From e7b66e7e4ce39484e416176b32facd991e62ce61 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 12 Apr 2022 11:09:29 +0100 Subject: [PATCH 1/3] [mingw] use delay loading for DLLs that are subject to side loading * This reverts much of commits f6ac559f4d0a9a2e5043a972442d272c2da71de3 and 19472668370aacec0dba9dda306601cfc4a4ed7e so that we call the Windows APIs directly again, while ensuring that, by the time we load the DLLs, sideloading mitigation has already been applied by the application. * This is a continuation of #1877, and should help prevent re-introducing side-loading issues when we link against new libraries, as well as allow us to drop some of the manual DLL hooking we've been doing to prevent it, to clean up the code. * Note that this is a bit more complex than what the stackoverflow post suggests, because we need to create delayloaded libs for both 32-bit and 64-bit, which use a different calling convention and therefore need to use different .def files. So there's a lot of gymkhana involved, with Makefiles and whatnot, to get us there. * Also simplify the use of CM_Get_DevNode_Registry_PropertyA() in dev.c since recent versions of MinGW now have support for it. * Also fix 2 small issues in net.c (potential overflow) and format.c (memory leak). --- .mingw/Makefile.am | 31 +++ .mingw/Makefile.in | 383 ++++++++++++++++++++++++++ .mingw/version.def | 4 + .mingw/wintrust.def | 2 + .vs/rufus.vcxproj | 32 +-- Makefile.in | 1 + configure | 110 +++++++- configure.ac | 6 +- res/loc/Makefile.in | 1 + src/Makefile.am | 11 +- src/Makefile.in | 16 +- src/bled/Makefile.in | 1 + src/dev.c | 7 +- src/dev.h | 2 - src/ext2fs/Makefile.in | 1 + src/format.c | 1 + src/iso.c | 26 +- src/libcdio/driver/Makefile.in | 1 + src/libcdio/iso9660/Makefile.in | 1 + src/libcdio/udf/Makefile.in | 1 + src/ms-sys/Makefile.in | 1 + src/net.c | 6 +- src/pki.c | 7 +- src/rufus.rc | 10 +- src/syslinux/libfat/Makefile.in | 1 + src/syslinux/libinstaller/Makefile.in | 1 + src/syslinux/win/Makefile.in | 1 + 27 files changed, 597 insertions(+), 68 deletions(-) create mode 100644 .mingw/Makefile.am create mode 100644 .mingw/Makefile.in create mode 100644 .mingw/version.def create mode 100644 .mingw/wintrust.def diff --git a/.mingw/Makefile.am b/.mingw/Makefile.am new file mode 100644 index 00000000..bbd5be80 --- /dev/null +++ b/.mingw/Makefile.am @@ -0,0 +1,31 @@ +# Create delay-loaded libraries from a DLL, that aren't vulnerable to side-loading +AM_V_DLLTOOL_0 = @echo " LIB $@";$(DLLTOOL) +AM_V_DLLTOOL_1 = $(DLLTOOL) +AM_V_DLLTOOL_ = $(AM_V_DLLTOOL_$(AM_DEFAULT_VERBOSITY)) +AM_V_DLLTOOL = $(AM_V_DLLTOOL_$(V)) + +AM_V_SED_0 = @echo " SED $<";$(SED) +AM_V_SED_1 = $(SED) +AM_V_SED_ = $(AM_V_SED_$(AM_DEFAULT_VERBOSITY)) +AM_V_SED = $(AM_V_SED_$(V)) + +# Ah the joys of Windows DLL calling conventions, that require an @## suffix in the .def +# for x86_32 and but no @## for x86_64, thereby forcing us to strip stuff according to the +# target arch. Oh, and we can't use 'target_cpu' or AC definitions on account that we are +# switching archs when building on our local machine, and don't want to have to go though +# a costly reconf each time when we can simply issue a 'make clean'. +TUPLE := $(shell $(CC) -dumpmachine) +TARGET := $(word 1,$(subst -, ,$(TUPLE))) +DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64) + +.PHONY: all +all: wintrust-delaylib.lib version-delaylib.lib + +%.def64: %.def + $(AM_V_SED) "s/@.*//" $< >$@ + +%-delaylib.lib: %$(DEF_SUFFIX) + $(AM_V_DLLTOOL) --input-def $< --output-delaylib $@ --dllname $(basename $<).dll + +clean: + $(RM) -rf *.lib diff --git a/.mingw/Makefile.in b/.mingw/Makefile.in new file mode 100644 index 00000000..88d36dc6 --- /dev/null +++ b/.mingw/Makefile.in @@ -0,0 +1,383 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +subdir = .mingw +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +depcomp = +am__depfiles_maybe = +SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_CFLAGS = @AM_CFLAGS@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AM_LDFLAGS = @AM_LDFLAGS@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +CC = @CC@ +CFLAGS = @CFLAGS@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EXEEXT = @EXEEXT@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LTLIBOBJS = @LTLIBOBJS@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +RANLIB = @RANLIB@ +RM = @RM@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SUFFIX = @SUFFIX@ +VERSION = @VERSION@ +VISIBILITY_CFLAGS = @VISIBILITY_CFLAGS@ +WINDRES = @WINDRES@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__leading_dot = @am__leading_dot@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build_alias = @build_alias@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host_alias = @host_alias@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ + +# Create delay-loaded libraries from a DLL, that aren't vulnerable to side-loading +AM_V_DLLTOOL_0 = @echo " LIB $@";$(DLLTOOL) +AM_V_DLLTOOL_1 = $(DLLTOOL) +AM_V_DLLTOOL_ = $(AM_V_DLLTOOL_$(AM_DEFAULT_VERBOSITY)) +AM_V_DLLTOOL = $(AM_V_DLLTOOL_$(V)) +AM_V_SED_0 = @echo " SED $<";$(SED) +AM_V_SED_1 = $(SED) +AM_V_SED_ = $(AM_V_SED_$(AM_DEFAULT_VERBOSITY)) +AM_V_SED = $(AM_V_SED_$(V)) + +# Ah the joys of Windows DLL calling conventions, that require an @## suffix in the .def +# for x86_32 and but no @## for x86_64, thereby forcing us to strip stuff according to the +# target arch. Oh, and we can't use 'target_cpu' or AC definitions on account that we are +# switching archs when building on our local machine, and don't want to have to go though +# a costly reconf each time when we can simply issue a 'make clean'. +TUPLE := $(shell $(CC) -dumpmachine) +TARGET := $(word 1,$(subst -, ,$(TUPLE))) +DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64) +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign --ignore-deps .mingw/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign --ignore-deps .mingw/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic dvi dvi-am html html-am \ + info info-am install install-am install-data install-data-am \ + install-dvi install-dvi-am install-exec install-exec-am \ + install-html install-html-am install-info install-info-am \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ + uninstall uninstall-am + + +.PHONY: all +all: wintrust-delaylib.lib version-delaylib.lib + +%.def64: %.def + $(AM_V_SED) "s/@.