diff options
Diffstat (limited to 'src/burn/engine/approvedexe.cpp')
| -rw-r--r-- | src/burn/engine/approvedexe.cpp | 105 |
1 files changed, 104 insertions, 1 deletions
diff --git a/src/burn/engine/approvedexe.cpp b/src/burn/engine/approvedexe.cpp index 28b26d6d..383ee7fa 100644 --- a/src/burn/engine/approvedexe.cpp +++ b/src/burn/engine/approvedexe.cpp | |||
| @@ -3,6 +3,13 @@ | |||
| 3 | #include "precomp.h" | 3 | #include "precomp.h" |
| 4 | 4 | ||
| 5 | 5 | ||
| 6 | // internal function declarations | ||
| 7 | |||
| 8 | static HRESULT IsRunDll32( | ||
| 9 | __in BURN_VARIABLES* pVariables, | ||
| 10 | __in LPCWSTR wzExecutablePath | ||
| 11 | ); | ||
| 12 | |||
| 6 | // function definitions | 13 | // function definitions |
| 7 | 14 | ||
| 8 | extern "C" HRESULT ApprovedExesParseFromXml( | 15 | extern "C" HRESULT ApprovedExesParseFromXml( |
| @@ -221,12 +228,15 @@ LExit: | |||
| 221 | extern "C" HRESULT ApprovedExesVerifySecureLocation( | 228 | extern "C" HRESULT ApprovedExesVerifySecureLocation( |
| 222 | __in BURN_CACHE* pCache, | 229 | __in BURN_CACHE* pCache, |
| 223 | __in BURN_VARIABLES* pVariables, | 230 | __in BURN_VARIABLES* pVariables, |
| 224 | __in LPCWSTR wzExecutablePath | 231 | __in LPCWSTR wzExecutablePath, |
| 232 | __in int argc, | ||
| 233 | __in LPCWSTR* argv | ||
| 225 | ) | 234 | ) |
| 226 | { | 235 | { |
| 227 | HRESULT hr = S_OK; | 236 | HRESULT hr = S_OK; |
| 228 | LPWSTR scz = NULL; | 237 | LPWSTR scz = NULL; |
| 229 | LPWSTR sczSecondary = NULL; | 238 | LPWSTR sczSecondary = NULL; |
| 239 | LPWSTR sczRunDll32Param = NULL; | ||
| 230 | 240 | ||
| 231 | const LPCWSTR vrgSecureFolderVariables[] = { | 241 | const LPCWSTR vrgSecureFolderVariables[] = { |
| 232 | L"ProgramFiles64Folder", | 242 | L"ProgramFiles64Folder", |
| @@ -273,11 +283,104 @@ extern "C" HRESULT ApprovedExesVerifySecureLocation( | |||
| 273 | ExitFunction(); | 283 | ExitFunction(); |
| 274 | } | 284 | } |
| 275 | 285 | ||
| 286 | // Test if executable is rundll32.exe, and it's target is in a secure location | ||
| 287 | // Example for CUDA UninstallString: "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage CUDAToolkit_12.8 | ||
| 288 | if (argc && argv && argv[0] && *argv[0]) | ||
| 289 | { | ||
| 290 | hr = IsRunDll32(pVariables, wzExecutablePath); | ||
| 291 | ExitOnFailure(hr, "Failed to test whether executable is rundll32"); | ||
| 292 | |||
| 293 | if (hr == S_OK) | ||
| 294 | { | ||
| 295 | LPCWSTR szComma = wcschr(argv[0], L','); | ||
| 296 | if (szComma && *szComma) | ||
| 297 | { | ||
| 298 | hr = StrAllocString(&sczRunDll32Param, argv[0], szComma - argv[0]); | ||
| 299 | ExitOnFailure(hr, "Failed to allocate string"); | ||
| 300 | } | ||
| 301 | else | ||
| 302 | { | ||
| 303 | hr = StrAllocString(&sczRunDll32Param, argv[0], 0); | ||
| 304 | ExitOnFailure(hr, "Failed to allocate string"); | ||
| 305 | } | ||
| 306 | |||
