nerd
/
rufus
mirror of https://github.com/pbatard/rufus.git
1
1
Fork 0
Code Issues 1 Projects Releases Wiki Activity

[misc] work around Microsoft's broken SetDllDirectory() 

* *THIS* is what you need to do to replace Microsoft's broken SetDllDirectory("")
  implementation and mitigate DLL sideloading from local directories.
* Also fix some comment typos
This commit is contained in:
Pete Batard 2018-06-05 13:02:28 +01:00
parent b80f7c0785
commit e1d864f755
7 changed files with 128 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.vs/rufus.vcxproj
View File

@ -132,7 +132,7 @@
<Optimization>Disabled</Optimization>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -155,7 +155,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -180,7 +180,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -210,7 +210,7 @@
<Optimization>Disabled</Optimization>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -233,7 +233,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>false</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -256,7 +256,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>false</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -281,7 +281,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>false</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
@ -309,7 +309,7 @@
<DisableSpecificWarnings>4091;28252;28253;%(DisableSpecificWarnings)</DisableSpecificWarnings>
</ClCompile>
<Link>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wininet.lib;wintrust.lib;dwmapi.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;psapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
<UACExecutionLevel>RequireAdministrator</UACExecutionLevel>
<GenerateDebugInformation>false</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>

2
src/Makefile.am
View File

@ -15,4 +15,4 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c
rufus_CFLAGS = -I./ms-sys/inc -I./syslinux/libfat -I./syslinux/libinstaller -I./syslinux/win -I./libcdio $(AM_CFLAGS)
rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows
rufus_LDADD = rufus_rc.o bled/libbled.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lwininet -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -ldwmapi -luuid -lpsapi
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -luuid -lpsapi

2
src/Makefile.in
View File

@ -276,7 +276,7 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c
rufus_CFLAGS = -I./ms-sys/inc -I./syslinux/libfat -I./syslinux/libinstaller -I./syslinux/win -I./libcdio $(AM_CFLAGS)
rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows
rufus_LDADD = rufus_rc.o bled/libbled.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lwininet -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -ldwmapi -luuid -lpsapi
libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lwintrust -lcomdlg32 -lcomctl32 -luuid -lpsapi
all: all-recursive

