadPart))) / 2;
-				EAGetName (benchmarkTable[benchmarkTotalItems].name, ci->ea, 1);
+				EAGetName (benchmarkTable[benchmarkTotalItems].name, 100, ci->ea, 1);
 
 				benchmarkTotalItems++;
 			}
@@ -6826,7 +6826,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
 			for (ea = EAGetFirst (); ea != 0; ea = EAGetNext (ea))
 			{
 				if (EAGetCipherCount (ea) == 1 && EAIsFormatEnabled (ea))
-					AddComboPair (GetDlgItem (hwndDlg, IDC_CIPHER), EAGetName (buf, ea, 1), EAGetFirstCipher (ea));
+					AddComboPair (GetDlgItem (hwndDlg, IDC_CIPHER), EAGetName (buf, ARRAYSIZE(buf),ea, 1), EAGetFirstCipher (ea));
 			}
 
 			ResetCipherTest(hwndDlg, idTestCipher);
diff --git a/src/Common/Password.c b/src/Common/Password.c
index f2413b6d..4caf3a21 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -23,6 +23,7 @@
 #include "Random.h"
 
 #include <io.h>
+#include <strsafe.h>
 
 #ifndef SRC_POS
 #define SRC_POS (__FUNCTION__ ":" TC_TO_STRING(__LINE__))
@@ -210,7 +211,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5,
 
 	if (bDevice == FALSE)
 	{
-		wcscpy (szCFDevice, szDiskFile);
+		StringCchCopyW (szCFDevice, ARRAYSIZE(szCFDevice), szDiskFile);
 	}
 	else
 	{
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index d01ea63b..2113c81c 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -180,10 +180,10 @@ typedef uint64 uint_64t;
 typedef CHAR16 wchar_t;
 typedef int LONG;
 
-#define wcscpy StrCpy
+#define StringCchCopyW StrCpyS
 #define wcslen StrLen
 #define wcscmp StrCmp
-#define wcscat StrCat
+#define StringCchCatW StrCatS
 
 #define memcpy(dest,source,count)         CopyMem(dest,source,(UINTN)(count))
 #define memset(dest,ch,count)             SetMem(dest,(UINTN)(count),(UINT8)(ch))
@@ -195,7 +195,7 @@ typedef int LONG;
 #define strchr(str,ch)                    ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch)
 #define strcmp                            AsciiStrCmp
 #define strncmp(string1,string2,count)    (int)(AsciiStrnCmp(string1,string2,(UINTN)(count)))
-#define strcpy(strDest,strSource)         AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource)
+#define StringCchCopyA(strDest,strMaxSize,strSource)         AsciiStrCpyS(strDest,strMaxSize,strSource)
 #define strncpy(strDest,strSource,count)  AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count)
 #define strlen(str)                       (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE))
 #define strstr                            AsciiStrStr
diff --git a/src/Common/Tests.c b/src/Common/Tests.c
index 0af4313e..a66c7b54 100644
--- a/src/Common/Tests.c
+++ b/src/Common/Tests.c
@@ -707,7 +707,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 			if (!EAIsModeSupported (ci->ea, ci->mode))
 				continue;
 
-			EAGetName (name, ci->ea, 0);
+			EAGetName (name, ARRAYSIZE(name), ci->ea, 0);
 
 			if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
 				return FALSE;
@@ -1188,7 +1188,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci)
 		if (!EAIsModeSupported (ci->ea, ci->mode))
 			continue;
 
-		EAGetName (name, ci->ea, 0);
+		EAGetName (name, ARRAYSIZE(name), ci->ea, 0);
 
 		if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS)
 			return FALSE;
diff --git a/src/Common/Xml.c b/src/Common/Xml.c
index 37b73498..9f77b3ba 100644
--- a/src/Common/Xml.c
+++ b/src/Common/Xml.c
@@ -12,6 +12,7 @@
 #if !defined(_UEFI)
 #include <windows.h>
 #include <stdio.h>
+#include <strsafe.h>
 #else
 #include "Tcdefs.h"
 #pragma warning( disable : 4706 )  //  assignment within conditional expression
@@ -185,26 +186,30 @@ char *XmlQuoteText (const char *textSrc, char *textDst, int textDstMaxSize)
 		case '&':
 			if (textDst + 6 > textDstLast)
 				return NULL;
-			strcpy (textDst, "&amp;");
+			StringCchCopyA (textDst, textDstMaxSize, "&amp;");
 			textDst += 5;
+			textDstMaxSize -= 5;
 			continue;
 
 		case '>':
 			if (textDst + 5 > textDstLast)
 				return NULL;
-			strcpy (textDst, "&gt;");
+			StringCchCopyA (textDst, textDstMaxSize, "&gt;");
 			textDst += 4;
+			textDstMaxSize -= 4;
 			continue;
 
 		case '<':
 			if (textDst + 5 > textDstLast)
 				return NULL;
-			strcpy (textDst, "&lt;");
+			StringCchCopyA (textDst, textDstMaxSize, "&lt;");
 			textDst += 4;
+			textDstMaxSize -= 4;
 			continue;
 
 		default:
 			*textDst++ = c;
+			textDstMaxSize--;
 		}
 	}
 
@@ -230,26 +235,30 @@ wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMax
 		case L'&':
 			if (textDst + 6 > textDstLast)
 				return NULL;
-			wcscpy (textDst, L"&amp;");
+			StringCchCopyW (textDst, textDstMaxSize, L"&amp;");
 			textDst += 5;
+			textDstMaxSize -= 5;
 			continue;
 
 		case L'>':
 			if (textDst + 5 > textDstLast)
 				return NULL;
-			wcscpy (textDst, L"&gt;");
+			StringCchCopyW (textDst, textDstMaxSize, L"&gt;");
 			textDst += 4;
+			textDstMaxSize -= 4;
 			continue;
 
 		case L'<':
 			if (textDst + 5 > textDstLast)
 				return NULL;
-			wcscpy (textDst, L"&lt;");
+			StringCchCopyW (textDst, textDstMaxSize, L"&lt;");
 			textDst += 4;
+			textDstMaxSize -= 4;
 			continue;
 
 		default:
 			*textDst++ = c;
+			textDstMaxSize--;
 		}
 	}
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2021-07-13 21:59:48 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2021-07-13 22:08:02 +0200
commit	c3747824367dbcbe74777c166b6d5d41d6de5dce (patch)
tree	f081557b6fd3fd5d572682f8397fad03fdfb148e /src/Common
parent	dce6d76b811f736e224550b22421ec1b963d5bd4 (diff)
download	VeraCrypt-c3747824367dbcbe74777c166b6d5d41d6de5dce.tar.gz VeraCrypt-c3747824367dbcbe74777c166b6d5d41d6de5dce.zip