From c220db01281564bf5b50575ee7e24b38e45f5050 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 14 Jul 2014 17:41:09 +0200 Subject: Static Code Analysis : Generalize the use of Safe String functions. Add some NULL pointer checks. Avoid false-positive detection in AppendMenu (MF_SEPARATOR) calls by setting the last parameter to "" instead of NULL. --- src/Common/BootEncryption.cpp | 32 ++++++++----- src/Common/Cmdline.c | 11 +++-- src/Common/Format.c | 14 +++--- src/Common/Keyfiles.c | 109 +++++++++++++++++++++++++----------------- src/Common/Language.c | 50 ++++++++++++------- src/Common/Progress.c | 32 +++++++------ src/Common/Random.c | 7 +-- src/Common/Tcdefs.h | 2 +- src/Common/Volumes.c | 14 ++++-- 9 files changed, 165 insertions(+), 106 deletions(-) (limited to 'src/Common') diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index 1a467eed..0fec2878 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -32,6 +32,8 @@ #include "Mount/MainCom.h" #endif +#include + namespace VeraCrypt { #if !defined (SETUP) @@ -604,7 +606,7 @@ namespace VeraCrypt GetSystemDriveConfiguration(); ProbeRealDriveSizeRequest request; - _snwprintf (request.DeviceName, array_capacity (request.DeviceName), L"%hs", DriveConfig.DrivePartition.DevicePath.c_str()); + StringCbPrintfW (request.DeviceName, sizeof (request.DeviceName), L"%hs", DriveConfig.DrivePartition.DevicePath.c_str()); CallDriver (TC_IOCTL_PROBE_REAL_DRIVE_SIZE, &request, sizeof (request), &request, sizeof (request)); DriveConfig.DrivePartition.Info.PartitionLength = request.RealDriveSize; @@ -633,7 +635,7 @@ namespace VeraCrypt partPath << "\\Device\\Harddisk" << driveNumber << "\\Partition" << partNumber; DISK_PARTITION_INFO_STRUCT diskPartInfo; - _snwprintf (diskPartInfo.deviceName, array_capacity (diskPartInfo.deviceName), L"%hs", partPath.str().c_str()); + StringCbPrintfW (diskPartInfo.deviceName, sizeof (diskPartInfo.deviceName), L"%hs", partPath.str().c_str()); try { @@ -663,7 +665,7 @@ namespace VeraCrypt // Volume ID wchar_t volumePath[TC_MAX_PATH]; - if (ResolveSymbolicLink ((wchar_t *) ws.str().c_str(), volumePath)) + if (ResolveSymbolicLink ((wchar_t *) ws.str().c_str(), volumePath, sizeof(volumePath))) { wchar_t volumeName[TC_MAX_PATH]; HANDLE fh = FindFirstVolumeW (volumeName, array_capacity (volumeName)); @@ -742,8 +744,8 @@ namespace VeraCrypt memset (&openTestStruct, 0, sizeof (openTestStruct)); DWORD dwResult; - strcpy ((char *) &openTestStruct.wszFileName[0], devicePath); - ToUNICODE ((char *) &openTestStruct.wszFileName[0]); + StringCbCopyA ((char *) &openTestStruct.wszFileName[0], sizeof(openTestStruct.wszFileName),devicePath); + ToUNICODE ((char *) &openTestStruct.wszFileName[0], sizeof(openTestStruct.wszFileName)); openTestStruct.bDetectTCBootLoader = TRUE; @@ -844,7 +846,7 @@ namespace VeraCrypt bool BootEncryption::SystemDriveIsDynamic () { GetSystemDriveConfigurationRequest request; - _snwprintf (request.DevicePath, array_capacity (request.DevicePath), L"%hs", GetSystemDriveConfiguration().DeviceKernelPath.c_str()); + StringCbPrintfW (request.DevicePath, sizeof (request.DevicePath), L"%hs", GetSystemDriveConfiguration().DeviceKernelPath.c_str()); CallDriver (TC_IOCTL_GET_SYSTEM_DRIVE_CONFIG, &request, sizeof (request), &request, sizeof (request)); return request.DriveIsDynamic ? true : false; @@ -1095,7 +1097,7 @@ namespace VeraCrypt throw