107
src/net.c
View File

@ -59,6 +59,8 @@ const char* WinInetErrorString(void)
{
static char error_string[256];
DWORD size = sizeof(error_string);
PF_TYPE_DECL(WINAPI, BOOL, InternetGetLastResponseInfoA, (LPDWORD, LPSTR, LPDWORD));
PF_INIT(InternetGetLastResponseInfoA, WinInet);
error_code = HRESULT_CODE(GetLastError());
@ -202,8 +204,11 @@ const char* WinInetErrorString(void)
case ERROR_INTERNET_LOGIN_FAILURE_DISPLAY_ENTITY_BODY:
return "Please ask Microsoft about that one!";
case ERROR_INTERNET_EXTENDED_ERROR:
InternetGetLastResponseInfoA(&error_code, error_string, &size);
return error_string;
if (pfInternetGetLastResponseInfoA != NULL) {
pfInternetGetLastResponseInfoA(&error_code, error_string, &size);
return error_string;
}
// fall through
default:
static_sprintf(error_string, "Unknown internet error 0x%08lX", error_code);
return error_string;
@ -232,6 +237,26 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
size_t last_slash;
int i;
// Can't link with wininet.lib because of sideloading issues
PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA));
PF_TYPE_DECL(WINAPI, BOOL, InternetGetConnectedState, (LPDWORD, DWORD));
PF_TYPE_DECL(WINAPI, HINTERNET, InternetOpenA, (LPCSTR, DWORD, LPCSTR, LPCSTR, DWORD));
PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR));
PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD));
PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET));
PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR));
PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD));
PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD));
PF_INIT_OR_OUT(InternetCrackUrlA, WinInet);
PF_INIT_OR_OUT(InternetGetConnectedState, WinInet);
PF_INIT_OR_OUT(InternetOpenA, WinInet);
PF_INIT_OR_OUT(InternetConnectA, WinInet);
PF_INIT_OR_OUT(InternetReadFile, WinInet);
PF_INIT_OR_OUT(InternetCloseHandle, WinInet);
PF_INIT_OR_OUT(HttpOpenRequestA, WinInet);
PF_INIT_OR_OUT(HttpSendRequestA, WinInet);
PF_INIT_OR_OUT(HttpQueryInfoA, WinInet);
DownloadStatus = 0;
if (hProgressDialog != NULL) {
// Use the progress control provided, if any
@ -256,7 +281,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
PrintInfo(0, MSG_085, &file[last_slash]);
uprintf("Downloading '%s' from %s\n", &file[last_slash], url);
if ( (!InternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts))
if ( (!pfInternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts))
|| (UrlParts.lpszHostName == NULL) || (UrlParts.lpszUrlPath == NULL)) {
uprintf("Unable to decode URL: %s\n", WinInetErrorString());
goto out;
@ -264,7 +289,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
hostname[sizeof(hostname)-1] = 0;
// Open an Internet session
for (i=5; (i>0) && (!InternetGetConnectedState(&dwFlags, 0)); i--) {
for (i=5; (i>0) && (!pfInternetGetConnectedState(&dwFlags, 0)); i--) {
Sleep(1000);
}
if (i <= 0) {
@ -276,19 +301,19 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
static_sprintf(agent, APPLICATION_NAME "/%d.%d.%d (Windows NT %d.%d%s)",
rufus_version[0], rufus_version[1], rufus_version[2],
nWindowsVersion>>4, nWindowsVersion&0x0F, is_x64()?"; WOW64":"");
hSession = InternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hSession = pfInternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if (hSession == NULL) {
uprintf("Could not open Internet session: %s\n", WinInetErrorString());
goto out;
}
hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
if (hConnection == NULL) {
uprintf("Could not connect to server %s:%d: %s\n", UrlParts.lpszHostName, UrlParts.nPort, WinInetErrorString());
goto out;
}
hRequest = HttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
hRequest = pfHttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP|INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS|
INTERNET_FLAG_NO_COOKIES|INTERNET_FLAG_NO_UI|INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_HYPERLINK|