*//" $< >$@ + +%-delaylib.lib: %$(DEF_SUFFIX) + $(AM_V_DLLTOOL) --input-def $< --output-delaylib $@ --dllname $(basename $<).dll + +clean: + $(RM) -rf *.lib + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/.mingw/version.def b/.mingw/version.def new file mode 100644 index 00000000..d87e2606 --- /dev/null +++ b/.mingw/version.def @@ -0,0 +1,4 @@ +EXPORTS + GetFileVersionInfoW@16 + GetFileVersionInfoSizeW@8 + VerQueryValueA@16 diff --git a/.mingw/wintrust.def b/.mingw/wintrust.def new file mode 100644 index 00000000..f69580ce --- /dev/null +++ b/.mingw/wintrust.def @@ -0,0 +1,2 @@ +EXPORTS + WinVerifyTrustEx@12 diff --git a/.vs/rufus.vcxproj b/.vs/rufus.vcxproj index 33c66387..9bb6321d 100644 --- a/.vs/rufus.vcxproj +++ b/.vs/rufus.vcxproj @@ -133,12 +133,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX86 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -158,12 +158,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -185,12 +185,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -217,12 +217,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -244,13 +244,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX86 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -272,13 +272,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -302,13 +302,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -335,13 +335,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) diff --git a/Makefile.in b/Makefile.in index f9bdaba1..a3c4e7db 100644 --- a/Makefile.in +++ b/Makefile.in @@ -159,6 +159,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/configure b/configure index ba858bb7..158b46b6 100755 --- a/configure +++ b/configure @@ -626,6 +626,7 @@ AM_LDFLAGS AM_CFLAGS VISIBILITY_CFLAGS WINDRES +DLLTOOL RM SED RANLIB @@ -4283,6 +4284,108 @@ printf "%s\n" "no" >&6; } fi +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +printf "%s\n" "$DLLTOOL" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +printf %s "checking for $ac_word... " >&6; } +if test ${ac_cv_prog_ac_ct_DLLTOOL+y} +then : + printf %s "(cached) " >&6 +else $as_nop + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + case $as_dir in #((( + '') as_dir=./ ;; + */) ;; + *) as_dir=$as_dir/ ;; + esac + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + printf "%s\n" "$as_me:${as_lineno-$LINENO}: found $as_dir$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +printf "%s\n" "$ac_ct_DLLTOOL" >&6; } +else + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: no" >&5 +printf "%s\n" "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +printf "%s\n" "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + if test -n "$ac_tool_prefix"; then # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. set dummy ${ac_tool_prefix}strip; ac_word=$2 @@ -4371,7 +4474,7 @@ printf "%s\n" "no" >&6; } fi if test "x$ac_ct_STRIP" = x; then - STRIP="strip" + STRIP=":" else case $cross_compiling:$ac_tool_warned in yes:) @@ -4473,7 +4576,7 @@ printf "%s\n" "no" >&6; } fi if test "x$ac_ct_WINDRES" = x; then - WINDRES="windres" + WINDRES=":" else case $cross_compiling:$ac_tool_warned in yes:) @@ -4632,6 +4735,8 @@ AM_CFLAGS="$AM_CFLAGS -DUNICODE -D_UNICODE -UNDEBUG -DCOBJMACROS -D__USE_MINGW_A ac_config_files="$ac_config_files Makefile" +ac_config_files="$ac_config_files .mingw/Makefile" + ac_config_files="$ac_config_files src/Makefile" ac_config_files="$ac_config_files src/bled/Makefile" @@ -5375,6 +5480,7 @@ for ac_config_target in $ac_config_targets do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + ".mingw/Makefile") CONFIG_FILES="$CONFIG_FILES .mingw/Makefile" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/bled/Makefile") CONFIG_FILES="$CONFIG_FILES src/bled/Makefile" ;; "src/ext2fs/Makefile") CONFIG_FILES="$CONFIG_FILES src/ext2fs/Makefile" ;; diff --git a/configure.ac b/configure.ac index 32f061de..7e4b242d 100644 --- a/configure.ac +++ b/configure.ac @@ -12,8 +12,9 @@ AC_PROG_AR AC_PROG_RANLIB AC_PROG_SED AC_PATH_PROG(RM, rm, rm) -AC_CHECK_TOOL(STRIP, strip, strip) -AC_CHECK_TOOL(WINDRES, windres, windres) +AC_CHECK_TOOL(DLLTOOL, dlltool, :) +AC_CHECK_TOOL(STRIP, strip, :) +AC_CHECK_TOOL(WINDRES, windres, :) AC_C_INLINE AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions]) @@ -71,6 +72,7 @@ AC_SUBST([AM_LDFLAGS]) AC_SUBST([SUFFIX]) AC_CONFIG_FILES([Makefile]) +AC_CONFIG_FILES([.mingw/Makefile]) AC_CONFIG_FILES([src/Makefile]) AC_CONFIG_FILES([src/bled/Makefile]) AC_CONFIG_FILES([src/ext2fs/Makefile]) diff --git a/res/loc/Makefile.in b/res/loc/Makefile.in index 9a4b367a..165d942b 100644 --- a/res/loc/Makefile.in +++ b/res/loc/Makefile.in @@ -123,6 +123,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/Makefile.am b/src/Makefile.am index 61a3ed58..2fdf8829 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1,4 +1,8 @@ -SUBDIRS = bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc +SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc +# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: +NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid +# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: +VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib noinst_PROGRAMS = rufus @@ -14,7 +18,6 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c net.c parser.c pki.c process.c re.c rufus.c smart.c stdfn.c stdio.c stdlg.c syslinux.c ui.c vhd.c rufus_CFLAGS = -I$(srcdir)/ms-sys/inc -I$(srcdir)/syslinux/libfat -I$(srcdir)/syslinux/libinstaller -I$(srcdir)/syslinux/win -I$(srcdir)/libcdio $(AM_CFLAGS) \ -DEXT2_FLAT_INCLUDES=0 -DSOLUTION=rufus -rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows -# Note: Do not link with -lversion as this will results in DLL sideloading issue. See https://github.com/pbatard/rufus/pull/1838 +rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows -L ../.mingw rufus_LDADD = rufus_rc.o bled/libbled.a ext2fs/libext2fs.