nerd/rufus
1
1
Fork 0
mirror of https://github.com/pbatard/rufus.git synced 2024-08-14 23:57:05 +00:00
Code Issues 1 Projects Releases Wiki Activity

[misc] fix temp_dir not being properly initialized

Browse source 
* The static_/safe_ string macros were not properly designed to handle the case where
  an expression such as strlen() rather than a static value was passed for the count,
  leading to unexpected results, such as excessive truncation of strings. Fix that.
* Also fix a buffer overflow in GetDevices() due to using a wrong string length.
This commit is contained in:
Pete Batard 2024-04-26 19:15:48 +01:00
parent 00dc0473b5
commit 6ac2dfb0df
No known key found for this signature in database
GPG key ID: 38E0CF5E69EDD671
4 changed files with 14 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
res/loc/po/sv-SE.po
View file

@ -3,9 +3,9 @@ msgstr ""
"Project-Id-Version: 4.5\n" "Project-Id-Version: 4.5\n"
"Report-Msgid-Bugs-To: pete@akeo.ie\n" "Report-Msgid-Bugs-To: pete@akeo.ie\n"
"POT-Creation-Date: 2024-04-26 00:51+0200\n" "POT-Creation-Date: 2024-04-26 00:51+0200\n"
"PO-Revision-Date: 2024-04-26 01:29+0200\n" "PO-Revision-Date: 2024-04-26 14:23+0100\n"
"Last-Translator: Sopor <sopor@hotmail.com>\n" "Last-Translator: \n"
"Language-Team: \n" "Language-Team: Sopor <sopor@users.noreply.github.com>\n"
"Language: sv_SE\n" "Language: sv_SE\n"
"MIME-Version: 1.0\n" "MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n" "Content-Type: text/plain; charset=UTF-8\n"

6
src/dev.c
View file

@ -593,7 +593,7 @@ BOOL GetDevices(DWORD devnum)
uprintf("Could not allocate Device ID list"); uprintf("Could not allocate Device ID list");
goto out; goto out;
} }
for (s=0, i=0; s<ARRAYSIZE(usbstor_name); s++) { for (s = 0, i = 0; s < ARRAYSIZE(usbstor_name); s++) {
list_start[s] = i; list_start[s] = i;
if (list_size[s] > 1) { if (list_size[s] > 1) {
if (CM_Get_Device_ID_ListA(usbstor_name[s], &devid_list[i], list_size[s], ulFlags) != CR_SUCCESS) if (CM_Get_Device_ID_ListA(usbstor_name[s], &devid_list[i], list_size[s], ulFlags) != CR_SUCCESS)
@ -985,8 +985,8 @@ BOOL GetDevices(DWORD devnum)
safe_free(devint_detail_data); safe_free(devint_detail_data);
break; break;
} }
safe_sprintf(&display_msg[strlen(display_msg)], sizeof(display_msg) - strlen(display_msg), safe_sprintf(&display_msg[strlen(display_msg)], sizeof(display_msg) - strlen(display_msg) - 1,
"%s [%s]", (right_to_left_mode)?RIGHT_TO_LEFT_MARK:"", "%s [%s]", (right_to_left_mode) ? RIGHT_TO_LEFT_MARK : "",
SizeToHumanReadable(drive_size, FALSE, use_fake_units)); SizeToHumanReadable(drive_size, FALSE, use_fake_units));
display_name = display_msg; display_name = display_msg;
} }

