From c3747824367dbcbe74777c166b6d5d41d6de5dce Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Tue, 13 Jul 2021 21:59:48 +0200 Subject: Windows: replace insecure wcscpy/wcscat/strcpy runtime functions with secure equivalents This fixed failure to build driver for ARM64 with latest VS 2019 --- src/Common/Crypto.c | 29 ++++++++++++++++------------- src/Common/Crypto.h | 4 ++-- src/Common/Dlgcode.c | 4 ++-- src/Common/Password.c | 3 ++- src/Common/Tcdefs.h | 6 +++--- src/Common/Tests.c | 4 ++-- src/Common/Xml.c | 21 +++++++++++++++------ src/Driver/DriveFilter.c | 4 ++-- src/ExpandVolume/ExpandVolume.c | 3 ++- src/Format/Tcformat.c | 12 ++++++------ src/Mount/Mount.c | 12 ++++++------ 11 files changed, 58 insertions(+), 44 deletions(-) diff --git a/src/Common/Crypto.c b/src/Common/Crypto.c index 4745f981..f4f6202b 100644 --- a/src/Common/Crypto.c +++ b/src/Common/Crypto.c @@ -18,6 +18,7 @@ #include "Common/Endian.h" #if !defined(_UEFI) #include +#include #ifndef TC_WINDOWS_BOOT #include "EncryptionThreadPool.h" #endif @@ -555,33 +556,35 @@ BOOL EAInitMode (PCRYPTO_INFO ci, unsigned char* key2) return TRUE; } -static void EAGetDisplayName(wchar_t *buf, int ea, int i) +static void EAGetDisplayName(wchar_t *buf, size_t bufLen, int ea, int i) { - wcscpy (buf, CipherGetName (i)); + StringCchCopyW (buf, bufLen, CipherGetName (i)); if (i = EAGetPreviousCipher(ea, i)) { - wcscat (buf, L"("); - EAGetDisplayName (&buf[wcslen(buf)], ea, i); - wcscat (buf, L")"); + size_t curLen; + StringCchCatW (buf, bufLen, L"("); + curLen = wcslen(buf); + EAGetDisplayName (&buf[curLen], bufLen - curLen, ea, i); + StringCchCatW (buf, bufLen, L")"); } } // Returns name of EA, cascaded cipher names are separated by hyphens -wchar_t *EAGetName (wchar_t *buf, int ea, int guiDisplay) +wchar_t *EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay) { if (guiDisplay) { - EAGetDisplayName (buf, ea, EAGetLastCipher(ea)); + EAGetDisplayName (buf, bufLen, ea, EAGetLastCipher(ea)); } else { int i = EAGetLastCipher(ea); - wcscpy (buf, (i != 0) ? CipherGetName (i) : L"?"); + StringCchCopyW (buf, bufLen, (i != 0) ? CipherGetName (i) : L"?"); while (i = EAGetPreviousCipher(ea, i)) { - wcscat (buf, L"-"); - wcscat (buf, CipherGetName (i)); + StringCchCatW (buf, bufLen, L"-"); + StringCchCatW (buf, bufLen, CipherGetName (i)); } } return buf; @@ -595,7 +598,7 @@ int EAGetByName (wchar_t *name) do { - EAGetName(n, ea, 1); + EAGetName(n, 128, ea, 1); #if defined(_UEFI) if (wcscmp(n, name) == 0) #else @@ -785,11 +788,11 @@ const wchar_t *HashGetName (int hashId) return pHash? pHash -> Name : L""; } -void HashGetName2 (wchar_t *buf, int hashId) +void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId) { Hash* pHash = HashGet(hashId); if (pHash) - wcscpy(buf, pHash -> Name); + StringCchCopyW (buf, bufLen, pHash -> Name); else buf[0] = L'\0'; } diff --git a/src/Common/Crypto.h b/src/Common/Crypto.h index a31152f2..95222ba6 100644 --- a/src/Common/Crypto.h +++ b/src/Common/Crypto.h @@ -342,7 +342,7 @@ int EAGetFirst (); int EAGetCount (void); int EAGetNext (int previousEA); #ifndef TC_WINDOWS_BOOT -wchar_t * EAGetName (wchar_t *buf, int ea, int guiDisplay); +wchar_t * EAGetName (wchar_t *buf, size_t bufLen, int ea, int guiDisplay); int EAGetByName (wchar_t *name); #endif int EAGetKeySize (int ea); @@ -373,7 +373,7 @@ const wchar_t *HashGetName (int hash_algo_id); int HashGetIdByName (wchar_t *name); #endif Hash *HashGet (int id); -void HashGetName2 (wchar_t *buf, int hashId); +void HashGetName2 (wchar_t *buf, size_t bufLen, int hashId); BOOL HashIsDeprecated (int hashId); BOOL HashForSystemEncryption (int hashId); int