From 6ac2dfb0df443a9f2db453dc01e62cf91de4bb25 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Fri, 26 Apr 2024 19:15:48 +0100 Subject: [PATCH 1/2] [misc] fix temp_dir not being properly initialized * The static_/safe_ string macros were not properly designed to handle the case where an expression such as strlen() rather than a static value was passed for the count, leading to unexpected results, such as excessive truncation of strings. Fix that. * Also fix a buffer overflow in GetDevices() due to using a wrong string length. --- res/loc/po/sv-SE.po | 6 +++--- src/dev.c | 6 +++--- src/rufus.h | 6 +++--- src/rufus.rc | 10 +++++----- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/res/loc/po/sv-SE.po b/res/loc/po/sv-SE.po index 7bb437ad..b21fd5c2 100644 --- a/res/loc/po/sv-SE.po +++ b/res/loc/po/sv-SE.po @@ -3,9 +3,9 @@ msgstr "" "Project-Id-Version: 4.5\n" "Report-Msgid-Bugs-To: pete@akeo.ie\n" "POT-Creation-Date: 2024-04-26 00:51+0200\n" -"PO-Revision-Date: 2024-04-26 01:29+0200\n" -"Last-Translator: Sopor \n" -"Language-Team: \n" +"PO-Revision-Date: 2024-04-26 14:23+0100\n" +"Last-Translator: \n" +"Language-Team: Sopor \n" "Language: sv_SE\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" diff --git a/src/dev.c b/src/dev.c index 5c571cb2..e9cf1172 100644 --- a/src/dev.c +++ b/src/dev.c @@ -593,7 +593,7 @@ BOOL GetDevices(DWORD devnum) uprintf("Could not allocate Device ID list"); goto out; } - for (s=0, i=0; s 1) { if (CM_Get_Device_ID_ListA(usbstor_name[s], &devid_list[i], list_size[s], ulFlags) != CR_SUCCESS) @@ -985,8 +985,8 @@ BOOL GetDevices(DWORD devnum) safe_free(devint_detail_data); break; } - safe_sprintf(&display_msg[strlen(display_msg)], sizeof(display_msg) - strlen(display_msg), - "%s [%s]", (right_to_left_mode)?RIGHT_TO_LEFT_MARK:"", + safe_sprintf(&display_msg[strlen(display_msg)], sizeof(display_msg) - strlen(display_msg) - 1, + "%s [%s]", (right_to_left_mode) ? RIGHT_TO_LEFT_MARK : "", SizeToHumanReadable(drive_size, FALSE, use_fake_units)); display_name = display_msg; } diff --git a/src/rufus.h b/src/rufus.h index 685fe0f9..811ae3a0 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -150,8 +150,8 @@ #define safe_free(p) do {free((void*)p); p = NULL;} while(0) #define safe_mm_free(p) do {_mm_free((void*)p); p = NULL;} while(0) #define safe_min(a, b) min((size_t)(a), (size_t)(b)) -#define safe_strcp(dst, dst_max, src, count) do {memmove(dst, src, safe_min(count, dst_max)); \ - ((char*)(dst))[safe_min(count, dst_max)-1] = 0;} while(0) +#define safe_strcp(dst, dst_max, src, count) do { size_t _count = (count); memmove(dst, src, safe_min(_count, dst_max)); \ + ((char*)(dst))[safe_min(_count, dst_max)-1] = 0; } while(0) #define safe_strcpy(dst, dst_max, src) safe_strcp(dst, dst_max, src, safe_strlen(src)+1) #define static_strcpy(dst, src) safe_strcpy(dst, sizeof(dst), src) #define safe_strcat(dst, dst_max, src) strncat_s(dst, dst_max, src, _TRUNCATE) @@ -163,7 +163,7 @@ #define safe_strnicmp(str1, str2, count) _strnicmp(((str1==NULL)?"":str1), ((str2==NULL)?"":str2), count) #define safe_closehandle(h) do {if ((h != INVALID_HANDLE_VALUE) && (h != NULL)) {CloseHandle(h); h = INVALID_HANDLE_VALUE;}} while(0) #define safe_release_dc(hDlg, hDC) do {if ((hDC != INVALID_HANDLE_VALUE) && (hDC != NULL)) {ReleaseDC(hDlg, hDC); hDC = NULL;}} while(0) -#define safe_sprintf(dst, count, ...) do {_snprintf_s(dst, count, _TRUNCATE, __VA_ARGS__); (dst)[(count)-1] = 0; } while(0) +#define safe_sprintf(dst, count, ...) do { size_t _count = (count); _snprintf_s(dst, _count, _TRUNCATE, __VA_ARGS__); (dst)[(_count)-1] = 0; } while(0) #define static_sprintf(dst, ...) safe_sprintf(dst, sizeof(dst), __VA_ARGS__) #define safe_atoi(str) ((((char*)(str))==NULL)?0:atoi(str)) #define safe_strlen(str) ((((char*)(str))==NULL)?0:strlen(str)) diff --git a/src/rufus.rc b/src/rufus.rc index 5857a035..a8c19ff3 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.5.2143" +CAPTION "Rufus 4.5.2144" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -397,8 +397,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,5,2143,0 - PRODUCTVERSION 4,5,2143,0 + FILEVERSION 4,5,2144,0 + PRODUCTVERSION 4,5,2144,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -416,13 +416,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.5.2143" + VALUE "FileVersion", "4.5.2144" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "� 2011-2024 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.5.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.5.2143" + VALUE "ProductVersion", "4.5.2144" END END BLOCK "VarFileInfo" From 4ec57dc5d7e3993c6fe1cf626167bb302a96460c Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Fri, 26 Apr 2024 21:54:43 +0100 Subject: [PATCH 2/2] [iso] fix improper size being returned by ExtractISOFile() * The call returned the size occupied in blocks rather than the actual file size, leading to issues such as Rufus not being able to identify the GRUB version used by Ubuntu 24.04. --- src/iso.c | 8 ++++---- src/rufus.rc | 10 +++++----- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/src/iso.c b/src/iso.c index a68ba07a..19683980 100644 --- a/src/iso.c +++ b/src/iso.c @@ -1482,8 +1482,8 @@ int64_t ExtractISOFile(const char* iso, const char* iso_file, const char* dest_f uprintf(" Error writing file %s: %s", dest_file, WindowsErrorString()); goto out; } - file_length -= read_size; - r += read_size; + file_length -= buf_size; + r += buf_size; } goto out; @@ -1515,8 +1515,8 @@ try_iso: uprintf(" Error writing file %s: %s", dest_file, WindowsErrorString()); goto out; } - file_length -= ISO_BLOCKSIZE; - r += ISO_BLOCKSIZE; + file_length -= buf_size; + r += buf_size; } out: diff --git a/src/rufus.rc b/src/rufus.rc index a8c19ff3..960870cf 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 4.5.2144" +CAPTION "Rufus 4.5.2145" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -397,8 +397,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 4,5,2144,0 - PRODUCTVERSION 4,5,2144,0 + FILEVERSION 4,5,2145,0 + PRODUCTVERSION 4,5,2145,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -416,13 +416,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "4.5.2144" + VALUE "FileVersion", "4.5.2145" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "� 2011-2024 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-4.5.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "4.5.2144" + VALUE "ProductVersion", "4.5.2145" END END BLOCK "VarFileInfo"