| 307 | hr = ApprovedExesVerifySecureLocation(pCache, pVariables, sczRunDll32Param, 0, NULL); | ||
| 308 | ExitOnFailure(hr, "Failed to test whether rundll32's parameter, '%ls', is in a secure location", sczRunDll32Param); | ||
| 309 | if (hr == S_OK) | ||
| 310 | { | ||
| 311 | ExitFunction(); | ||
| 312 | } | ||
| 313 | } | ||
| 314 | } | ||
| 315 | |||
| 276 | hr = S_FALSE; | 316 | hr = S_FALSE; |
| 277 | 317 | ||
| 278 | LExit: | 318 | LExit: |
| 279 | ReleaseStr(scz); | 319 | ReleaseStr(scz); |
| 280 | ReleaseStr(sczSecondary); | 320 | ReleaseStr(sczSecondary); |
| 321 | ReleaseStr(sczRunDll32Param); | ||
| 322 | |||
| 323 | return hr; | ||
| 324 | } | ||
| 325 | |||
| 326 | static HRESULT IsRunDll32( | ||
| 327 | __in BURN_VARIABLES* pVariables, | ||
| 328 | __in LPCWSTR wzExecutablePath | ||
| 329 | ) | ||
| 330 | { | ||
| 331 | HRESULT hr = S_OK; | ||
| 332 | LPWSTR sczFolder = NULL; | ||
| 333 | LPWSTR sczFullPath = NULL; | ||
| 334 | BOOL fEqual = FALSE; | ||
| 335 | |||
| 336 | hr = VariableGetString(pVariables, L"SystemFolder", &sczFolder); | ||
| 337 | ExitOnFailure(hr, "Failed to get the variable: SystemFolder"); | ||
| 338 | |||
| 339 | hr = PathConcat(sczFolder, L"rundll32.exe", &sczFullPath); | ||
| 340 | ExitOnFailure(hr, "Failed to combine paths"); | ||
| 341 | |||
| 342 | hr = PathCompareCanonicalized(wzExecutablePath, sczFullPath, &fEqual); | ||
| 343 | ExitOnFailure(hr, "Failed to compare paths"); | ||
| 344 | if (fEqual) | ||
| 345 | { | ||
| 346 | hr = S_OK; | ||
| 347 | ExitFunction(); | ||
| 348 | } | ||
| 349 | |||
| 350 | hr = VariableGetString(pVariables, L"System64Folder", &sczFolder); | ||
| 351 | ExitOnFailure(hr, "Failed to get the variable: System64Folder"); | ||
| 352 | |||
| 353 | hr = PathConcat(sczFolder, L"rundll32.exe", &sczFullPath); | ||
| 354 | ExitOnFailure(hr, "Failed to combine paths"); | ||
| 355 | |||
| 356 | hr = PathCompareCanonicalized(wzExecutablePath, sczFullPath, &fEqual); | ||
| 357 | ExitOnFailure(hr, "Failed to compare paths"); | ||
| 358 | if (fEqual) | ||
| 359 | { | ||
| 360 | hr = S_OK; | ||
| 361 | ExitFunction(); | ||
| 362 | } | ||
| 363 | |||
| 364 | // Sysnative | ||
| 365 | hr = PathSystemWindowsSubdirectory(L"SysNative\\", &sczFolder); | ||
| 366 | ExitOnFailure(hr, "Failed to append SysNative directory."); | ||
| 367 | |||
| 368 | hr = PathConcat(sczFolder, L"rundll32.exe", &sczFullPath); | ||
| 369 | ExitOnFailure(hr, "Failed to combine paths"); | ||
| 370 | |||
| 371 | hr = PathCompareCanonicalized(wzExecutablePath, sczFullPath, &fEqual); | ||
| 372 | ExitOnFailure(hr, "Failed to compare paths"); | ||
| 373 | if (fEqual) | ||
| 374 | { | ||
| 375 | hr = S_OK; | ||
| 376 | ExitFunction(); | ||
| 377 | } | ||
| 378 | |||
| 379 | hr = S_FALSE; | ||
| 380 | |||
| 381 | LExit: | ||
| 382 | ReleaseStr(sczFolder); | ||
| 383 | ReleaseStr(sczFullPath); | ||
| 281 | 384 | ||
| 282 | return hr; | 385 | return hr; |
| 283 | } | 386 | } |