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \ - libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid -lpsapi + libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a $(NONVULNERABLE_LIBS) $(VULNERABLE_LIBS) diff --git a/src/Makefile.in b/src/Makefile.in index 42fe058a..cc5bc984 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -100,11 +100,13 @@ am_rufus_OBJECTS = rufus-badblocks.$(OBJEXT) rufus-checksum.$(OBJEXT) \ rufus-stdlg.$(OBJEXT) rufus-syslinux.$(OBJEXT) \ rufus-ui.$(OBJEXT) rufus-vhd.$(OBJEXT) rufus_OBJECTS = $(am_rufus_OBJECTS) +am__DEPENDENCIES_1 = rufus_DEPENDENCIES = rufus_rc.o bled/libbled.a ext2fs/libext2fs.a \ ms-sys/libmssys.a syslinux/libfat/libfat.a \ syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \ libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a \ - libcdio/driver/libdriver.a + libcdio/driver/libdriver.a $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) rufus_LINK = $(CCLD) $(rufus_CFLAGS) $(CFLAGS) $(rufus_LDFLAGS) \ $(LDFLAGS) -o $@ AM_V_P = $(am__v_P_@AM_V@) @@ -194,6 +196,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ @@ -269,7 +272,11 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -SUBDIRS = bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc +SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller syslinux/win libcdio/iso9660 libcdio/udf libcdio/driver ../res/loc +# As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: +NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid +# The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: +VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES) AM_V_WINDRES_1 = $(WINDRES) AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY)) @@ -280,10 +287,9 @@ rufus_SOURCES = badblocks.c checksum.c dev.c dos.c dos_locale.c drive.c format.c rufus_CFLAGS = -I$(srcdir)/ms-sys/inc -I$(srcdir)/syslinux/libfat -I$(srcdir)/syslinux/libinstaller -I$(srcdir)/syslinux/win -I$(srcdir)/libcdio $(AM_CFLAGS) \ -DEXT2_FLAT_INCLUDES=0 -DSOLUTION=rufus -rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows -# Note: Do not link with -lversion as this will results in DLL sideloading issue. See https://github.com/pbatard/rufus/pull/1838 +rufus_LDFLAGS = $(AM_LDFLAGS) -mwindows -L ../.mingw rufus_LDADD = rufus_rc.o bled/libbled.a ext2fs/libext2fs.a ms-sys/libmssys.a syslinux/libfat/libfat.a syslinux/libinstaller/libinstaller.a syslinux/win/libwin.a \ - libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid -lpsapi + libcdio/iso9660/libiso9660.a libcdio/udf/libudf.a libcdio/driver/libdriver.a $(NONVULNERABLE_LIBS) $(VULNERABLE_LIBS) all: all-recursive diff --git a/src/bled/Makefile.in b/src/bled/Makefile.in index 56968ded..7ca170f8 100644 --- a/src/bled/Makefile.in +++ b/src/bled/Makefile.in @@ -190,6 +190,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/dev.c b/src/dev.c index 57df1824..c416fa21 100644 --- a/src/dev.c +++ b/src/dev.c @@ -61,12 +61,9 @@ static BOOL GetUSBProperties(char* parent_path, char* device_id, usb_device_prop DEVINST device_inst; USB_NODE_CONNECTION_INFORMATION_EX conn_info; USB_NODE_CONNECTION_INFORMATION_EX_V2 conn_info_v2; - PF_INIT(CM_Get_DevNode_Registry_PropertyA, Cfgmgr32); - if ((parent_path == NULL) || (device_id == NULL) || (props == NULL) || - (pfCM_Get_DevNode_Registry_PropertyA == NULL)) { + if ((parent_path == NULL) || (device_id == NULL) || (props == NULL)) goto out; - } cr = CM_Locate_DevNodeA(&device_inst, device_id, 0); if (cr != CR_SUCCESS) { @@ -76,7 +73,7 @@ static BOOL GetUSBProperties(char* parent_path, char* device_id, usb_device_prop props->port = 0; size = sizeof(props->port); - cr = pfCM_Get_DevNode_Registry_PropertyA(device_inst, CM_DRP_ADDRESS, NULL, (PVOID)&props->port, &size, 0); + cr = CM_Get_DevNode_Registry_PropertyA(device_inst, CM_DRP_ADDRESS, NULL, (PVOID)&props->port, &size, 0); if (cr != CR_SUCCESS) { uprintf("Could not get port for '%s': CR error %d", device_id, cr); goto out; diff --git a/src/dev.h b/src/dev.h index b7c31c90..f7415295 100644 --- a/src/dev.h +++ b/src/dev.h @@ -86,8 +86,6 @@ DECLSPEC_IMPORT CONFIGRET WINAPI CM_Get_Child(PDEVINST pdnDevInst, DEVINST dnDev DECLSPEC_IMPORT CONFIGRET WINAPI CM_Get_Parent(PDEVINST pdnDevInst, DEVINST dnDevInst, ULONG ulFlags); DECLSPEC_IMPORT CONFIGRET WINAPI CM_Get_Sibling(PDEVINST pdnDevInst, DEVINST dnDevInst, ULONG ulFlags); DECLSPEC_IMPORT CONFIGRET WINAPI CM_Get_DevNode_Status(PULONG pulStatus, PULONG pulProblemNumber, DEVINST dnDevInst, ULONG ulFlags); -// This last one is unknown from MinGW32 and needs to be fetched from the DLL -PF_TYPE_DECL(WINAPI, CONFIGRET, CM_Get_DevNode_Registry_PropertyA, (DEVINST, ULONG, PULONG, PVOID, PULONG, ULONG)); #define USB_HUB_CYCLE_PORT 273 #define USB_GET_NODE_CONNECTION_INFORMATION_EX 274 diff --git a/src/ext2fs/Makefile.in b/src/ext2fs/Makefile.in index d129ecdb..fa3cd38d 100644 --- a/src/ext2fs/Makefile.in +++ b/src/ext2fs/Makefile.in @@ -196,6 +196,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/format.c b/src/format.c index c2318c1b..75908563 100644 --- a/src/format.c +++ b/src/format.c @@ -964,6 +964,7 @@ static BOOL WriteSBR(HANDLE hPhysicalDrive) if (memcmp(&patched[grub_patch[i].patch[j].src->offset], grub_patch[i].patch[j].src->data, grub_patch[i].patch[j].src->size) != 0) { uprintf("ERROR: Did not find expected source data for GRUB patch"); + free(patched); return FALSE; } memcpy(&patched[grub_patch[i].patch[j].rep->offset], grub_patch[i].patch[j].rep->data, diff --git a/src/iso.c b/src/iso.c index 80f3b0a2..14f373e8 100644 --- a/src/iso.c +++ b/src/iso.c @@ -861,12 +861,6 @@ void GetGrubVersion(char* buf, size_t buf_size) img_report.grub2_version[0] = 0; } -// Linking to version.lib would result in DLL sideloading issues, so we don't -// See https://github.com/pbatard/rufus/pull/1838 -PF_TYPE_DECL(WINAPI, DWORD, GetFileVersionInfoSizeW, (LPCWSTR, LPDWORD)); -PF_TYPE_DECL(WINAPI, BOOL, GetFileVersionInfoW, (LPCWSTR, DWORD, DWORD, LPVOID)); -PF_TYPE_DECL(WINAPI, BOOL, VerQueryValueA, (LPCVOID, LPCSTR, LPVOID, PUINT)); - BOOL ExtractISO(const char* src_iso, const char* dest_dir, BOOL scan) { size_t i, j, size, sl_index = 0; @@ -887,10 +881,6 @@ BOOL ExtractISO(const char* src_iso, const char* dest_dir, BOOL scan) if ((!enable_iso) || (src_iso == NULL) || (dest_dir == NULL)) return FALSE; - PF_INIT_OR_OUT(GetFileVersionInfoSizeW, Version); - PF_INIT_OR_OUT(GetFileVersionInfoW, Version); - PF_INIT_OR_OUT(VerQueryValueA, Version); - scan_only = scan; if (!scan_only) spacing = ""; @@ -1160,19 +1150,16 @@ out: VS_FIXEDFILEINFO* ver_info = NULL; DWORD ver_handle = 0, ver_size; UINT value_len = 0; - assert(pfGetFileVersionInfoSizeW != NULL); - assert(pfGetFileVersionInfoW != NULL); - assert(pfVerQueryValueA != NULL); // coverity[swapped_arguments] if (GetTempFileNameU(temp_dir, APPLICATION_NAME, 0, path) != 0) { - wconvert(path); - assert(wpath != NULL); + // NB: Calling the GetFileVersion/VerQueryValue APIs create DLL sideloading issues. + // So make sure you delay-load 'version.dll' in your application if you use these. size = (size_t)ExtractISOFile(src_iso, "sources/compatresources.dll", path, FILE_ATTRIBUTE_NORMAL); - ver_size = pfGetFileVersionInfoSizeW(wpath, &ver_handle); + ver_size = GetFileVersionInfoSizeU(path, &ver_handle); if (ver_size != 0) { buf = malloc(ver_size); - if ((buf != NULL) && pfGetFileVersionInfoW(wpath, ver_handle, ver_size, buf) && - pfVerQueryValueA(buf, "\\", (LPVOID)&ver_info, &value_len) && (value_len != 0)) { + if ((buf != NULL) && GetFileVersionInfoU(path, ver_handle, ver_size, buf) && + VerQueryValueA(buf, "\\", (LPVOID)&ver_info, &value_len) && (value_len != 0)) { if (ver_info->dwSignature == VS_FFI_SIGNATURE) { img_report.win_version.major = HIWORD(ver_info->dwFileVersionMS); img_report.win_version.minor = LOWORD(ver_info->dwFileVersionMS); @@ -1184,8 +1171,7 @@ out: } free(buf); } - DeleteFileW(wpath); - free(wpath); + DeleteFileU(path); } } StrArrayDestroy(&config_path); diff --git a/src/libcdio/driver/Makefile.in b/src/libcdio/driver/Makefile.in index 2ffc5537..fb2e3788 100644 --- a/src/libcdio/driver/Makefile.in +++ b/src/libcdio/driver/Makefile.in @@ -171,6 +171,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/libcdio/iso9660/Makefile.in b/src/libcdio/iso9660/Makefile.in index f68d90ab..8dfd8678 100644 --- a/src/libcdio/iso9660/Makefile.in +++ b/src/libcdio/iso9660/Makefile.in @@ -168,6 +168,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/libcdio/udf/Makefile.in b/src/libcdio/udf/Makefile.in index 81418ec7..a338c41c 100644 --- a/src/libcdio/udf/Makefile.in +++ b/src/libcdio/udf/Makefile.in @@ -168,6 +168,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/ms-sys/Makefile.in b/src/ms-sys/Makefile.in index 26bc400a..21384f6d 100644 --- a/src/ms-sys/Makefile.in +++ b/src/ms-sys/Makefile.in @@ -169,6 +169,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/net.c b/src/net.c index 508a62ea..4d3c5707 100644 --- a/src/net.c +++ b/src/net.c @@ -607,11 +607,11 @@ HANDLE DownloadSignedFileThreaded(const char* url, const char* file, HWND hProgr return CreateThread(NULL, 0, DownloadSignedFileThread, &args, 0, NULL); } -static __inline uint64_t to_uint64_t(uint16_t x[4]) { +static __inline uint64_t to_uint64_t(uint16_t x[3]) { int i; uint64_t ret = 0; - for (i=0; i<3; i++) - ret = (ret<<16) + x[i]; + for (i = 0; i < 3; i++) + ret = (ret << 16) + x[i]; return ret; } diff --git a/src/pki.c b/src/pki.c index 2764d2fa..9eb77dd7 100644 --- a/src/pki.c +++ b/src/pki.c @@ -575,8 +575,6 @@ LONG ValidateSignature(HWND hDlg, const char* path) LONG r = TRUST_E_SYSTEM_ERROR; WINTRUST_DATA trust_data = { 0 }; WINTRUST_FILE_INFO trust_file = { 0 }; - PF_TYPE_DECL(WINAPI, long, WinVerifyTrustEx, (HWND, GUID*, WINTRUST_DATA*)); - PF_INIT(WinVerifyTrustEx, WinTrust); GUID guid_generic_verify = // WINTRUST_ACTION_GENERIC_VERIFY_V2 { 0xaac56b, 0xcd44, 0x11d0,{ 0x8c, 0xc2, 0x0, 0xc0, 0x4f, 0xc2, 0x95, 0xee } }; char *signature_name; @@ -627,8 +625,9 @@ LONG ValidateSignature(HWND hDlg, const char* path) trust_data.dwUnionChoice = WTD_CHOICE_FILE; trust_data.pFile = &trust_file; - if (pfWinVerifyTrustEx != NULL) - r = pfWinVerifyTrustEx(INVALID_HANDLE_VALUE, &guid_generic_verify, &trust_data); + // NB: Calling this API will create DLL sideloading issues through 'msasn1.dll'. + // So make sure you delay-load 'wintrust.dll' in your application. + r = WinVerifyTrustEx(INVALID_HANDLE_VALUE, &guid_generic_verify, &trust_data); safe_free(trust_file.pcwszFilePath); switch (r) { case ERROR_SUCCESS: diff --git a/src/rufus.rc b/src/rufus.rc index 09e46f5e..ec75b270 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 3.19.1881" +CAPTION "Rufus 3.19.1882" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -395,8 +395,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,19,1881,0 - PRODUCTVERSION 3,19,1881,0 + FILEVERSION 3,19,1882,0 + PRODUCTVERSION 3,19,1882,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -414,13 +414,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "3.19.1881" + VALUE "FileVersion", "3.19.1882" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-3.19.