From 11aa708076910d5aaf187eecc4e33ea207155b12 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Wed, 22 Jan 2020 18:08:09 +0100 Subject: Windows: use fix for CVE-2019-19501 only when process elevated otherwise it will not add any benefit compared to standard ShellExecute while at the same time potentially causing issue when opening links. --- src/Common/Dlgcode.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 261ec33e..7640b59e 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -14243,12 +14243,33 @@ cleanup: return retval; } +// This function checks if the process is running with elevated privileges or not +BOOL IsElevated() +{ + DWORD dwSize = 0; + HANDLE hToken = NULL; + TOKEN_ELEVATION tokenInformation; + BOOL bReturn = FALSE; + + if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) + { + if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize)) + { + if (tokenInformation.TokenIsElevated) + bReturn = TRUE; + } + + CloseHandle(hToken); + } + return bReturn; +} + // This function always loads a URL in a non-privileged mode // If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated // Use this security mechanism only starting from Windows Vista void SafeOpenURL (LPCWSTR szUrl) { - if (IsAdmin () && IsOSAtLeast (WIN_VISTA)) + if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated()) { WCHAR szRunDllPath[TC_MAX_PATH]; WCHAR szUrlDllPath[TC_MAX_PATH]; -- cgit v1.2.3