ParameterIncorrect (SRC_POS); GetSystemDriveConfigurationRequest request; - _snwprintf (request.DevicePath, array_capacity (request.DevicePath), L"%hs", GetSystemDriveConfiguration().DeviceKernelPath.c_str()); + StringCbPrintfW (request.DevicePath, sizeof (request.DevicePath), L"%hs", GetSystemDriveConfiguration().DeviceKernelPath.c_str()); try { @@ -1402,8 +1404,10 @@ namespace VeraCrypt memset (image, 0, RescueIsoImageSize); // Primary volume descriptor - strcpy ((char *)image + 0x8000, "\001CD001\001"); - strcpy ((char *)image + 0x7fff + 41, "VeraCrypt Rescue Disk "); + const char* szPrimVolDesc = "\001CD001\001"; + const char* szPrimVolLabel = "VeraCrypt Rescue Disk "; + memcpy (image + 0x8000, szPrimVolDesc, strlen(szPrimVolDesc) + 1); + memcpy (image + 0x7fff + 41, szPrimVolLabel, strlen(szPrimVolLabel) + 1); *(uint32 *) (image + 0x7fff + 81) = RescueIsoImageSize / 2048; *(uint32 *) (image + 0x7fff + 85) = BE32 (RescueIsoImageSize / 2048); image[0x7fff + 121] = 1; @@ -1420,11 +1424,13 @@ namespace VeraCrypt image[0x7fff + 159] = 0x18; // Boot record volume descriptor - strcpy ((char *)image + 0x8801, "CD001\001EL TORITO SPECIFICATION"); + const char* szBootRecDesc = "CD001\001EL TORITO SPECIFICATION"; + memcpy (image + 0x8801, szBootRecDesc, strlen(szBootRecDesc) + 1); image[0x8800 + 0x47] = 0x19; // Volume descriptor set terminator - strcpy ((char *)image + 0x9000, "\377CD001\001"); + const char* szVolDescTerm = "\377CD001\001"; + memcpy (image + 0x9000, szVolDescTerm, strlen(szVolDescTerm) + 1); // Path table image[0xA000 + 0] = 1; @@ -1722,7 +1728,7 @@ namespace VeraCrypt DWORD size = sizeof (regKeyBuf) - strSize; // SetupInstallFromInfSection() does not support prepending of values so we have to modify the registry directly - strncpy ((char *) regKeyBuf, filter.c_str(), sizeof (regKeyBuf)); + StringCbCopyA ((char *) regKeyBuf, sizeof(regKeyBuf), filter.c_str()); if (RegQueryValueEx (regKey, filterReg.c_str(), NULL, NULL, regKeyBuf + strSize, &size) != ERROR_SUCCESS) size = 1; @@ -2318,7 +2324,7 @@ namespace VeraCrypt void BootEncryption::RestrictPagingFilesToSystemPartition () { char pagingFiles[128]; - strncpy (pagingFiles, "X:\\pagefile.sys 0 0", sizeof (pagingFiles)); + StringCbCopyA (pagingFiles, sizeof(pagingFiles), "X:\\pagefile.sys 0 0"); pagingFiles[0] = GetWindowsDirectory()[0]; throw_sys_if (!WriteLocalMachineRegistryMultiString ("System\\CurrentControlSet\\Control\\Session Manager\\Memory Management", "PagingFiles", pagingFiles, strlen (pagingFiles) + 2)); diff --git a/src/Common/Cmdline.c b/src/Common/Cmdline.c index 35507c2b..f1f9a8fc 100644 --- a/src/Common/Cmdline.c +++ b/src/Common/Cmdline.c @@ -20,6 +20,7 @@ #include "Apidrvr.h" #include "Dlgcode.h" #include "Language.h" +#include /* Except in response to the WM_INITDIALOG message, the dialog box procedure should return nonzero if it processes the message, and zero if it does @@ -44,13 +45,13 @@ BOOL CALLBACK CommandHelpDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM *tmp = 0; - strcpy (tmp, "Command line options:\n\n"); + StringCbCopyA (tmp, 8192, "Command line options:\n\n"); for (i = 0; i < as->arg_cnt; i ++) { if (!as->args[i].Internal) { - sprintf(tmp2, "%s\t%s\n", as->args[i].short_name, as->args[i].long_name); - strcat(tmp,tmp2); + StringCchPrintf(tmp2, MAX_PATH * 2, "%s\t%s\n", as->args[i].short_name, as->args[i].long_name); + StringCchCat(tmp, 