6
src/rufus.h
View file

@ -150,8 +150,8 @@
#define safe_free(p) do {free((void*)p); p = NULL;} while(0) #define safe_free(p) do {free((void*)p); p = NULL;} while(0)
#define safe_mm_free(p) do {_mm_free((void*)p); p = NULL;} while(0) #define safe_mm_free(p) do {_mm_free((void*)p); p = NULL;} while(0)
#define safe_min(a, b) min((size_t)(a), (size_t)(b)) #define safe_min(a, b) min((size_t)(a), (size_t)(b))
#define safe_strcp(dst, dst_max, src, count) do {memmove(dst, src, safe_min(count, dst_max)); \ #define safe_strcp(dst, dst_max, src, count) do { size_t _count = (count); memmove(dst, src, safe_min(_count, dst_max)); \
((char*)(dst))[safe_min(count, dst_max)-1] = 0;} while(0) ((char*)(dst))[safe_min(_count, dst_max)-1] = 0; } while(0)
#define safe_strcpy(dst, dst_max, src) safe_strcp(dst, dst_max, src, safe_strlen(src)+1) #define safe_strcpy(dst, dst_max, src) safe_strcp(dst, dst_max, src, safe_strlen(src)+1)
#define static_strcpy(dst, src) safe_strcpy(dst, sizeof(dst), src) #define static_strcpy(dst, src) safe_strcpy(dst, sizeof(dst), src)
#define safe_strcat(dst, dst_max, src) strncat_s(dst, dst_max, src, _TRUNCATE) #define safe_strcat(dst, dst_max, src) strncat_s(dst, dst_max, src, _TRUNCATE)
@ -163,7 +163,7 @@
#define safe_strnicmp(str1, str2, count) _strnicmp(((str1==NULL)?"<NULL>":str1), ((str2==NULL)?"<NULL>":str2), count) #define safe_strnicmp(str1, str2, count) _strnicmp(((str1==NULL)?"<NULL>":str1), ((str2==NULL)?"<NULL>":str2), count)
#define safe_closehandle(h) do {if ((h != INVALID_HANDLE_VALUE) && (h != NULL)) {CloseHandle(h); h = INVALID_HANDLE_VALUE;}} while(0) #define safe_closehandle(h) do {if ((h != INVALID_HANDLE_VALUE) && (h != NULL)) {CloseHandle(h); h = INVALID_HANDLE_VALUE;}} while(0)
#define safe_release_dc(hDlg, hDC) do {if ((hDC != INVALID_HANDLE_VALUE) && (hDC != NULL)) {ReleaseDC(hDlg, hDC); hDC = NULL;}} while(0) #define safe_release_dc(hDlg, hDC) do {if ((hDC != INVALID_HANDLE_VALUE) && (hDC != NULL)) {ReleaseDC(hDlg, hDC); hDC = NULL;}} while(0)
#define safe_sprintf(dst, count, ...) do {_snprintf_s(dst, count, _TRUNCATE, __VA_ARGS__); (dst)[(count)-1] = 0; } while(0) #define safe_sprintf(dst, count, ...) do { size_t _count = (count); _snprintf_s(dst, _count, _TRUNCATE, __VA_ARGS__); (dst)[(_count)-1] = 0; } while(0)
#define static_sprintf(dst, ...) safe_sprintf(dst, sizeof(dst), __VA_ARGS__) #define static_sprintf(dst, ...) safe_sprintf(dst, sizeof(dst), __VA_ARGS__)
#define safe_atoi(str) ((((char*)(str))==NULL)?0:atoi(str)) #define safe_atoi(str) ((((char*)(str))==NULL)?0:atoi(str))
#define safe_strlen(str) ((((char*)(str))==NULL)?0:strlen(str)) #define safe_strlen(str) ((((char*)(str))==NULL)?0:strlen(str))

10
src/rufus.rc
View file

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326 IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 4.5.2143" CAPTION "Rufus 4.5.2144"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -397,8 +397,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 4,5,2143,0 FILEVERSION 4,5,2144,0
PRODUCTVERSION 4,5,2143,0 PRODUCTVERSION 4,5,2144,0
FILEFLAGSMASK 0x3fL FILEFLAGSMASK 0x3fL
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -416,13 +416,13 @@ BEGIN
VALUE "Comments", "https://rufus.ie" VALUE "Comments", "https://rufus.ie"
VALUE "CompanyName", "Akeo Consulting" VALUE "CompanyName", "Akeo Consulting"
VALUE "FileDescription", "Rufus" VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "4.5.2143" VALUE "FileVersion", "4.5.2144"
VALUE "InternalName", "Rufus" VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)" VALUE "LegalCopyright", "<22> 2011-2024 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
VALUE "OriginalFilename", "rufus-4.5.exe" VALUE "OriginalFilename", "rufus-4.5.exe"
VALUE "ProductName", "Rufus" VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "4.5.2143" VALUE "ProductVersion", "4.5.2144"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"