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "3.19.1881" + VALUE "ProductVersion", "3.19.1882" END END BLOCK "VarFileInfo" diff --git a/src/syslinux/libfat/Makefile.in b/src/syslinux/libfat/Makefile.in index 9bf241c9..669a631b 100644 --- a/src/syslinux/libfat/Makefile.in +++ b/src/syslinux/libfat/Makefile.in @@ -168,6 +168,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/syslinux/libinstaller/Makefile.in b/src/syslinux/libinstaller/Makefile.in index 3b44850e..1293e3f9 100644 --- a/src/syslinux/libinstaller/Makefile.in +++ b/src/syslinux/libinstaller/Makefile.in @@ -168,6 +168,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ diff --git a/src/syslinux/win/Makefile.in b/src/syslinux/win/Makefile.in index 171ce64d..aff45e82 100644 --- a/src/syslinux/win/Makefile.in +++ b/src/syslinux/win/Makefile.in @@ -166,6 +166,7 @@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DEFS = @DEFS@ +DLLTOOL = @DLLTOOL@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ From 3194a4dac4c1cff66e812c0fc3375189e0b10d31 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 12 Apr 2022 13:35:41 +0100 Subject: [PATCH 2/3] [net] drop direct hooking into wininet DLL and use delay-loading instead * Now that we can delay-load DLLs for both MinGW and MSVC, we can remove the cumbersome direct DLL hooks into wininet.dll (which is vulnerable to side loading when not delay-loaded) and revert to using direct API calls instead. * This reverts part of e1d864f75553767310eea17d0369b25456607bc6. * Also attempt to silence a Coverity warning. --- .mingw/Makefile.am | 2 +- .mingw/Makefile.in | 2 +- .mingw/wininet.def | 13 +++++ .vs/rufus.vcxproj | 32 +++++------ src/Makefile.am | 2 +- src/Makefile.in | 2 +- src/iso.c | 2 +- src/net.c | 140 ++++++++++++++------------------------------- src/rufus.rc | 10 ++-- 9 files changed, 81 insertions(+), 124 deletions(-) create mode 100644 .mingw/wininet.def diff --git a/.mingw/Makefile.am b/.mingw/Makefile.am index bbd5be80..df9e4df2 100644 --- a/.mingw/Makefile.am +++ b/.mingw/Makefile.am @@ -19,7 +19,7 @@ TARGET := $(word 1,$(subst -, ,$(TUPLE))) DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64) .PHONY: all -all: wintrust-delaylib.lib version-delaylib.lib +all: wintrust-delaylib.lib version-delaylib.lib wininet-delaylib.lib %.def64: %.def $(AM_V_SED) "s/@.*//" $< >$@ diff --git a/.mingw/Makefile.in b/.mingw/Makefile.in index 88d36dc6..95c80a6e 100644 --- a/.mingw/Makefile.in +++ b/.mingw/Makefile.in @@ -367,7 +367,7 @@ uninstall-am: .PHONY: all -all: wintrust-delaylib.lib version-delaylib.lib +all: wintrust-delaylib.lib version-delaylib.lib wininet-delaylib.lib %.def64: %.def $(AM_V_SED) "s/@.*//" $< >$@ diff --git a/.mingw/wininet.def b/.mingw/wininet.def new file mode 100644 index 00000000..d1028e77 --- /dev/null +++ b/.mingw/wininet.def @@ -0,0 +1,13 @@ +EXPORTS + HttpQueryInfoA@20 + HttpOpenRequestA@32 + HttpSendRequestA@20 + InternetCloseHandle@4 + InternetConnectA@32 + InternetCrackUrlA@16 + InternetGetConnectedState@8 + InternetGetLastResponseInfoA@12 + InternetOpenA@20 + InternetReadFile@16 + InternetSetOptionA@16 + diff --git a/.vs/rufus.vcxproj b/.vs/rufus.vcxproj index 9bb6321d..049e9430 100644 --- a/.vs/rufus.vcxproj +++ b/.vs/rufus.vcxproj @@ -133,12 +133,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX86 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -158,12 +158,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -185,12 +185,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -217,12 +217,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -244,13 +244,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX86 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -272,13 +272,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -302,13 +302,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -335,13 +335,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) diff --git a/src/Makefile.am b/src/Makefile.am index 2fdf8829..136ee104 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller sys # As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid # The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: -VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib +VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib -lwininet-delaylib noinst_PROGRAMS = rufus diff --git a/src/Makefile.in b/src/Makefile.in index cc5bc984..b6d27fc8 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -276,7 +276,7 @@ SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller sys # As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid # The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: -VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib +VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib -lwininet-delaylib AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES) AM_V_WINDRES_1 = $(WINDRES) AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY)) diff --git a/src/iso.c b/src/iso.c index 14f373e8..0b7424c7 100644 --- a/src/iso.c +++ b/src/iso.c @@ -1580,7 +1580,7 @@ BOOL DumpFatDir(const char* path, int32_t cluster) } do { - // coverity[-taint_source] + // coverity[tainted_data_return] dirpos.cluster = libfat_dumpdir(lf_fs, &dirpos, &diritem); if (dirpos.cluster >= 0) { name = wchar_to_utf8(diritem.name); diff --git a/src/net.c b/src/net.c index 4d3c5707..2453dd46 100644 --- a/src/net.c +++ b/src/net.c @@ -1,7 +1,7 @@ /* * Rufus: The Reliable USB Formatting Utility * Networking functionality (web file download, check for update, etc.) - * Copyright © 2012-2021 Pete Batard + * Copyright © 2012-2022 Pete Batard * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -69,8 +69,6 @@ const char* WinInetErrorString(void) { static char error_string[256]; DWORD size = sizeof(error_string); - PF_TYPE_DECL(WINAPI, BOOL, InternetGetLastResponseInfoA, (LPDWORD, LPSTR, LPDWORD)); - PF_INIT(InternetGetLastResponseInfoA, WinInet); error_code = HRESULT_CODE(GetLastError()); @@ -221,10 +219,8 @@ const char* WinInetErrorString(void) case ERROR_INTERNET_LOGIN_FAILURE_DISPLAY_ENTITY_BODY: return "Please ask Microsoft about that one!"; case ERROR_INTERNET_EXTENDED_ERROR: - if (pfInternetGetLastResponseInfoA != NULL) { - pfInternetGetLastResponseInfoA(&error_code, error_string, &size); - return error_string; - } + InternetGetLastResponseInfoA(&error_code, error_string, &size); + return error_string; // fall through default: static_sprintf(error_string, "Unknown internet error 0x%08lX", error_code); @@ -277,13 +273,6 @@ static HINTERNET GetInternetSession(BOOL bRetry) HRESULT hr = S_FALSE; INetworkListManager* pNetworkListManager; - PF_TYPE_DECL(WINAPI, HINTERNET, InternetOpenA, (LPCSTR, DWORD, LPCSTR, LPCSTR, DWORD)); - PF_TYPE_DECL(WINAPI, BOOL, InternetSetOptionA, (HINTERNET, DWORD, LPVOID, DWORD)); - PF_TYPE_DECL(WINAPI, BOOL, InternetGetConnectedState, (LPDWORD, DWORD)); - PF_INIT_OR_OUT(InternetOpenA, WinInet); - PF_INIT_OR_OUT(InternetSetOptionA, WinInet); - PF_INIT(InternetGetConnectedState, WinInet); - // Create