((UrlParts.nScheme==INTERNET_SCHEME_HTTPS)?INTERNET_FLAG_SECURE:0), (DWORD_PTR)NULL);
@ -297,7 +322,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
goto out;
}
if (!HttpSendRequestA(hRequest, NULL, 0, NULL, 0)) {
if (!pfHttpSendRequestA(hRequest, NULL, 0, NULL, 0)) {
uprintf("Unable to send request: %s\n", WinInetErrorString());
goto out;
}
@ -305,14 +330,14 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
// Get the file size
dwSize = sizeof(DownloadStatus);
DownloadStatus = 404;
HttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL);
pfHttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL);
if (DownloadStatus != 200) {
error_code = ERROR_INTERNET_ITEM_NOT_FOUND;
uprintf("Unable to access file: %d\n", DownloadStatus);
goto out;
}
dwSize = sizeof(dwTotalSize);
if (!HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL)) {
if (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL)) {
uprintf("Unable to retrieve file length: %s\n", WinInetErrorString());
goto out;
}
@ -330,7 +355,7 @@ DWORD DownloadFile(const char* url, const char* file, HWND hProgressDialog)
if (IS_ERROR(FormatStatus))
goto out;
if (!InternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0))
if (!pfInternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0))
break;
dwSize += dwDownloaded;
SendMessage(hProgressBar, PBM_SETPOS, (WPARAM)(MAX_PROGRESS*((1.0f*dwSize)/(1.0f*dwTotalSize))), 0);
@ -371,9 +396,12 @@ out:
lmprintf(MSG_044), MB_OK|MB_ICONERROR|MB_IS_RTL, selected_langid);
}
}
if (hRequest) InternetCloseHandle(hRequest);
if (hConnection) InternetCloseHandle(hConnection);
if (hSession) InternetCloseHandle(hSession);
if (hRequest)
pfInternetCloseHandle(hRequest);
if (hConnection)
pfInternetCloseHandle(hConnection);
if (hSession)
pfInternetCloseHandle(hSession);
return r?dwSize:0;
}
@ -425,6 +453,26 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
FILETIME FileTime;
int64_t local_time = 0, reg_time, server_time, update_interval;
// Can't link with wininet.lib because of sideloading issues
PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA));
PF_TYPE_DECL(WINAPI, BOOL, InternetGetConnectedState, (LPDWORD, DWORD));
PF_TYPE_DECL(WINAPI, HINTERNET, InternetOpenA, (LPCSTR, DWORD, LPCSTR, LPCSTR, DWORD));
PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR));
PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD));
PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET));
PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR));
PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD));
PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD));
PF_INIT_OR_OUT(InternetCrackUrlA, WinInet);
PF_INIT_OR_OUT(InternetGetConnectedState, WinInet);
PF_INIT_OR_OUT(InternetOpenA, WinInet);
PF_INIT_OR_OUT(InternetConnectA, WinInet);
PF_INIT_OR_OUT(InternetReadFile, WinInet);
PF_INIT_OR_OUT(InternetCloseHandle, WinInet);
PF_INIT_OR_OUT(HttpOpenRequestA, WinInet);
PF_INIT_OR_OUT(HttpSendRequestA, WinInet);
PF_INIT_OR_OUT(HttpQueryInfoA, WinInet);
update_check_in_progress = TRUE;
verbose = ReadSetting32(SETTING_VERBOSE_UPDATES);
// Without this the FileDialog will produce error 0x8001010E when compiled for Vista or later
@ -468,17 +516,17 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
goto out;
}
if ((!InternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) || (!InternetGetConnectedState(&dwFlags, 0)))
if ((!pfInternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) || (!pfInternetGetConnectedState(&dwFlags, 0)))
goto out;
hostname[sizeof(hostname)-1] = 0;
static_sprintf(agent, APPLICATION_NAME "/%d.%d.%d (Windows NT %d.%d%s)",
rufus_version[0], rufus_version[1], rufus_version[2],
nWindowsVersion >> 4, nWindowsVersion & 0x0F, is_x64() ? "; WOW64" : "");
hSession = InternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