8192, tmp2); } } @@ -220,7 +221,7 @@ int GetArgumentValue (char **lpszCommandLineArgs, int nArgPos, int *nArgIdx, { /* Handles the case of no space between parameter code and value */ - strncpy (lpszValue, &lpszCommandLineArgs[*nArgIdx][nArgPos], nValueSize); + StringCbCopyA (lpszValue, nValueSize, &lpszCommandLineArgs[*nArgIdx][nArgPos]); lpszValue[nValueSize - 1] = 0; return HAS_ARGUMENT; } @@ -231,7 +232,7 @@ int GetArgumentValue (char **lpszCommandLineArgs, int nArgPos, int *nArgIdx, { /* Handles the case of space between parameter code and value */ - strncpy (lpszValue, &lpszCommandLineArgs[*nArgIdx + 1][x], nValueSize); + StringCbCopyA (lpszValue, nValueSize, &lpszCommandLineArgs[*nArgIdx + 1][x]); lpszValue[nValueSize - 1] = 0; (*nArgIdx)++; return HAS_ARGUMENT; diff --git a/src/Common/Format.c b/src/Common/Format.c index 25f20acd..ad6be026 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -29,6 +29,8 @@ #include "Format/FormatCom.h" #include "Format/Tcformat.h" +#include + int FormatWriteBufferSize = 1024 * 1024; static uint32 FormatSectorSize = 0; @@ -129,8 +131,8 @@ int TCFormatVolume (volatile FORMAT_VOL_PARAMETERS *volParams) if (volParams->bDevice) { - strcpy ((char *)deviceName, volParams->volumePath); - ToUNICODE ((char *)deviceName); + StringCbCopyA ((char *)deviceName, sizeof(deviceName), volParams->volumePath); + ToUNICODE ((char *)deviceName, sizeof(deviceName)); driveLetter = GetDiskDeviceDriveLetter (deviceName); } @@ -170,7 +172,7 @@ begin_format: DWORD dwResult; int nPass; - if (FakeDosNameForDevice (volParams->volumePath, dosDev, devName, FALSE) != 0) + if (FakeDosNameForDevice (volParams->volumePath, dosDev, sizeof(dosDev), devName, sizeof(devName), FALSE) != 0) return ERR_OS_ERROR; if (IsDeviceMounted (devName)) @@ -803,10 +805,10 @@ BOOL FormatNtfs (int driveNo, int clusterSize) if (GetSystemDirectory (dllPath, MAX_PATH)) { - strcat(dllPath, "\\fmifs.dll"); + StringCbCatA(dllPath, sizeof(dllPath), "\\fmifs.dll"); } else - strcpy(dllPath, "C:\\Windows\\System32\\fmifs.dll"); + StringCbCopyA(dllPath, sizeof(dllPath), "C:\\Windows\\System32\\fmifs.dll"); hModule = LoadLibrary (dllPath); @@ -819,7 +821,7 @@ BOOL FormatNtfs (int driveNo, int clusterSize) return FALSE; } - wcscat (dir, L":\\"); + StringCbCatW (dir, sizeof(dir), L":\\"); FormatExResult = FALSE; diff --git a/src/Common/Keyfiles.c b/src/Common/Keyfiles.c index e7e55ca5..4a6baf46 100644 --- a/src/Common/Keyfiles.c +++ b/src/Common/Keyfiles.c @@ -23,11 +23,12 @@ #include "Platform/Finally.h" #include "Platform/ForEach.h" +#include + using namespace VeraCrypt; #define stat _stat #define S_IFDIR _S_IFDIR -#define snprintf _snprintf BOOL HiddenFilesPresentInKeyfilePath = FALSE; @@ -97,13 +98,16 @@ void KeyFileRemoveAll (KeyFile **firstKeyFile) KeyFile *KeyFileClone (KeyFile *keyFile) { - KeyFile *clone; + KeyFile *clone = NULL; if (keyFile == NULL) return NULL; clone = (KeyFile *) malloc (sizeof (KeyFile)); - strcpy (clone->FileName, keyFile->FileName); - clone->Next = NULL; + if (clone) + { + StringCbCopyA (clone->FileName, sizeof(clone->FileName), keyFile->FileName); + clone->Next = NULL; + } return clone; } @@ -298,7 +302,7 @@ BOOL KeyFilesApply (Password *password, KeyFile *firstKeyFile) /* Find and process all keyfiles in the directory */ int keyfileCount = 0; - snprintf (searchPath, sizeof (searchPath), "%s\\*.