a NetworkListManager Instance to check the network connection IGNORE_RETVAL(CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE)); hr = CoCreateInstance(&CLSID_NetworkListManager, NULL, CLSCTX_ALL, @@ -294,8 +283,8 @@ static HINTERNET GetInternetSession(BOOL bRetry) // INetworkListManager may fail with ERROR_SERVICE_DEPENDENCY_FAIL if the DHCP service // is not running, in which case we must fall back to using InternetGetConnectedState(). // See https://github.com/pbatard/rufus/issues/1801. - if ((hr == HRESULT_FROM_WIN32(ERROR_SERVICE_DEPENDENCY_FAIL)) && (pfInternetGetConnectedState != NULL)) { - InternetConnection = pfInternetGetConnectedState(&dwFlags, 0) ? VARIANT_TRUE : VARIANT_FALSE; + if (hr == HRESULT_FROM_WIN32(ERROR_SERVICE_DEPENDENCY_FAIL)) { + InternetConnection = InternetGetConnectedState(&dwFlags, 0) ? VARIANT_TRUE : VARIANT_FALSE; break; } if (hr == S_OK || !bRetry) @@ -310,15 +299,15 @@ static HINTERNET GetInternetSession(BOOL bRetry) static_sprintf(agent, APPLICATION_NAME "/%d.%d.%d (Windows NT %d.%d%s)", rufus_version[0], rufus_version[1], rufus_version[2], nWindowsVersion >> 4, nWindowsVersion & 0x0F, is_x64() ? "; WOW64" : ""); - hSession = pfInternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0); + hSession = InternetOpenA(agent, INTERNET_OPEN_TYPE_PRECONFIG, NULL, NULL, 0); // Set the timeouts - pfInternetSetOptionA(hSession, INTERNET_OPTION_CONNECT_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); - pfInternetSetOptionA(hSession, INTERNET_OPTION_SEND_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); - pfInternetSetOptionA(hSession, INTERNET_OPTION_RECEIVE_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); + InternetSetOptionA(hSession, INTERNET_OPTION_CONNECT_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); + InternetSetOptionA(hSession, INTERNET_OPTION_SEND_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); + InternetSetOptionA(hSession, INTERNET_OPTION_RECEIVE_TIMEOUT, (LPVOID)&dwTimeout, sizeof(dwTimeout)); // Enable gzip and deflate decoding schemes - pfInternetSetOptionA(hSession, INTERNET_OPTION_HTTP_DECODING, (LPVOID)&decodingSupport, sizeof(decodingSupport)); + InternetSetOptionA(hSession, INTERNET_OPTION_HTTP_DECODING, (LPVOID)&decodingSupport, sizeof(decodingSupport)); // Enable HTTP/2 protocol support - pfInternetSetOptionA(hSession, INTERNET_OPTION_ENABLE_HTTP_PROTOCOL, (LPVOID)&dwProtocolSupport, sizeof(dwProtocolSupport)); + InternetSetOptionA(hSession, INTERNET_OPTION_ENABLE_HTTP_PROTOCOL, (LPVOID)&dwProtocolSupport, sizeof(dwProtocolSupport)); out: return hSession; @@ -348,22 +337,6 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer hostname, sizeof(hostname), 0, NULL, 1, urlpath, sizeof(urlpath), NULL, 1}; uint64_t size = 0, total_size = 0; - // Can't link with wininet.lib because of sideloading issues - PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA)); - PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR)); - PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD)); - PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET)); - PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR)); - PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD)); - PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD)); - PF_INIT_OR_OUT(InternetCrackUrlA, WinInet); - PF_INIT_OR_OUT(InternetConnectA, WinInet); - PF_INIT_OR_OUT(InternetReadFile, WinInet); - PF_INIT_OR_OUT(InternetCloseHandle, WinInet); - PF_INIT_OR_OUT(HttpOpenRequestA, WinInet); - PF_INIT_OR_OUT(HttpSendRequestA, WinInet); - PF_INIT_OR_OUT(HttpQueryInfoA, WinInet); - FormatStatus = 0; DownloadStatus = 404; if (hProgressDialog != NULL) @@ -380,7 +353,7 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer uprintf("Downloading %s", url); } - if ( (!pfInternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts)) + if ( (!InternetCrackUrlA(url, (DWORD)safe_strlen(url), 0, &UrlParts)) || (UrlParts.lpszHostName == NULL) || (UrlParts.lpszUrlPath == NULL)) { uprintf("Unable to decode URL: %s", WinInetErrorString()); goto out; @@ -393,13 +366,13 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer goto out; } - hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL); + hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL); if (hConnection == NULL) { uprintf("Could not connect to server %s:%d: %s", UrlParts.lpszHostName, UrlParts.nPort, WinInetErrorString()); goto out; } - hRequest = pfHttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types, + hRequest = HttpOpenRequestA(hConnection, "GET", UrlParts.lpszUrlPath, NULL, NULL, accept_types, INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP|INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS| INTERNET_FLAG_NO_COOKIES|INTERNET_FLAG_NO_UI|INTERNET_FLAG_NO_CACHE_WRITE|INTERNET_FLAG_HYPERLINK| ((UrlParts.nScheme==INTERNET_SCHEME_HTTPS)?INTERNET_FLAG_SECURE:0), (DWORD_PTR)NULL); @@ -408,14 +381,14 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer goto out; } - if (!pfHttpSendRequestA(hRequest, request_headers, -1L, NULL, 0)) { + if (!HttpSendRequestA(hRequest, request_headers, -1L, NULL, 0)) { uprintf("Unable to send request: %s", WinInetErrorString()); goto out; } // Get the file size dwSize = sizeof(DownloadStatus); - pfHttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL); + HttpQueryInfoA(hRequest, HTTP_QUERY_STATUS_CODE|HTTP_QUERY_FLAG_NUMBER, (LPVOID)&DownloadStatus, &dwSize, NULL); if (DownloadStatus != 200) { error_code = ERROR_INTERNET_ITEM_NOT_FOUND; SetLastError(ERROR_SEVERITY_ERROR | FAC(FACILITY_HTTP) | error_code); @@ -423,7 +396,7 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer goto out; } dwSize = sizeof(strsize); - if (!pfHttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH, (LPVOID)strsize, &dwSize, NULL)) { + if (!HttpQueryInfoA(hRequest, HTTP_QUERY_CONTENT_LENGTH, (LPVOID)strsize, &dwSize, NULL)) { uprintf("Unable