GetMaxPkcs5OutSize (void); diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index 2e0b507a..8209f2b2 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -5903,7 +5903,7 @@ static BOOL PerformBenchmark(HWND hBenchDlg, HWND hwndDlg) benchmarkTable[benchmarkTotalItems].decSpeed = performanceCountEnd.QuadPart - performanceCountStart.QuadPart; benchmarkTable[benchmarkTotalItems].id = ci->ea; benchmarkTable[benchmarkTotalItems].meanBytesPerSec = ((unsigned __int64) (benchmarkBufferSize / ((float) benchmarkTable[benchmarkTotalItems].encSpeed / benchmarkPerformanceFrequency.QuadPart)) + (unsigned __int64) (benchmarkBufferSize / ((float) benchmarkTable[benchmarkTotalItems].decSpeed / benchmarkPerformanceFrequency.QuadPart))) / 2; - EAGetName (benchmarkTable[benchmarkTotalItems].name, ci->ea, 1); + EAGetName (benchmarkTable[benchmarkTotalItems].name, 100, ci->ea, 1); benchmarkTotalItems++; } @@ -6826,7 +6826,7 @@ CipherTestDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam) for (ea = EAGetFirst (); ea != 0; ea = EAGetNext (ea)) { if (EAGetCipherCount (ea) == 1 && EAIsFormatEnabled (ea)) - AddComboPair (GetDlgItem (hwndDlg, IDC_CIPHER), EAGetName (buf, ea, 1), EAGetFirstCipher (ea)); + AddComboPair (GetDlgItem (hwndDlg, IDC_CIPHER), EAGetName (buf, ARRAYSIZE(buf),ea, 1), EAGetFirstCipher (ea)); } ResetCipherTest(hwndDlg, idTestCipher); diff --git a/src/Common/Password.c b/src/Common/Password.c index f2413b6d..4caf3a21 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -23,6 +23,7 @@ #include "Random.h" #include +#include #ifndef SRC_POS #define SRC_POS (__FUNCTION__ ":" TC_TO_STRING(__LINE__)) @@ -210,7 +211,7 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, if (bDevice == FALSE) { - wcscpy (szCFDevice, szDiskFile); + StringCchCopyW (szCFDevice, ARRAYSIZE(szCFDevice), szDiskFile); } else { diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index d01ea63b..2113c81c 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -180,10 +180,10 @@ typedef uint64 uint_64t; typedef CHAR16 wchar_t; typedef int LONG; -#define wcscpy StrCpy +#define StringCchCopyW StrCpyS #define wcslen StrLen #define wcscmp StrCmp -#define wcscat StrCat +#define StringCchCatW StrCatS #define memcpy(dest,source,count) CopyMem(dest,source,(UINTN)(count)) #define memset(dest,ch,count) SetMem(dest,(UINTN)(count),(UINT8)(ch)) @@ -195,7 +195,7 @@ typedef int LONG; #define strchr(str,ch) ScanMem8((VOID *)(str),AsciiStrSize(str),(UINT8)ch) #define strcmp AsciiStrCmp #define strncmp(string1,string2,count) (int)(AsciiStrnCmp(string1,string2,(UINTN)(count))) -#define strcpy(strDest,strSource) AsciiStrCpyS(strDest,MAX_STRING_SIZE,strSource) +#define StringCchCopyA(strDest,strMaxSize,strSource) AsciiStrCpyS(strDest,strMaxSize,strSource) #define strncpy(strDest,strSource,count) AsciiStrnCpyS(strDest,MAX_STRING_SIZE,strSource,(UINTN)count) #define strlen(str) (size_t)(AsciiStrnLenS(str,MAX_STRING_SIZE)) #define strstr AsciiStrStr diff --git a/src/Common/Tests.c b/src/Common/Tests.c index 0af4313e..a66c7b54 100644 --- a/src/Common/Tests.c +++ b/src/Common/Tests.c @@ -707,7 +707,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) if (!EAIsModeSupported (ci->ea, ci->mode)) continue; - EAGetName (name, ci->ea, 0); + EAGetName (name, ARRAYSIZE(name), ci->ea, 0); if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS) return FALSE; @@ -1188,7 +1188,7 @@ BOOL TestSectorBufEncryption (PCRYPTO_INFO ci) if (!EAIsModeSupported (ci->ea, ci->mode)) continue; - EAGetName (name, ci->ea, 0); + EAGetName (name, ARRAYSIZE(name), ci->ea, 0); if (EAInit (ci->ea, key1, ci->ks) != ERR_SUCCESS) return FALSE; diff --git a/src/Common/Xml.c