hSession = pfInternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0);
if (hSession == NULL)
goto out;
hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL);
if (hConnection == NULL)
goto out;
@ -515,11 +563,11 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
UrlParts.dwUrlPathLength = sizeof(urlpath);
for (i=0; i<ARRAYSIZE(verpos); i++) {
vvuprintf("Trying %s\n", UrlParts.lpszUrlPath);
hRequest = HttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
hRequest = pfHttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types,
INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP|INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS|
INTERNET_FLAG_NO_COOKIES|INTERNET_FLAG_NO_UI|INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_HYPERLINK|
((UrlParts.nScheme == INTERNET_SCHEME_HTTPS)?INTERNET_FLAG_SECURE:0), (DWORD_PTR)NULL);
if ((hRequest == NULL) || (!HttpSendRequestA(hRequest, NULL, 0, NULL, 0))) {
if ((hRequest == NULL) || (!pfHttpSendRequestA(hRequest, NULL, 0, NULL, 0))) {
uprintf("Unable to send request: %s", WinInetErrorString());
goto out;
}
@ -527,10 +575,10 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
// Ensure that we get a text file
dwSize = sizeof(dwStatus);
dwStatus = 404;
HttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwStatus, &dwSize, NULL);
pfHttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwStatus, &dwSize, NULL);
if (dwStatus == 200)
break;
InternetCloseHandle(hRequest);
pfInternetCloseHandle(hRequest);
hRequest = NULL;
safe_strcpy(&urlpath[verpos[i]], 5, ".ver");
}
@ -546,7 +594,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
// 'text/plain' for .ver files. Use 'curl -I' to check that you get something
// like 'Content-Type: text/plain; charset=UTF-8' when fetching your .ver files.
dwSize = sizeof(mime);
HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_TYPE, (LPVOID)&mime, &dwSize, NULL);
pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_TYPE, (LPVOID)&mime, &dwSize, NULL);
if (strncmp(mime, "text/plain", sizeof("text/plain")-1) != 0)
goto out;
@ -555,7 +603,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
// On the other hand, if local clock is set way back in the past, we will never check.
dwSize = sizeof(ServerTime);
// If we can't get a date we can trust, don't bother...
if ( (!HttpQueryInfoA(hRequest, HTTP_QUERY_DATE|HTTP_QUERY_FLAG_SYSTEMTIME, (LPVOID)&ServerTime, &dwSize, NULL))
if ( (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_DATE|HTTP_QUERY_FLAG_SYSTEMTIME, (LPVOID)&ServerTime, &dwSize, NULL))
|| (!SystemTimeToFileTime(&ServerTime, &FileTime)) )
goto out;
server_time = ((((int64_t)FileTime.dwHighDateTime)<<32) + FileTime.dwLowDateTime) / 10000000;
@ -571,7 +619,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
}
dwSize = sizeof(dwTotalSize);
if (!HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL))
if (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&dwTotalSize, &dwSize, NULL))
goto out;
safe_free(buf);
@ -579,7 +627,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
buf = (char*)calloc(dwTotalSize+1, 1);
if (buf == NULL) goto out;
// This is a version file - we should be able to gulp it down in one go
if (!InternetReadFile(hRequest, buf, dwTotalSize, &dwDownloaded) || (dwDownloaded != dwTotalSize))
if (!pfInternetReadFile(hRequest, buf, dwTotalSize, &dwDownloaded) || (dwDownloaded != dwTotalSize))
goto out;
status++;
@ -600,9 +648,12 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param)
out:
safe_free(buf);
if (hRequest) InternetCloseHandle(hRequest);
if (hConnection) InternetCloseHandle(hConnection);
if (hSession) InternetCloseHandle(hSession);
if (hRequest)
pfInternetCloseHandle(hRequest);
if (hConnection)
pfInternetCloseHandle(hConnection);
if (hSession)
pfInternetCloseHandle(hSession);
switch(status) {
case 1:
PrintInfoDebug(3000, MSG_244);