to retrieve file length: %s", WinInetErrorString()); goto out; } @@ -462,7 +435,7 @@ uint64_t DownloadToFileOrBuffer(const char* url, const char* file, BYTE** buffer // User may have cancelled the download if (IS_ERROR(FormatStatus)) goto out; - if (!pfInternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0)) + if (!InternetReadFile(hRequest, buf, sizeof(buf), &dwDownloaded) || (dwDownloaded == 0)) break; if (hProgressDialog != NULL) UpdateProgressWithInfo(OP_NOOP, MSG_241, size, total_size); @@ -507,11 +480,11 @@ out: safe_free(*buffer); } if (hRequest) - pfInternetCloseHandle(hRequest); + InternetCloseHandle(hRequest); if (hConnection) - pfInternetCloseHandle(hConnection); + InternetCloseHandle(hConnection); if (hSession) - pfInternetCloseHandle(hSession); + InternetCloseHandle(hSession); SetLastError(error_code); return r ? size : 0; @@ -639,22 +612,6 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param) FILETIME FileTime; int64_t local_time = 0, reg_time, server_time, update_interval; - // Can't link with wininet.lib because of sideloading issues - PF_TYPE_DECL(WINAPI, BOOL, InternetCrackUrlA, (LPCSTR, DWORD, DWORD, LPURL_COMPONENTSA)); - PF_TYPE_DECL(WINAPI, HINTERNET, InternetConnectA, (HINTERNET, LPCSTR, INTERNET_PORT, LPCSTR, LPCSTR, DWORD, DWORD, DWORD_PTR)); - PF_TYPE_DECL(WINAPI, BOOL, InternetReadFile, (HINTERNET, LPVOID, DWORD, LPDWORD)); - PF_TYPE_DECL(WINAPI, BOOL, InternetCloseHandle, (HINTERNET)); - PF_TYPE_DECL(WINAPI, HINTERNET, HttpOpenRequestA, (HINTERNET, LPCSTR, LPCSTR, LPCSTR, LPCSTR, LPCSTR*, DWORD, DWORD_PTR)); - PF_TYPE_DECL(WINAPI, BOOL, HttpSendRequestA, (HINTERNET, LPCSTR, DWORD, LPVOID, DWORD)); - PF_TYPE_DECL(WINAPI, BOOL, HttpQueryInfoA, (HINTERNET, DWORD, LPVOID, LPDWORD, LPDWORD)); - PF_INIT_OR_OUT(InternetCrackUrlA, WinInet); - PF_INIT_OR_OUT(InternetConnectA, WinInet); - PF_INIT_OR_OUT(InternetReadFile, WinInet); - PF_INIT_OR_OUT(InternetCloseHandle, WinInet); - PF_INIT_OR_OUT(HttpOpenRequestA, WinInet); - PF_INIT_OR_OUT(HttpSendRequestA, WinInet); - PF_INIT_OR_OUT(HttpQueryInfoA, WinInet); - verbose = ReadSetting32(SETTING_VERBOSE_UPDATES); // Without this the FileDialog will produce error 0x8001010E when compiled for Vista or later IGNORE_RETVAL(CoInitializeEx(NULL, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE)); @@ -697,7 +654,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param) goto out; } - if (!pfInternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) + if (!InternetCrackUrlA(server_url, (DWORD)safe_strlen(server_url), 0, &UrlParts)) goto out; hostname[sizeof(hostname)-1] = 0; @@ -707,7 +664,7 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param) hSession = GetInternetSession(FALSE); if (hSession == NULL) goto out; - hConnection = pfInternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL); + hConnection = InternetConnectA(hSession, UrlParts.lpszHostName, UrlParts.nPort, NULL, NULL, INTERNET_SERVICE_HTTP, 0, (DWORD_PTR)NULL); if (hConnection == NULL) goto out; @@ -747,11 +704,11 @@ static DWORD WINAPI CheckForUpdatesThread(LPVOID param) UrlParts.dwUrlPathLength = sizeof(urlpath); for (i=0; i 0); } diff --git a/src/rufus.rc b/src/rufus.rc index ec75b270..edfccd09 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 3.19.1882" +CAPTION "Rufus 3.19.1883" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -395,8 +395,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,19,1882,0 - PRODUCTVERSION 3,19,1882,0 + FILEVERSION 3,19,1883,0 + PRODUCTVERSION 3,19,1883,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -414,13 +414,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "3.19.1882" + VALUE "FileVersion", "3.19.1883" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-3.19.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "3.19.1882" + VALUE "ProductVersion", "3.19.1883" END END BLOCK "VarFileInfo" From d029551929243e9c308885120727ceaa4250b7dd Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 12 Apr 2022 13:55:33 +0100 Subject: [PATCH 3/3] [core] drop direct hooking into dwmapi DLL and use delay-loading instead * Now that we can delay-load DLLs for both MinGW and MSVC, we can also remove the direct DLL hook that was added into dwmapi.dll due to side loading and revert to using a direct API call instead. * This reverts part of e1d864f75553767310eea17d0369b25456607bc6. * Also attempt to silence that damn Coverity warning. --- .mingw/Makefile.am | 2 +- .mingw/Makefile.in | 2 +- .mingw/dwmapi.def | 2 ++ .vs/rufus.vcxproj | 32 ++++++++++++++++---------------- src/Makefile.am | 2 +- src/Makefile.in | 2 +- src/iso.c | 2 +- src/rufus.c | 12 ++++-------- src/rufus.rc | 10 +++++----- 9 files changed, 32 insertions(+), 34 deletions(-) create mode 100644 .mingw/dwmapi.def diff --git a/.mingw/Makefile.am b/.mingw/Makefile.am index df9e4df2..c567e0a7 100644 --- a/.mingw/Makefile.am +++ b/.mingw/Makefile.am @@ -19,7 +19,7 @@ TARGET := $(word 1,$(subst -, ,$(TUPLE))) DEF_SUFFIX := $(if $(TARGET:x86_64=),.def,.def64) .PHONY: all -all: wintrust-delaylib.lib version-delaylib.lib wininet-delaylib.lib +all: dwmapi-delaylib.lib version-delaylib.lib wininet-delaylib.lib wintrust-delaylib.lib %.def64: %.def $(AM_V_SED) "s/@.*//" $< >$@ diff --git a/.mingw/Makefile.in b/.mingw/Makefile.in index 95c80a6e..f4a0cad0 100644 --- a/.mingw/Makefile.in +++ b/.mingw/Makefile.in @@ -367,7 +367,7 @@ uninstall-am: .PHONY: all -all: wintrust-delaylib.lib version-delaylib.lib wininet-delaylib.lib +all: dwmapi-delaylib.lib version-delaylib.lib wininet-delaylib.lib wintrust-delaylib.lib %.def64: %.def $(AM_V_SED) "s/@.