From ad3b8eca694ed4d7a0ff17f955736725aad0cea6 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 24 Aug 2015 01:31:30 +0200 Subject: Windows: Protect against using a container file as its own keyfile. Normalizing path names to never use '/' but always '\'. --- src/Common/Keyfiles.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) (limited to 'src/Common/Keyfiles.c') diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c index 26973252..549ffe6e 100644 --- a/src/Common/Keyfiles.c +++ b/src/Common/Keyfiles.c @@ -222,7 +222,7 @@ close: } -BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile) +BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile, const char* volumeFileName) { BOOL status = TRUE; KeyFile kfSubStruct; @@ -322,7 +322,7 @@ BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile) StringCbPrintfA (kfSub->FileName, sizeof(kfSub->FileName), "%s%c%s", kf->FileName, '\\', fBuf.name - ); + ); // Determine whether it's a path or a file if (stat (kfSub->FileName, &statStruct) != 0) @@ -346,6 +346,13 @@ BOOL KeyFilesApply (HWND hwndDlg, Password *password, KeyFile *firstKeyFile) continue; } + CorrectFileName (kfSub->FileName); + if (volumeFileName && (_stricmp (volumeFileName, kfSub->FileName) == 0)) + { + // skip if it is the current container file name + continue; + } + ++keyfileCount; // Apply keyfile to the pool @@ -474,13 +481,25 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa { if (SelectMultipleFiles (hwndDlg, "SELECT_KEYFILE", kf->FileName, sizeof(kf->FileName),bHistory)) { + bool containerFileSkipped = false; do { - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - LoadKeyList (hwndDlg, param->FirstKeyFile); - - kf = (KeyFile *) malloc (sizeof (KeyFile)); + CorrectFileName (kf->FileName); + if (_stricmp (param->VolumeFileName, kf->FileName) == 0) + containerFileSkipped = true; + else + { + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + LoadKeyList (hwndDlg, param->FirstKeyFile); + + kf = (KeyFile *) malloc (sizeof (KeyFile)); + } } while (SelectMultipleFilesNext (kf->FileName, sizeof(kf->FileName))); + + if (containerFileSkipped) + { + Warning ("SELECTED_KEYFILE_IS_CONTAINER_FILE", hwndDlg); + } } free (kf); -- cgit v1.2.3