VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Setup/SelfExtract.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-07-14 17:18:01 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:21:13 +0100
commit016edc150b034d7401a1652bd3482d613ff4b9d4 (patch)
treecf79aeef0f7e593eb776ee6e9ca393e39a292a09 /src/Setup/SelfExtract.c
parent5c1db9d0e1287c873d180021cf82e89677fe4aa0 (diff)
downloadVeraCrypt-016edc150b034d7401a1652bd3482d613ff4b9d4.tar.gz
VeraCrypt-016edc150b034d7401a1652bd3482d613ff4b9d4.zip
Static Code Analysis : Use Safe String functions in Setup code to avoid potential security issues.
Diffstat (limited to 'src/Setup/SelfExtract.c')
-rw-r--r--src/Setup/SelfExtract.c28
1 files changed, 14 insertions, 14 deletions
diff --git a/src/Setup/SelfExtract.c b/src/Setup/SelfExtract.c
index a14a0db4..55f14114 100644
--- a/src/Setup/SelfExtract.c
+++ b/src/Setup/SelfExtract.c
@@ -18,6 +18,7 @@
#include "Dir.h"
#include "Language.h"
#include "Resource.h"
+#include <Strsafe.h>
#define OutputPackageFile "VeraCrypt Setup " VERSION_STRING ".exe"
@@ -240,12 +241,12 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir)
goto err;
if (szDestDir[x - 1] != '\\')
- strcat (szDestDir, "\\");
+ StringCbCatA (szDestDir, MAX_PATH, "\\");
GetModuleFileName (NULL, inputFile, sizeof (inputFile));
- strcpy (outputFile, szDestDir);
- strncat (outputFile, OutputPackageFile, sizeof (outputFile) - strlen (outputFile) - 1);
+ StringCbCopyA (outputFile, sizeof(outputFile), szDestDir);
+ StringCbCatA (outputFile, sizeof(outputFile), OutputPackageFile);
// Clone 'VeraCrypt Setup.exe' to create the base of the new self-extracting archive
@@ -262,13 +263,13 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir)
for (i = 0; i < sizeof (szCompressedFiles) / sizeof (szCompressedFiles[0]); i++)
{
- _snprintf (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
+ StringCbPrintfA (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
if (!FileExists (szTmpFilePath))
{
char tmpstr [1000];
- _snprintf (tmpstr, sizeof(tmpstr), "File not found:\n\n'%s'", szTmpFilePath);
+ StringCbPrintfA (tmpstr, sizeof(tmpstr), "File not found:\n\n'%s'", szTmpFilePath);
remove (outputFile);
PkgError (tmpstr);
goto err;
@@ -308,7 +309,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir)
DWORD tmpFileSize;
unsigned char *tmpBuffer;
- _snprintf (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
+ StringCbPrintfA (szTmpFilePath, sizeof(szTmpFilePath), "%s%s", szDestDir, szCompressedFiles[i]);
tmpBuffer = LoadFile (szTmpFilePath, &tmpFileSize);
@@ -317,7 +318,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir)
char tmpstr [1000];
free (tmpBuffer);
- _snprintf (tmpstr, sizeof(tmpstr), "Cannot load file \n'%s'", szTmpFilePath);
+ StringCbPrintfA (tmpstr, sizeof(tmpstr), "Cannot load file \n'%s'", szTmpFilePath);
remove (outputFile);
PkgError (tmpstr);
goto err;
@@ -436,7 +437,7 @@ BOOL MakeSelfExtractingPackage (HWND hwndDlg, char *szDestDir)
}
}
- sprintf (tmpStr, "Self-extracting package successfully created (%s)", outputFile);
+ StringCbPrintfA (tmpStr, sizeof(tmpStr), "Self-extracting package successfully created (%s)", outputFile);
PkgInfo (tmpStr);
return TRUE;
@@ -697,7 +698,7 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg)
wchar_t szTmp[TC_MAX_PATH];
handleWin32Error (hwndDlg);
- wsprintfW (szTmp, GetString ("CANT_CREATE_FOLDER"), DestExtractPath);
+ StringCbPrintfW (szTmp, sizeof(szTmp), GetString ("CANT_CREATE_FOLDER"), DestExtractPath);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONHAND);
bSuccess = FALSE;
goto eaf_end;
@@ -710,10 +711,9 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg)
char filePath [TC_MAX_PATH] = {0};
// Filename
- strncpy (fileName, Decompressed_Files[fileNo].fileName, Decompressed_Files[fileNo].fileNameLength);
- fileName [Decompressed_Files[fileNo].fileNameLength] = 0;
- strcpy (filePath, DestExtractPath);
- strcat (filePath, fileName);
+ StringCbCopyNA (fileName, sizeof(fileName), Decompressed_Files[fileNo].fileName, Decompressed_Files[fileNo].fileNameLength);
+ StringCbCopyA (filePath, sizeof(filePath), DestExtractPath);
+ StringCbCatA (filePath, sizeof(filePath), fileName);
StatusMessageParam (hwndDlg, "EXTRACTING_VERB", filePath);
@@ -726,7 +726,7 @@ void __cdecl ExtractAllFilesThread (void *hwndDlg)
{
wchar_t szTmp[512];
- _snwprintf (szTmp, sizeof (szTmp) / 2, GetString ("CANNOT_WRITE_FILE_X"), filePath);
+ StringCbPrintfW (szTmp, sizeof (szTmp), GetString ("CANNOT_WRITE_FILE_X"), filePath);
MessageBoxW (hwndDlg, szTmp, lpszTitle, MB_ICONERROR | MB_SETFOREGROUND | MB_TOPMOST);
bSuccess = FALSE;
goto eaf_end;