*//" $< >$@ diff --git a/.mingw/dwmapi.def b/.mingw/dwmapi.def new file mode 100644 index 00000000..240e17c7 --- /dev/null +++ b/.mingw/dwmapi.def @@ -0,0 +1,2 @@ +EXPORTS + DwmGetWindowAttribute@16 diff --git a/.vs/rufus.vcxproj b/.vs/rufus.vcxproj index 049e9430..0dc4fd1b 100644 --- a/.vs/rufus.vcxproj +++ b/.vs/rufus.vcxproj @@ -133,12 +133,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX86 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -158,12 +158,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -185,12 +185,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator true Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -217,12 +217,12 @@ /utf-8 $(ExternalCompilerOptions) %(AdditionalOptions) - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator true Windows MachineX64 - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -244,13 +244,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX86 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -272,13 +272,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.15063.0\um\arm /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -302,13 +302,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;ole32.lib;advapi32.lib;gdi32.lib;shell32.lib;comdlg32.lib;%(AdditionalDependencies) RequireAdministrator false Windows C:\Program Files (x86)\Windows Kits\10\Lib\10.0.16299.0\um\arm64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;ole32.dll;advapi32.dll;gdi32.dll;shell32.dll;comdlg32.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) @@ -335,13 +335,13 @@ true - advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) + advapi32.lib;comctl32.lib;comdlg32.lib;crypt32.lib;gdi32.lib;ole32.lib;dwmapi.lib;setupapi.lib;shell32.lib;shlwapi.lib;wintrust.lib;version.lib;wininet.lib;%(AdditionalDependencies) RequireAdministrator false Windows MachineX64 /BREPRO %(AdditionalOptions) - advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) + advapi32.dll;comctl32.dll;comdlg32.dll;crypt32.dll;gdi32.dll;ole32.dll;dwmapi.dll;setupapi.dll;shell32.dll;shlwapi.dll;wintrust.dll;version.dll;wininet.dll;%(DelayLoadDLLs) _UNICODE;UNICODE;RUFUS_LOC;%(PreprocessorDefinitions) diff --git a/src/Makefile.am b/src/Makefile.am index 136ee104..c29e0455 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller sys # As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid # The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: -VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib -lwininet-delaylib +VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwininet-delaylib -lwintrust-delaylib noinst_PROGRAMS = rufus diff --git a/src/Makefile.in b/src/Makefile.in index b6d27fc8..f1a2f2e2 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -276,7 +276,7 @@ SUBDIRS = ../.mingw bled ext2fs ms-sys syslinux/libfat syslinux/libinstaller sys # As far as I can tell, the following libraries are *not* vulnerable to side-loading, so we link using their regular version: NONVULNERABLE_LIBS = -lsetupapi -lole32 -lgdi32 -lshlwapi -lcrypt32 -lcomdlg32 -lcomctl32 -luuid # The following libraries are vulnerable (or have an unknown vulnerability status), so we link using our delay-loaded replacement: -VULNERABLE_LIBS = -lwintrust-delaylib -lversion-delaylib -lwininet-delaylib +VULNERABLE_LIBS = -ldwmapi-delaylib -lversion-delaylib -lwininet-delaylib -lwintrust-delaylib AM_V_WINDRES_0 = @echo " RC $@";$(WINDRES) AM_V_WINDRES_1 = $(WINDRES) AM_V_WINDRES_ = $(AM_V_WINDRES_$(AM_DEFAULT_VERBOSITY)) diff --git a/src/iso.c b/src/iso.c index 0b7424c7..e3ed2861 100644 --- a/src/iso.c +++ b/src/iso.c @@ -1580,7 +1580,6 @@ BOOL DumpFatDir(const char* path, int32_t cluster) } do { - // coverity[tainted_data_return] dirpos.cluster = libfat_dumpdir(lf_fs, &dirpos, &diritem); if (dirpos.cluster >= 0) { name = wchar_to_utf8(diritem.name); @@ -1640,6 +1639,7 @@ BOOL DumpFatDir(const char* path, int32_t cluster) safe_free(target); safe_free(name); } + // coverity[tainted_data] } while (dirpos.cluster >= 0); ret = TRUE; diff --git a/src/rufus.c b/src/rufus.c index a03266b0..b0b4e6c3 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -2332,9 +2332,6 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA case IDC_LOG: // Place the log Window to the right (or left for RTL) of our dialog on first display if (first_log_display) { - // Can't link to dwmapi.lib since it sideloads dwapi.dll *before* we get a chance - // to prevent local directory lookup (Sideloading mitigation). - PF_TYPE_DECL(WINAPI, HRESULT, DwmGetWindowAttribute, (HWND, DWORD, PVOID, DWORD)); GetClientRect(GetDesktopWindow(), &DesktopRect); GetWindowRect(hLogDialog, &DialogRect); nWidth = DialogRect.right - DialogRect.left; @@ -2342,14 +2339,13 @@ static INT_PTR CALLBACK MainCallback(HWND hDlg, UINT message, WPARAM wParam, LPA GetWindowRect(hDlg, &DialogRect); offset = GetSystemMetrics(SM_CXBORDER); if (nWindowsVersion >= WINDOWS_10) { - PF_INIT(DwmGetWindowAttribute, Dwmapi); // See https://stackoverflow.com/a/42491227/1069307 // I agree with Stephen Hazel: Whoever at Microsoft thought it would be a great idea to // add a *FRIGGING INVISIBLE BORDER* in Windows 10 should face the harshest punishment! - if (pfDwmGetWindowAttribute != NULL) { - pfDwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT)); - offset += 2 * (DialogRect.left - rc.left); - } + // Also calling this API will create DLL sideloading issues through 'dwmapi.dll' so make + // sure you delay-load it in your application. + DwmGetWindowAttribute(hDlg, DWMWA_EXTENDED_FRAME_BOUNDS, &rc, sizeof(RECT)); + offset += 2 * (DialogRect.left - rc.left); } if (right_to_left_mode) Point.x = max(DialogRect.left - offset - nWidth, 0); diff --git a/src/rufus.rc b/src/rufus.rc index edfccd09..4abe328f 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 3.19.1883" +CAPTION "Rufus 3.19.1884" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -395,8 +395,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,19,1883,0 - PRODUCTVERSION 3,19,1883,0 + FILEVERSION 3,19,1884,0 + PRODUCTVERSION 3,19,1884,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -414,13 +414,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "3.19.1883" + VALUE "FileVersion", "3.19.1884" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2022 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-3.19.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "3.19.1883" + VALUE "ProductVersion", "3.19.1884" END END BLOCK "VarFileInfo"