*", kf->FileName); + StringCbPrintfA (searchPath, sizeof (searchPath), "%s\\*.*", kf->FileName); if ((searchHandle = _findfirst (searchPath, &fBuf)) == -1) { handleWin32Error (MainDlg); @@ -311,7 +315,7 @@ BOOL KeyFilesApply (Password *password, KeyFile *firstKeyFile) { WIN32_FILE_ATTRIBUTE_DATA fileAttributes; - snprintf (kfSub->FileName, sizeof(kfSub->FileName), "%s%c%s", kf->FileName, + StringCbPrintfA (kfSub->FileName, sizeof(kfSub->FileName), "%s%c%s", kf->FileName, '\\', fBuf.name ); @@ -462,18 +466,21 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa if (lw == IDC_KEYADD) { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - if (SelectMultipleFiles (hwndDlg, "SELECT_KEYFILE", kf->FileName, bHistory)) + if (kf) { - do + if (SelectMultipleFiles (hwndDlg, "SELECT_KEYFILE", kf->FileName, sizeof(kf->FileName),bHistory)) { - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - LoadKeyList (hwndDlg, param->FirstKeyFile); + do + { + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + LoadKeyList (hwndDlg, param->FirstKeyFile); - kf = (KeyFile *) malloc (sizeof (KeyFile)); - } while (SelectMultipleFilesNext (kf->FileName)); - } + kf = (KeyFile *) malloc (sizeof (KeyFile)); + } while (SelectMultipleFilesNext (kf->FileName, sizeof(kf->FileName))); + } - free (kf); + free (kf); + } return 1; } @@ -501,10 +508,13 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa foreach (const SecurityTokenKeyfilePath &keyPath, selectedTokenKeyfiles) { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - strcpy_s (kf->FileName, sizeof (kf->FileName), WideToSingleString (keyPath).c_str()); + if (kf) + { + strcpy_s (kf->FileName, sizeof (kf->FileName), WideToSingleString (keyPath).c_str()); - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - LoadKeyList (hwndDlg, param->FirstKeyFile); + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + LoadKeyList (hwndDlg, param->FirstKeyFile); + } } } @@ -574,9 +584,12 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa while (count-- > 0) { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - DragQueryFile (hdrop, i++, kf->FileName, sizeof (kf->FileName)); - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - LoadKeyList (hwndDlg, param->FirstKeyFile); + if (kf) + { + DragQueryFile (hdrop, i++, kf->FileName, sizeof (kf->FileName)); + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + LoadKeyList (hwndDlg, param->FirstKeyFile); + } } DragFinish (hdrop); @@ -614,6 +627,8 @@ BOOL CALLBACK KeyFilesDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *param) { HMENU popup = CreatePopupMenu (); + if (!popup) + return FALSE; int sel; BOOL status = FALSE; @@ -628,35 +643,40 @@ BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *par case IDM_KEYFILES_POPUP_ADD_FILES: { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - if (SelectMultipleFiles (hwndDlg, "SELECT_KEYFILE", kf->FileName, bHistory)) + if (kf) { - do + if (SelectMultipleFiles (hwndDlg, "SELECT_KEYFILE", kf->FileName, sizeof(kf->FileName),bHistory)) { - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - kf = (KeyFile *) malloc (sizeof (KeyFile)); - } while (SelectMultipleFilesNext (kf->FileName)); + do + { + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + kf = (KeyFile *) malloc (sizeof (KeyFile)); + } while (SelectMultipleFilesNext (kf->FileName, sizeof(kf->FileName))); - param->EnableKeyFiles = TRUE; - status = TRUE; - } + param->EnableKeyFiles = TRUE; + status = TRUE; + } - free (kf); + free (kf); + } } break; case IDM_KEYFILES_POPUP_ADD_DIR: { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - - if (BrowseDirectories (hwndDlg,"SELECT_KEYFILE_PATH", kf->FileName)) + if (kf) { - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - param->EnableKeyFiles = TRUE; - status = TRUE; - } - else - { - free (kf); + if (BrowseDirectories (hwndDlg,"SELECT_KEYFILE_PATH", kf->FileName)) + { + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + param->EnableKeyFiles = TRUE; + status = TRUE; + } + else + { + free (kf); + } } } break; @@ -669,11 +689,14 @@ BOOL KeyfilesPopupMenu (HWND hwndDlg, POINT popupPosition, KeyFilesDlgParam *par foreach (const SecurityTokenKeyfilePath &keyPath, selectedTokenKeyfiles) { KeyFile *kf = (KeyFile *) malloc (sizeof (KeyFile)); - strcpy_s (kf->FileName, sizeof (kf->FileName), WideToSingleString (keyPath).c_str()); - - param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); - param->EnableKeyFiles = TRUE; - status = TRUE; + if (kf) + { + strcpy_s (kf->FileName, sizeof (kf->FileName), WideToSingleString (keyPath).c_str()); + + param->FirstKeyFile = KeyFileAdd (param->FirstKeyFile, kf); + param->EnableKeyFiles = TRUE; + status = TRUE; + } } } } diff --git a/src/Common/Language.c b/src/Common/Language.c index b146f820..3ec95dba 100644 --- a/src/Common/Language.c +++ b/src/Common/Language.c @@ -26,6 +26,8 @@ #include "../Setup/Resource.h" #endif +#include + BOOL LocalizationActive; int LocalizationSerialNo; @@ -68,8 +70,9 @@ static char *MapNextLanguageFile () GetModuleFileNameW (NULL, f, sizeof (f) / sizeof (f[0])); t = wcsrchr (f, L'\\'); if (t == NULL) return NULL; - - wcscpy (t, L"\\Language*.xml"); + + *t = 0; + StringCbCatW (f, sizeof(f), L"\\Language*.xml"); LanguageFileFindHandle = FindFirstFileW (f, &find); } @@ -88,14 +91,29 @@ static char *MapNextLanguageFile () GetModuleFileNameW (NULL, f, sizeof (f) / sizeof(f[0])); t = wcsrchr (f, L'\\'); - wcscpy (t + 1, find.cFileName); + if (t == NULL) + { + free(LanguageFileBuffer); + return NULL; + } + + t[1] = 0; + StringCbCatW (f, sizeof(f),find.cFileName); file = CreateFileW (f, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); - if (file == INVALID_HANDLE_VALUE) return NULL; + if (file == INVALID_HANDLE_VALUE) + { + free(LanguageFileBuffer); + return NULL; + } ReadFile (file, LanguageFileBuffer, find.nFileSizeLow, &read, NULL); CloseHandle (file); - if (read != find.nFileSizeLow) return NULL; + if (read != find.nFileSizeLow) + { + free(LanguageFileBuffer); + return NULL; + } return LanguageFileBuffer; } @@ -130,7 +148,7 @@ BOOL LoadLanguageFile () ClearDictionaryPool (); if (PreferredLangId[0] != 0) - strcpy (langId, PreferredLangId); + StringCbCopyA (langId, sizeof(langId), PreferredLangId); // Parse all available language files until preferred language is found for (res = MapFirstLanguageFile (); res != NULL; res = MapNextLanguageFile ()) @@ -147,7 +165,7 @@ BOOL LoadLanguageFile () if (defaultLangParsed && strcmp (attr, VERSION_STRING) && strcmp (attr, "DEBUG")) { wchar_t m[2048]; - swprintf (m, L"The installed language pack is incompatible with this version of VeraCrypt (the language pack is for VeraCrypt %hs). A newer version may be available at www.idrix.fr.\n\nTo prevent this message from being displayed, do any of the following:\n\n- Select 'Settings' > 'Language'; then select 'English' and click 'OK'.