2
src/pki.c
View File

@ -556,7 +556,7 @@ LONG ValidateSignature(HWND hDlg, const char* path)
// This is done to prevent the use of an officially signed, but older binary, as potential attack vector.
current_ts = GetSignatureTimeStamp(NULL);
if (current_ts == 0ULL) {
uprintf("PKI: Cannot retreive the current binary's timestamp - Aborting update");
uprintf("PKI: Cannot retrieve the current binary's timestamp - Aborting update");
r = TRUST_E_TIME_STAMP;
} else {
update_ts = GetSignatureTimeStamp(path);

36
src/rufus.c
View File

@ -2356,7 +2356,7 @@ static void PositionControls(HWND hDlg)
section_vpos[2] = rc.top + 2 * sz.cy / 3;
// Seriously, who designed this bullshit API call where you pass a SIZE
// struct but can only retreive one of cx or cy at a time?!?
// struct but can only retrieve one of cx or cy at a time?!?
SendMessage(hMultiToolbar, TB_GETIDEALSIZE, (WPARAM)FALSE, (LPARAM)&sz);
GetWindowRect(GetDlgItem(hDlg, IDC_ABOUT), &rc);
MapWindowPoints(NULL, hDlg, (POINT*)&rc, 2);
@ -3040,6 +3040,9 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
case IDC_LOG:
// Place the log Window to the right (or left for RTL) of our dialog on first display
if (first_log_display) {
// Can't link to dwmapi.lib since it sideloads dwapi.dll *before* we get a chance
// to prevent local directory lookup (Sideloading mitigation).
PF_TYPE_DECL(WINAPI, HRESULT, DwmGetWindowAttribute, (HWND, DWORD, PVOID, DWORD));
GetClientRect(GetDesktopWindow(), &DesktopRect);
GetWindowRect(hLogDialog, &DialogRect);
nWidth = DialogRect.right - DialogRect.left;
@ -3047,11 +3050,14 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA
GetWindowRect(hDlg, &DialogRect);
offset = GetSystemMetrics(SM_CXBORDER);
if (nWindowsVersion >= WINDOWS_10) {
PF_INIT(DwmGetWindowAttribute, Dwmapi);
// See https://stackoverflow.com/a/42491227/1069307
// I agree with Stephen Hazel: Whoever at Microsoft thought it would be a great idea to
// add a *FRIGGING INVISIBLE BORDER* in Windows 10 should face the harshest punishment!
DwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT));
offset += 2 * (DialogRect.left - rc.left);
if (pfDwmGetWindowAttribute != NULL) {
pfDwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT));
offset += 2 * (DialogRect.left - rc.left);
}
}
if (right_to_left_mode)
Point.x = max(DialogRect.left - offset - nWidth, 0);
@ -3723,6 +3729,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
#endif
{
const char* rufus_loc = "rufus.loc";
wchar_t kernel32_path[MAX_PATH];
int i, opt, option_index = 0, argc = 0, si = 0, lcid = GetUserDefaultUILanguage();
int wait_for_mutex = 0;
FILE* fd;
@ -3734,6 +3741,7 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
char *tmp, *locale_name = NULL, **argv = NULL;
wchar_t **wenv, **wargv;
PF_TYPE_DECL(CDECL, int, __wgetmainargs, (int*, wchar_t***, wchar_t***, int, int*));
PF_TYPE_DECL(WINAPI, BOOL, SetDefaultDllDirectories, (DWORD));
HANDLE mutex = NULL, hogmutex = NULL, hFile = NULL;
HWND hDlg = NULL;
HDC hDC;
@ -3749,8 +3757,30 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
};
// Disable loading system DLLs from the current directory (sideloading mitigation)
// PS: You know that official MSDN documentation for SetDllDirectory() that explicitly
// indicates that "If the parameter is an empty string (""), the call removes the current
// directory from the default DLL search order"? Yeah, that doesn't work. At all.
// Still, we invoke it, for platforms where the following call might not work...
SetDllDirectoryA("");
// Also, even if you use SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32), you're
// still going to be brought down if you link to wininet.lib or dwmapi.lib, as these two
// perform their DLL invocations before you've had a chance to execute anything.
// Of course, this is not something that security "researchers" will bother looking into
// to try to help fellow developers, when they can get an ego fix by simply throwing
// generic URLs around and deliberately refusing to practice *responsible disclosure*...
// Finally, we need to perform the whole gymkhana below, where we can't call on
// SetDefaultDllDirectories() directly, because Windows 7 doesn't have the API exposed.
GetSystemDirectoryW(kernel32_path, ARRAYSIZE(kernel32_path));
wcsncat(kernel32_path, L"\\kernel32.dll", ARRAYSIZE(kernel32_path) - wcslen(kernel32_path) - 1);
// NB: Because kernel32 should already be loaded, what we do above to ensure that we
// (re)pick the system one is mostly unnecessary. But since for a hammer everything is
// a nail...
pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t)
GetProcAddress(LoadLibraryW(kernel32_path), "SetDefaultDllDirectories");
if (pfSetDefaultDllDirectories != NULL)
pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);
uprintf("*** " APPLICATION_NAME " init ***\n");
// Reattach the console, if we were started from commandline

10
src/rufus.rc
View File

@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 232, 326
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 3.0.1307"
CAPTION "Rufus 3.0.1308"
FONT 9, "Segoe UI Symbol", 400, 0, 0x0
BEGIN
LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -389,8 +389,8 @@ END
//
VS_VERSION_INFO VERSIONINFO
FILEVERSION 3,0,1307,0
PRODUCTVERSION 3,0,1307,0
FILEVERSION 3,0,1308,0
PRODUCTVERSION 3,0,1308,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
@ -407,13 +407,13 @@ BEGIN
BEGIN
VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "3.0.1307"
VALUE "FileVersion", "3.0.1308"
VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "© 2011-2018 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
VALUE "OriginalFilename", "rufus.exe"
VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "3.0.1307"
VALUE "ProductVersion", "3.0.1308"
END
END
BLOCK "VarFileInfo"