From 16570f86628196a8a25d71dbc060833e47c62ac3 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Mon, 19 Jun 2023 10:38:30 +0200 Subject: [PATCH] [uefi] warn about revoked UEFI bootloaders when creating Windows To Go drives * Also move the warning after the WUE dialog. * Also work around another possible access violation in process.c. --- src/process.c | 15 +++++++++----- src/rufus.c | 54 ++++++++++++++++++++++++++------------------------- src/rufus.rc | 10 +++++----- 3 files changed, 43 insertions(+), 36 deletions(-) diff --git a/src/process.c b/src/process.c index 59e2becf..4ffe9478 100644 --- a/src/process.c +++ b/src/process.c @@ -473,8 +473,16 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) for (i = 0; ; i++) { ULONG attempts = 8; - PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo = - (i < handles->NumberOfHandles) ? &handles->Handles[i] : NULL; + PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX handleInfo = NULL; + + // We are seeing reports of application crashes due to access + // violation exceptions here, so, since this is not critical code, + // we add an exception handler to ignore them. + TRY_AND_HANDLE( + EXCEPTION_ACCESS_VIOLATION, + { handleInfo = (i < handles->NumberOfHandles) ? &handles->Handles[i] : NULL; }, + { continue; } + ); if ((dupHandle != NULL) && (processHandle != NtCurrentProcess())) { pfNtClose(dupHandle); @@ -483,9 +491,6 @@ static DWORD WINAPI SearchProcessThread(LPVOID param) // Update the current handle's process PID and compare against last // Note: Be careful about not trying to overflow our list! - // Also, we are seeing reports of application crashes due to access - // violation exceptions here, so, since this is not critical code, - // we add an exception handler to ignore them. TRY_AND_HANDLE( EXCEPTION_ACCESS_VIOLATION, { pid[cur_pid] = (handleInfo != NULL) ? handleInfo->UniqueProcessId : -1; }, diff --git a/src/rufus.c b/src/rufus.c index 9932292e..722ce82e 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -1430,7 +1430,7 @@ static DWORD WINAPI BootCheckThread(LPVOID param) const char* ldlinux = "ldlinux"; const char* syslinux = "syslinux"; const char* ldlinux_ext[3] = { "sys", "bss", "c32" }; - char tmp[MAX_PATH], tmp2[MAX_PATH], c; + char tmp[MAX_PATH], tmp2[MAX_PATH], efi[MAX_PATH], c; syslinux_ldlinux_len[0] = 0; syslinux_ldlinux_len[1] = 0; safe_free(grub2_buf); @@ -1544,36 +1544,11 @@ static DWORD WINAPI BootCheckThread(LPVOID param) WriteSetting32(SETTING_WUE_OPTIONS, (UNATTEND_DEFAULT_MASK << 16) | unattend_xml_mask); } } else if (target_type == TT_UEFI) { - char efi_path[MAX_PATH], tmp_path[MAX_PATH]; if (!IS_EFI_BOOTABLE(img_report)) { // Unsupported ISO MessageBoxExU(hMainDialog, lmprintf(MSG_091), lmprintf(MSG_090), MB_OK | MB_ICONERROR | MB_IS_RTL, selected_langid); goto out; } - // coverity[swapped_arguments] - if (GetTempFileNameU(temp_dir, APPLICATION_NAME, 0, tmp_path) != 0) { - int i, j; - for (i = 0; i < ARRAYSIZE(efi_bootname) + 1; i++) { - if ((img_report.has_efi & (1 << i)) == 0) - continue; - if (i == 0) - static_strcpy(efi_path, bootmgr_efi_name); - else - static_sprintf(efi_path, "%s/%s", efi_dirname, efi_bootname[i - 1]); - if (ExtractISOFile(image_path, efi_path, tmp_path, FILE_ATTRIBUTE_NORMAL) == 0) { - uprintf("Warning: Failed to extract '%s' to check for UEFI revocation", efi_path); - continue; - } - j = IsUefiBootloaderRevoked(tmp_path); - if (j > 0) { - MessageBoxExU(hMainDialog, lmprintf(MSG_339, - (j == 1) ? lmprintf(MSG_340) : lmprintf(MSG_341, "Error code: 0xc0000428")), - lmprintf(MSG_338), MB_ICONWARNING | MB_IS_RTL, selected_langid); - break; - } - } - DeleteFileU(tmp_path); - } if (HAS_WIN7_EFI(img_report) && (!WimExtractCheck(FALSE))) { // Your platform cannot extract files from WIM archives => download 7-zip? if (MessageBoxExU(hMainDialog, lmprintf(MSG_102), lmprintf(MSG_101), MB_YESNO | MB_ICONERROR | MB_IS_RTL, selected_langid) == IDYES) @@ -1645,6 +1620,33 @@ static DWORD WINAPI BootCheckThread(LPVOID param) write_as_esp = (i & 2); } + // Check UEFI bootloaders for revocation + if (target_type == TT_UEFI) { + // coverity[swapped_arguments] + if (GetTempFileNameU(temp_dir, APPLICATION_NAME, 0, tmp) != 0) { + for (i = 0; i < ARRAYSIZE(efi_bootname) + 1; i++) { + if ((img_report.has_efi & (1 << i)) == 0) + continue; + if (i == 0) + static_strcpy(efi, bootmgr_efi_name); + else + static_sprintf(efi, "%s/%s", efi_dirname, efi_bootname[i - 1]); + if (ExtractISOFile(image_path, efi, tmp, FILE_ATTRIBUTE_NORMAL) == 0) { + uprintf("Warning: Failed to extract '%s' to check for UEFI revocation", efi); + continue; + } + r = IsUefiBootloaderRevoked(tmp); + if (r > 0) { + MessageBoxExU(hMainDialog, lmprintf(MSG_339, + (r == 1) ? lmprintf(MSG_340) : lmprintf(MSG_341, "Error code: 0xc0000428")), + lmprintf(MSG_338), MB_ICONWARNING | MB_IS_RTL, selected_langid); + break; + } + } + DeleteFileU(tmp); + } + } + // If the selected target doesn't include BIOS, skip file downloads for GRUB/Syslinux if (target_type != TT_BIOS) goto uefi_target; diff --git a/src/rufus.rc b/src/rufus.rc index df17d236..9203bdef 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.2.2053" +CAPTION "Rufus 4.2.2054" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -392,8 +392,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,2,2053,0 - PRODUCTVERSION 4,2,2053,0 + FILEVERSION 4,2,2054,0 + PRODUCTVERSION 4,2,2054,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -411,13 +411,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.2.2053" + VALUE "FileVersion", "4.2.2054" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2023 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.2.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.2.2053" + VALUE "ProductVersion", "4.2.2054" END END BLOCK "VarFileInfo"