\n\n- Remove or replace the language pack with a compatible version (the language pack may reside e.g. in 'C:\\Program Files\\VeraCrypt' or '%%LOCALAPPDATA%%\\VirtualStore\\Program Files\\VeraCrypt', etc.)", attr); + StringCbPrintfW (m, sizeof(m), L"The installed language pack is incompatible with this version of VeraCrypt (the language pack is for VeraCrypt %hs). A newer version may be available at www.idrix.fr.\n\nTo prevent this message from being displayed, do any of the following:\n\n- Select 'Settings' > 'Language'; then select 'English' and click 'OK'.\n\n- Remove or replace the language pack with a compatible version (the language pack may reside e.g. in 'C:\\Program Files\\VeraCrypt' or '%%LOCALAPPDATA%%\\VirtualStore\\Program Files\\VeraCrypt', etc.)", attr); MessageBoxW (NULL, m, L"VeraCrypt", MB_ICONERROR); continue; } @@ -189,7 +207,7 @@ BOOL LoadLanguageFile () XmlGetAttributeText (xml, "size", attr, sizeof (attr)); sscanf (attr, "%d", &font.Size); - strcpy (attr, "font_"); + StringCbCopyA (attr, sizeof(attr), "font_"); XmlGetAttributeText (xml, "class", attr + 5, sizeof (attr) - 5); AddDictionaryEntry ( AddPoolData ((void *) attr, strlen (attr) + 1), 0, @@ -375,13 +393,13 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa // Language pack version if (!ActiveLangPackVersion[0] || memcmp (ActiveLangPackVersion, "0.0.0", 5) == 0) { - swprintf (szVers, GetString("LANG_PACK_VERSION"), L"--"); + StringCbPrintfW (szVers, sizeof(szVers), GetString("LANG_PACK_VERSION"), L"--"); } else { nLen = MultiByteToWideChar (CP_UTF8, 0, ActiveLangPackVersion, -1, wversion, sizeof (wversion) / sizeof(wversion[0])); if (nLen != 0 && nLen != ERROR_NO_UNICODE_TRANSLATION) - swprintf (szVers, GetString("LANG_PACK_VERSION"), wversion); + StringCbPrintfW (szVers, sizeof(szVers),GetString("LANG_PACK_VERSION"), wversion); } SetWindowTextW (GetDlgItem (hwndDlg, IDC_LANGPACK_VERSION), szVers); @@ -394,7 +412,7 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa } } - strcpy (lastLangId, attr); + StringCbCopyA (lastLangId, sizeof(lastLangId),attr); langCount++; } } @@ -410,7 +428,7 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa EndDialog (hwndDlg, IDCANCEL); if (langCount == 2) - strcpy (PreferredLangId, lastLangId); + StringCbCopyA (PreferredLangId, sizeof(PreferredLangId), lastLangId); EndDialog (hwndDlg, IDOK); } @@ -446,7 +464,7 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa } if (SendDlgItemMessage (hwndDlg, IDC_LANGLIST, LB_GETCOUNT, 0, 0) > 1) - strcpy (PreferredLangId, l); + StringCbCopyA (PreferredLangId, sizeof(PreferredLangId), l); } } @@ -465,7 +483,7 @@ BOOL CALLBACK LanguageDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lPa char tmpstr [256]; if (strlen (ActiveLangPackVersion) > 0 && strlen (GetPreferredLangId()) > 0) - sprintf (tmpstr, "&langpackversion=%s&lang=%s", ActiveLangPackVersion, GetPreferredLangId()); + StringCbPrintfA (tmpstr, sizeof(tmpstr), "&langpackversion=%s&lang=%s", ActiveLangPackVersion, GetPreferredLangId()); else tmpstr[0] = 0; @@ -488,7 +506,7 @@ char *GetPreferredLangId () void SetPreferredLangId (char *langId) { - strncpy (PreferredLangId, langId, 5); + StringCbCopyA (PreferredLangId, sizeof(PreferredLangId), langId); } @@ -503,7 +521,7 @@ wchar_t *GetString (const char *stringId) WCHAR *str = (WCHAR *) GetDictionaryValue (stringId); if (str != NULL) return str; - wsprintfW (UnknownString, UNKNOWN_STRING_ID L"%hs" UNKNOWN_STRING_ID, stringId); + StringCbPrintfW (UnknownString, sizeof(UnknownString), UNKNOWN_STRING_ID L"%hs" UNKNOWN_STRING_ID, stringId); return UnknownString; } diff --git a/src/Common/Progress.c b/src/Common/Progress.c index afa6f645..89697a62 100644 --- a/src/Common/Progress.c +++ b/src/Common/Progress.c @@ -17,6 +17,8 @@ #include "../Format/FormatCom.h" #include "../Format/resource.h" +#include + static ULONG prevTime, startTime; static __int64 TotalSize; static __int64 resumedPointBytesDone; @@ -74,31 +76,31 @@ BOOL UpdateProgressBarProc (__int64 byteOffset) double perc = (double) (100.0 * (bProgressBarReverse ? ((double) (TotalSize - byteOffset)) : ((double) byteOffset)) / (TotalSize == 0 ? 0.0001 : ((double) TotalSize))); if (perc > 99.999999999) - wcscpy (text, GetString ("PROCESSED_PORTION_100_PERCENT")); + StringCbCopyW (text,sizeof(text), GetString ("PROCESSED_PORTION_100_PERCENT")); else - _snwprintf (text, sizeof text/2, GetString ("PROCESSED_PORTION_X_PERCENT"), perc); + StringCbPrintfW (text, sizeof text, GetString ("PROCESSED_PORTION_X_PERCENT"), perc); - wcscat (speed, L" "); + StringCbCatW (speed, sizeof(speed), L" "); } else { - GetSizeString (bytesDone, text); + GetSizeString (bytesDone, text, sizeof(text)); if (bytesDone < (unsigned __int64) BYTES_PER_MB * 1000000) - swprintf(text, L"%I64d %s ", bytesDone / BYTES_PER_MB, GetString ("MB")); + StringCbPrintfW(text, sizeof(text), L"%I64d %s ", bytesDone / BYTES_PER_MB, GetString ("MB")); else if (bytesDone < (unsigned __int64) BYTES_PER_GB * 1000000) - swprintf(text, L"%I64d %s ", bytesDone / BYTES_PER_GB, GetString ("GB")); + StringCbPrintfW(text, sizeof(text), L"%I64d %s ", bytesDone / BYTES_PER_GB, GetString ("GB")); else if (bytesDone < (unsigned __int64) BYTES_PER_TB * 1000000) - swprintf(text, L"%I64d %s ", bytesDone / BYTES_PER_TB, GetString ("TB")); + StringCbPrintfW(text, sizeof(text), L"%I64d %s ", bytesDone / BYTES_PER_TB, GetString ("TB")); else - swprintf(text, L"%I64d %s ", bytesDone / BYTES_PER_PB, GetString ("PB")); + StringCbPrintfW(text, sizeof(text), L"%I64d %s ", bytesDone / BYTES_PER_PB, GetString ("PB")); } SetWindowTextW (GetDlgItem (hCurPage, IDC_BYTESWRITTEN), text); if (!bShowStatus) { - GetSpeedString (bRWThroughput ? bytesPerSec*2 : bytesPerSec, speed); - wcscat (speed, L" "); + GetSpeedString (bRWThroughput ? bytesPerSec*2 : bytesPerSec, speed, sizeof(speed)); + StringCbCatW (speed, sizeof(speed), L" "); SetWindowTextW (GetDlgItem (hCurPage, IDC_WRITESPEED), speed); } @@ -107,15 +109,15 @@ BOOL UpdateProgressBarProc (__int64 byteOffset) int64 sec = (int64) ((bProgressBarReverse ? byteOffset : (TotalSize - byteOffset)) / (bytesPerSec == 0 ? 0.001 : bytesPerSec)); if (bytesPerSec == 0 || sec > 60 * 60 * 24 * 999) - swprintf (text, L"%s ", GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE")); + StringCbPrintfW (text, sizeof(text), L"%s ", GetString ("NOT_APPLICABLE_OR_NOT_AVAILABLE")); else if (sec >= 60 * 60 * 24 * 2) - swprintf (text, L"%I64d %s ", sec / (60 * 24 * 60), days); + StringCbPrintfW (text, sizeof(text), L"%I64d %s ", sec / (60 * 24 * 60), days); else if (sec >= 120 * 60) - swprintf (text, L"%I64d %s ", sec / (60 * 60), hours); + StringCbPrintfW (text, sizeof(text), L"%I64d %s ", sec / (60 * 