Changeset 67968 in vbox for trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
- Timestamp:
- Jul 14, 2017 1:07:01 PM (7 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp
r67550 r67968 1658 1658 } 1659 1659 1660 /** 1661 * Checks whether the given unicode string contains a path separator. 1662 * 1663 * @returns true if it contains path separator, false if only a name. 1664 * @param pPath The path to check. 1665 */ 1666 static bool supR3HardenedContainsPathSep(PUNICODE_STRING pPath) 1667 { 1668 size_t cwcLeft = pPath->Length / sizeof(WCHAR); 1669 PCRTUTF16 pwc = pPath->Buffer; 1670 while (cwcLeft-- > 0) 1671 { 1672 RTUTF16 wc = *pwc++; 1673 switch (wc) 1674 { 1675 default: 1676 break; 1677 case '\\': 1678 case '/': 1679 case ':': 1680 return true; 1681 } 1682 } 1683 return false; 1684 } 1685 1660 1686 1661 1687 /** … … 1746 1772 1747 1773 /* 1748 * Absolute path?1774 * Resolve the path, copying the result into wszPath 1749 1775 */ 1750 1776 NTSTATUS rcNtResolve = STATUS_SUCCESS; … … 1758 1784 UNICODE_STRING ResolvedName; 1759 1785 1760 if ( ( pName->Length >= 4 * sizeof(WCHAR) 1761 && RT_C_IS_ALPHA(pName->Buffer[0]) 1762 && pName->Buffer[1] == ':' 1763 && RTPATH_IS_SLASH(pName->Buffer[2]) ) 1764 || ( pName->Length >= 1 * sizeof(WCHAR) 1765 && RTPATH_IS_SLASH(pName->Buffer[1]) ) 1786 /* 1787 * Process the name a little, checking if it needs a DLL suffix and is pathless. 1788 */ 1789 PCWCHAR pawcName = pName->Buffer; 1790 uint32_t cwcName = pName->Length / sizeof(WCHAR); 1791 uint32_t offLastSlash = UINT32_MAX; 1792 uint32_t offLastDot = UINT32_MAX; 1793 for (uint32_t i = 0; i < cwcName; i++) 1794 switch (pawcName[i]) 1795 { 1796 case '\\': 1797 case '/': 1798 offLastSlash = i; 1799 offLastDot = UINT32_MAX; 1800 break; 1801 case '.': 1802 offLastDot = i; 1803 break; 1804 } 1805 bool const fNeedDllSuffix = offLastDot == UINT32_MAX; 1806 //bool const fTrailingDot = offLastDot == cwcName - 1; 1807 1808 /* 1809 * Absolute path? 1810 */ 1811 if ( ( cwcName >= 4 1812 && RT_C_IS_ALPHA(pawcName[0]) 1813 && pawcName[1] == ':' 1814 && RTPATH_IS_SLASH(pawcName[2]) ) 1815 || ( cwcName >= 1 1816 && RTPATH_IS_SLASH(pawcName[0]) ) 1766 1817 ) 1767 1818 { … … 1798 1849 else 1799 1850 { 1800 memcpy(wszPath, pName->Buffer, pName->Length); 1801 wszPath[pName->Length / sizeof(WCHAR)] = '\0'; 1851 /* Copy the path. */ 1852 memcpy(wszPath, pawcName, cwcName * sizeof(WCHAR)); 1853 if (fNeedDllSuffix) 1854 { 1855 if (cwcName + 4 >= RT_ELEMENTS(wszPath)) 1856 { 1857 supR3HardenedError(VINF_SUCCESS, false, 1858 "supR3HardenedMonitor_LdrLoadDll: Name too long (abs): %.*ls\n", cwcName, pawcName); 1859 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x\n", STATUS_NAME_TOO_LONG)); 1860 RtlRestoreLastWin32Error(dwSavedLastError); 1861 return STATUS_NAME_TOO_LONG; 1862 } 1863 memcpy(&wszPath[cwcName], L".dll", 5 * sizeof(WCHAR)); 1864 cwcName += 4; 1865 } 1866 wszPath[cwcName] = '\0'; 1802 1867 } 1803 1868 } … … 1806 1871 * or something we're known to use but should be taken from WinSxS. 1807 1872 */ 1808 else if ( supHardViUtf16PathStartsWithEx(pName->Buffer, pName->Length / sizeof(WCHAR),1809 L"api-ms-win-", 11, false /*fCheckSlash*/)1810 || supHardViUtf16PathStartsWithEx(pName->Buffer, pName->Length / sizeof(WCHAR),1811 L"ext-ms-win-", 11, false /*fCheckSlash*/)1812 )1873 else if ( ( supHardViUtf16PathStartsWithEx(pName->Buffer, pName->Length / sizeof(WCHAR), 1874 L"api-ms-win-", 11, false /*fCheckSlash*/) 1875 || supHardViUtf16PathStartsWithEx(pName->Buffer, pName->Length / sizeof(WCHAR), 1876 L"ext-ms-win-", 11, false /*fCheckSlash*/) ) 1877 && !supR3HardenedContainsPathSep(pName)) 1813 1878 { 1814 1879 memcpy(wszPath, pName->Buffer, pName->Length); … … 1824 1889 else 1825 1890 { 1826 PCWCHAR pawcName = pName->Buffer;1827 uint32_t cwcName = pName->Length / sizeof(WCHAR);1828 uint32_t offLastSlash = UINT32_MAX;1829 uint32_t offLastDot = UINT32_MAX;1830 for (uint32_t i = 0; i < cwcName; i++)1831 switch (pawcName[i])1832 {1833 case '\\':1834 case '/':1835 offLastSlash = i;1836 offLastDot = UINT32_MAX;1837 break;1838 case '.':1839 offLastDot = i;1840 break;1841 }1842 1843 bool const fNeedDllSuffix = offLastDot == UINT32_MAX && offLastSlash == UINT32_MAX;1844 1845 if (offLastDot != UINT32_MAX && offLastDot == cwcName - 1)1846 cwcName--;1847 1848 1891 /* 1849 1892 * Reject relative paths for now as they might be breakout attempts. … … 2018 2061 if (NT_SUCCESS(rcNtGetDll)) 2019 2062 { 2063 RTNtPathFree(&NtPathUniStr, &hRootDir); 2020 2064 RtlRestoreLastWin32Error(dwSavedLastError); 2021 2065 return rcNtGetDll; … … 2026 2070 wszPath, dwErr, NtPathUniStr.Length / sizeof(RTUTF16), NtPathUniStr.Buffer, 2027 2071 pOrgName->Length / sizeof(WCHAR), pOrgName->Buffer, rcNtGetDll)); 2072 2073 RTNtPathFree(&NtPathUniStr, &hRootDir); 2074 RtlRestoreLastWin32Error(dwSavedLastError); 2075 SUP_DPRINTF(("supR3HardenedMonitor_LdrLoadDll: returns rcNt=%#x '%ls'\n", rcNt, wszPath)); 2076 return rcNt; 2028 2077 } 2029 2078 RTNtPathFree(&NtPathUniStr, &hRootDir);
Note:
See TracChangeset
for help on using the changeset viewer.