b/src/Common/Xml.c index 37b73498..9f77b3ba 100644 --- a/src/Common/Xml.c +++ b/src/Common/Xml.c @@ -12,6 +12,7 @@ #if !defined(_UEFI) #include #include +#include #else #include "Tcdefs.h" #pragma warning( disable : 4706 ) // assignment within conditional expression @@ -185,26 +186,30 @@ char *XmlQuoteText (const char *textSrc, char *textDst, int textDstMaxSize) case '&': if (textDst + 6 > textDstLast) return NULL; - strcpy (textDst, "&"); + StringCchCopyA (textDst, textDstMaxSize, "&"); textDst += 5; + textDstMaxSize -= 5; continue; case '>': if (textDst + 5 > textDstLast) return NULL; - strcpy (textDst, ">"); + StringCchCopyA (textDst, textDstMaxSize, ">"); textDst += 4; + textDstMaxSize -= 4; continue; case '<': if (textDst + 5 > textDstLast) return NULL; - strcpy (textDst, "<"); + StringCchCopyA (textDst, textDstMaxSize, "<"); textDst += 4; + textDstMaxSize -= 4; continue; default: *textDst++ = c; + textDstMaxSize--; } } @@ -230,26 +235,30 @@ wchar_t *XmlQuoteTextW (const wchar_t *textSrc, wchar_t *textDst, int textDstMax case L'&': if (textDst + 6 > textDstLast) return NULL; - wcscpy (textDst, L"&"); + StringCchCopyW (textDst, textDstMaxSize, L"&"); textDst += 5; + textDstMaxSize -= 5; continue; case L'>': if (textDst + 5 > textDstLast) return NULL; - wcscpy (textDst, L">"); + StringCchCopyW (textDst, textDstMaxSize, L">"); textDst += 4; + textDstMaxSize -= 4; continue; case L'<': if (textDst + 5 > textDstLast) return NULL; - wcscpy (textDst, L"<"); + StringCchCopyW (textDst, textDstMaxSize, L"<"); textDst += 4; + textDstMaxSize -= 4; continue; default: *textDst++ = c; + textDstMaxSize--; } } diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 4afb692b..d3510052 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -2112,8 +2112,8 @@ void GetBootEncryptionAlgorithmName (PIRP irp, PIO_STACK_LOCATION irpSp) wchar_t BootEncryptionAlgorithmNameW[256]; wchar_t BootPrfAlgorithmNameW[256]; GetBootEncryptionAlgorithmNameRequest *request = (GetBootEncryptionAlgorithmNameRequest *) irp->AssociatedIrp.SystemBuffer; - EAGetName (BootEncryptionAlgorithmNameW, BootDriveFilterExtension->Queue.CryptoInfo->ea, 0); - HashGetName2 (BootPrfAlgorithmNameW, BootDriveFilterExtension->Queue.CryptoInfo->pkcs5); + EAGetName (BootEncryptionAlgorithmNameW, 256, BootDriveFilterExtension->Queue.CryptoInfo->ea, 0); + HashGetName2 (BootPrfAlgorithmNameW, 256, BootDriveFilterExtension->Queue.CryptoInfo->pkcs5); RtlStringCbPrintfA (request->BootEncryptionAlgorithmName, sizeof (request->BootEncryptionAlgorithmName), "%S", BootEncryptionAlgorithmNameW); RtlStringCbPrintfA (request->BootPrfAlgorithmName, sizeof (request->BootPrfAlgorithmName), "%S", BootPrfAlgorithmNameW); diff --git a/src/ExpandVolume/ExpandVolume.c b/src/ExpandVolume/ExpandVolume.c index e340a8bb..84f6cfe8 100644 --- a/src/ExpandVolume/ExpandVolume.c +++ b/src/ExpandVolume/ExpandVolume.c @@ -37,6 +37,7 @@ #include "InitDataArea.h" #include "ExpandVolume.h" #include "Resource.h" +#include #ifndef SRC_POS #define SRC_POS (__FUNCTION__ ":" TC_TO_STRING(__LINE__)) @@ -526,7 +527,7 @@ static int ExpandVolume (HWND hwndDlg, wchar_t *lpszVolume, Password *pVolumePas if (bDevice == FALSE) { - wcscpy (szCFDevice, szDiskFile); + StringCchCopyW (szCFDevice, ARRAYSIZE(szCFDevice), szDiskFile); } else { diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c index f12a0777..9143e8c5 100644 --- a/src/Format/Tcformat.c +++ b/src/Format/Tcformat.c @@ -1425,7 +1425,7 @@ void ComboSelChangeEA (HWND hwndDlg) int i, cnt = 0; nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0); - EAGetName (name, nIndex, 0); + EAGetName (name, ARRAYSIZE(name),nIndex, 