VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Setup/Setup.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-02 16:54:55 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2016-01-02 23:15:05 (GMT)
commit5872be28a243acb3b5aafdf13248e07d30471893 (patch)
tree98e5d23a0b9965e7dd3b336d5349ff027d9570aa /src/Setup/Setup.c
parent6cb1eefc49dbac29fb5a5bd2bf42569b6882d9c7 (diff)
downloadVeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.zip
VeraCrypt-5872be28a243acb3b5aafdf13248e07d30471893.tar.gz
Windows: Fix Dll hijacking vulnerability affecting installer that allows arbitrary code execution with elevation of privilege (CVE-2016-1281)
Diffstat (limited to 'src/Setup/Setup.c')
-rw-r--r--src/Setup/Setup.c26
1 files changed, 20 insertions, 6 deletions
diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index 828de70..e81c2a3 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -329,13 +329,13 @@ void SearchAndDeleteRegistrySubString (HKEY hKey, const wchar_t *subKey, const w
// if the string to search for is empty, delete the sub key, otherwise, look for matching value and delete them
if (subStringLength == 0)
{
- if (ERROR_ACCESS_DENIED == SHDeleteKeyW (hKey, ItSubKey->c_str()))
+ if (ERROR_ACCESS_DENIED == DeleteRegistryKey (hKey, ItSubKey->c_str()))
{
// grant permission to delete
AllowKeyAccess (hKey, ItSubKey->c_str());
// try again
- SHDeleteKeyW (hKey, ItSubKey->c_str());
+ DeleteRegistryKey (hKey, ItSubKey->c_str());
}
}
else
@@ -427,6 +427,22 @@ BOOL SetPrivilege(LPTSTR szPrivilegeName, BOOL bEnable)
return bStatus;
}
+/*
+ * Creates a VT_LPWSTR propvariant.
+ * we use our own implementation to use SHStrDupW function pointer
+ * that we retreive ourselves to avoid dll hijacking attacks
+ */
+inline HRESULT VCInitPropVariantFromString(__in PCWSTR psz, __out PROPVARIANT *ppropvar)
+{
+ ppropvar->vt = VT_LPWSTR;
+ HRESULT hr = VCStrDupW(psz, &ppropvar->pwszVal);
+ if (FAILED(hr))
+ {
+ PropVariantInit(ppropvar);
+ }
+ return hr;
+}
+
HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
wchar_t *lpszPathLink, const wchar_t* iconFile, int iconIndex)
{
@@ -457,7 +473,7 @@ HRESULT CreateLink (wchar_t *lpszPathObj, wchar_t *lpszArguments,
if (SUCCEEDED (psl->QueryInterface (IID_PPV_ARGS (&propStore))))
{
PROPVARIANT propVariant;
- if (SUCCEEDED (InitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
+ if (SUCCEEDED (VCInitPropVariantFromString (TC_APPLICATION_ID, &propVariant)))
{
if (SUCCEEDED (propStore->SetValue (PKEY_AppUserModel_ID, propVariant)))
propStore->Commit();
@@ -1287,7 +1303,7 @@ BOOL DoRegUninstall (HWND hwndDlg, BOOL bRemoveDeprecated)
GetStartupRegKeyName (regk, sizeof(regk));
DeleteRegistryValue (regk, L"VeraCrypt");
- SHDeleteKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
+ DeleteRegistryKey (HKEY_LOCAL_MACHINE, L"Software\\Classes\\.hc");
// enable the SE_TAKE_OWNERSHIP_NAME privilege for this operation
SetPrivilege (SE_TAKE_OWNERSHIP_NAME, TRUE);
@@ -2447,8 +2463,6 @@ int WINAPI wWinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, wchar_t *lpsz
lpszTitle = L"VeraCrypt Setup";
- InitCommonControls ();
-
/* Call InitApp to initialize the common code */
InitApp (hInstance, NULL);