60), hours); else if (sec >= 120) - swprintf (text, L"%I64d %s ", sec / 60, minutes); + StringCbPrintfW (text, sizeof(text), L"%I64d %s ", sec / 60, minutes); else - swprintf (text, L"%I64d %s ", sec, seconds); + StringCbPrintfW (text, sizeof(text), L"%I64d %s ", sec, seconds); SetWindowTextW (GetDlgItem (hCurPage, IDC_TIMEREMAIN), text); } diff --git a/src/Common/Random.c b/src/Common/Random.c index c897e3b7..445e8f24 100644 --- a/src/Common/Random.c +++ b/src/Common/Random.c @@ -12,6 +12,7 @@ #include "Tcdefs.h" #include "Crc.h" #include "Random.h" +#include static unsigned __int8 buffer[RNG_POOL_SIZE]; static unsigned char *pRandPool = NULL; @@ -576,10 +577,10 @@ BOOL SlowPoll (void) char dllPath[MAX_PATH]; if (GetSystemDirectory (dllPath, MAX_PATH)) { - strcat(dllPath, "\\NETAPI32.DLL"); + StringCbCatA(dllPath, sizeof(dllPath), "\\NETAPI32.DLL"); } else - strcpy(dllPath, "C:\\Windows\\System32\\NETAPI32.DLL"); + StringCbCopyA(dllPath, sizeof(dllPath), "C:\\Windows\\System32\\NETAPI32.DLL"); hNetAPI32 = LoadLibrary (dllPath); if (hNetAPI32 != NULL) @@ -630,7 +631,7 @@ BOOL SlowPoll (void) char szDevice[24]; /* Check whether we can access this device */ - sprintf (szDevice, "\\\\.\\PhysicalDrive%d", nDrive); + StringCbPrintfA (szDevice, sizeof(szDevice), "\\\\.\\PhysicalDrive%d", nDrive); hDevice = CreateFile (szDevice, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, NULL); if (hDevice == INVALID_HANDLE_VALUE) diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 0bf41d79..423eed27 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -197,7 +197,7 @@ typedef int BOOL; # ifdef DEVICE_DRIVER # define trace_msg Dump # elif defined (_WIN32) -# define trace_msg(...) do { char msg[2048]; _snprintf (msg, sizeof (msg), __VA_ARGS__); OutputDebugString (msg); } while (0) +# define trace_msg(...) do { char msg[2048]; StringCbPrintfA (msg, sizeof (msg), __VA_ARGS__); OutputDebugString (msg); } while (0) # endif # define trace_point trace_msg (__FUNCTION__ ":" TC_TO_STRING(__LINE__) "\n") # else diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 506a4d04..15ee8fe6 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -33,6 +33,9 @@ #include "Volumes.h" #include "Pkcs5.h" +#ifdef _WIN32 +#include +#endif /* Volume header v5 structure (used since TrueCrypt 7.0): */ // @@ -187,6 +190,9 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, PCR } else { + if (!retInfo) + return ERR_PARAMETER_INCORRECT; + cryptoInfo = *retInfo = crypto_open (); if (cryptoInfo == NULL) return ERR_OUTOFMEMORY; @@ -934,16 +940,16 @@ int CreateVolumeHeaderInMemory (BOOL bBoot, char *header, int ea, int mode, Pass for (i = 0; i < j; i++) { char tmp2[8] = {0}; - sprintf (tmp2, "%02X", (int) (unsigned char) keyInfo.master_keydata[i + primaryKeyOffset]); - strcat (MasterKeyGUIView, tmp2); + StringCbPrintfA (tmp2, sizeof(tmp2), "%02X", (int) (unsigned char) keyInfo.master_keydata[i + primaryKeyOffset]); + StringCbCatA (MasterKeyGUIView, sizeof(MasterKeyGUIView), tmp2); } HeaderKeyGUIView[0] = 0; for (i = 0; i < NBR_KEY_BYTES_TO_DISPLAY; i++) { char tmp2[8]; - sprintf (tmp2, "%02X", (int) (unsigned char) dk[primaryKeyOffset + i]); - strcat (HeaderKeyGUIView, tmp2); + StringCbPrintfA (tmp2, sizeof(tmp2), "%02X", (int) (unsigned char) dk[primaryKeyOffset + i]); + StringCbCatA (HeaderKeyGUIView, sizeof(HeaderKeyGUIView), tmp2); } if (dots3) -- cgit v1.2.3