0); if (wcscmp (name, L"AES") == 0) { @@ -4165,7 +4165,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa for (ea = EAGetFirst (); ea != 0; ea = EAGetNext (ea)) { if (EAIsFormatEnabled (ea) && (!SysEncInEffect () || bSystemIsGPT || EAIsMbrSysEncEnabled (ea))) - AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX), EAGetName (buf, ea, 1), ea); + AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX), EAGetName (buf, ARRAYSIZE(buf),ea, 1), ea); } SelectAlgo (GetDlgItem (hwndDlg, IDC_COMBO_BOX), &nVolumeEA); @@ -5597,7 +5597,7 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa int nIndex = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0); nIndex = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0); - EAGetName (name, nIndex, 0); + EAGetName (name, ARRAYSIZE(name),nIndex, 0); if (wcscmp (name, L"AES") == 0) Applink ("aes"); @@ -6388,8 +6388,8 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa #ifdef _DEBUG // For faster testing - strcpy (szVerify, "q"); - strcpy (szRawPassword, "q"); + StringCchCopyA (szVerify, ARRAYSIZE(szVerify), "q"); + StringCchCopyA (szRawPassword, ARRAYSIZE(szRawPassword), "q"); #endif PasswordEditDropTarget* pTarget = new PasswordEditDropTarget (); @@ -7330,7 +7330,7 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa else { // Either a standard Windows boot manager or no boot manager - wcscpy_s (SysEncMultiBootCfgOutcome, sizeof(SysEncMultiBootCfgOutcome) / 2, GetString ("WINDOWS_BOOT_LOADER_HINTS")); + StringCchCopyW (SysEncMultiBootCfgOutcome, sizeof(SysEncMultiBootCfgOutcome) / 2, GetString ("WINDOWS_BOOT_LOADER_HINTS")); } } diff --git a/src/Mount/Mount.c b/src/Mount/Mount.c index 343be9d4..19d376b2 100644 --- a/src/Mount/Mount.c +++ b/src/Mount/Mount.c @@ -1806,7 +1806,7 @@ void LoadDriveLetters (HWND hwndDlg, HWND hTree, int drive) if (propSysEnc.ea >= EAGetFirst() && propSysEnc.ea <= EAGetCount()) { - EAGetName (szTmp, propSysEnc.ea, 1); + EAGetName (szTmp, ARRAYSIZE(szTmp),propSysEnc.ea, 1); } else { @@ -1932,7 +1932,7 @@ void LoadDriveLetters (HWND hwndDlg, HWND hTree, int drive) GetSizeString (bSysEncPartition ? GetSysEncDeviceSize(TRUE) : driver.diskLength[i], szTmpW, sizeof(szTmpW)); ListSubItemSet (hTree, listItem.iItem, 2, szTmpW); - EAGetName (szTmp, bSysEncPartition ? propSysEnc.ea : driver.ea[i], 1); + EAGetName (szTmp, ARRAYSIZE(szTmp),bSysEncPartition ? propSysEnc.ea : driver.ea[i], 1); listItem.iSubItem = 3; ListView_SetItem (hTree, &listItem); @@ -4233,14 +4233,14 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP return 1; } - EAGetName (szTmp, prop.ea, 1); + EAGetName (szTmp, ARRAYSIZE(szTmp), prop.ea, 1); ListSubItemSet (list, i++, 1, szTmp); // Key size(s) { wchar_t name[128]; int size = EAGetKeySize (prop.ea); - EAGetName (name, prop.ea, 1); + EAGetName (name, ARRAYSIZE(name), prop.ea, 1); // Primary key ListItemAdd (list, i, GetString ("KEY_SIZE")); @@ -4301,7 +4301,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP GetDateFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2); swprintf (date, L"%s ", sw); GetTimeFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2); - wcscat (date, sw); + StringCchCatW (date, ARRAYSIZE(date), sw); ListSubItemSet (list, i++, 1, date); // Header date @@ -4311,7 +4311,7 @@ BOOL CALLBACK VolumePropertiesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LP GetDateFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2); swprintf (date, L"%s ", sw); GetTimeFormatW (LOCALE_USER_DEFAULT, 0, &st, 0, sw, sizeof (sw)/2); - wcscat (date, sw); + StringCchCatW (date, ARRAYSIZE(date), sw); GetLocalTime (&st); SystemTimeToFileTime (&st, &curFt); -- cgit v1.2.3