Skip to content

Commit

Permalink
[pki] improve error handling
Browse files Browse the repository at this point in the history
* FormatMessage() does not handle PKI errors
* Also fix an issue with non-official version detection when the language is not English
  • Loading branch information
pbatard committed Aug 27, 2017
1 parent 868eea5 commit 36cadcf
Show file tree
Hide file tree
Showing 3 changed files with 109 additions and 21 deletions.
105 changes: 97 additions & 8 deletions src/pki.c
Original file line number Diff line number Diff line change
Expand Up @@ -44,44 +44,132 @@ typedef struct {
LPWSTR lpszMoreInfoLink;
} SPROG_PUBLISHERINFO, *PSPROG_PUBLISHERINFO;


/*
* FormatMessage does not handle PKI errors
*/
const char* WinPKIErrorString(void)
{
static char error_string[64];
DWORD error_code = GetLastError();

if ((error_code >> 16) != 0x8009)
return WindowsErrorString();

switch (error_code) {
case NTE_BAD_UID:
return "Bad UID.";
case CRYPT_E_MSG_ERROR:
return "An error occurred while performing an operation on a cryptographic message.";
case CRYPT_E_UNKNOWN_ALGO:
return "Unknown cryptographic algorithm.";
case CRYPT_E_INVALID_MSG_TYPE:
return "Invalid cryptographic message type.";
case CRYPT_E_HASH_VALUE:
return "The hash value is not correct";
case CRYPT_E_ISSUER_SERIALNUMBER:
return "Invalid issuer and/or serial number.";
case CRYPT_E_BAD_LEN:
return "The length specified for the output data was insufficient.";
case CRYPT_E_BAD_ENCODE:
return "An error occurred during encode or decode operation.";
case CRYPT_E_FILE_ERROR:
return "An error occurred while reading or writing to a file.";
case CRYPT_E_NOT_FOUND:
return "Cannot find object or property.";
case CRYPT_E_EXISTS:
return "The object or property already exists.";
case CRYPT_E_NO_PROVIDER:
return "No provider was specified for the store or object.";
case CRYPT_E_DELETED_PREV:
return "The previous certificate or CRL context was deleted.";
case CRYPT_E_NO_MATCH:
return "Cannot find the requested object.";
case CRYPT_E_UNEXPECTED_MSG_TYPE:
case CRYPT_E_NO_KEY_PROPERTY:
case CRYPT_E_NO_DECRYPT_CERT:
return "Private key or certificate issue";
case CRYPT_E_BAD_MSG:
return "Not a cryptographic message.";
case CRYPT_E_NO_SIGNER:
return "The signed cryptographic message does not have a signer for the specified signer index.";
case CRYPT_E_REVOKED:
return "The certificate is revoked.";
case CRYPT_E_NO_REVOCATION_DLL:
case CRYPT_E_NO_REVOCATION_CHECK:
case CRYPT_E_REVOCATION_OFFLINE:
case CRYPT_E_NOT_IN_REVOCATION_DATABASE:
return "Cannot check certificate revocation.";
case CRYPT_E_INVALID_NUMERIC_STRING:
case CRYPT_E_INVALID_PRINTABLE_STRING:
case CRYPT_E_INVALID_IA5_STRING:
case CRYPT_E_INVALID_X500_STRING:
case CRYPT_E_NOT_CHAR_STRING:
return "Invalid string.";
case CRYPT_E_SECURITY_SETTINGS:
return "The cryptographic operation failed due to a local security option setting.";
case CRYPT_E_NO_VERIFY_USAGE_CHECK:
case CRYPT_E_VERIFY_USAGE_OFFLINE:
return "Cannot complete usage check.";
case CRYPT_E_NO_TRUSTED_SIGNER:
return "None of the signers of the cryptographic message or certificate trust list is trusted.";
default:
static_sprintf(error_string, "Unknown PKI error 0x%08lX", error_code);
return error_string;
}
}

// Mostly from https://support.microsoft.com/en-us/kb/323809
char* GetSignatureName(const char* path)
{
static char szSubjectName[128];
char* p = NULL;
char *p = NULL, *mpath = NULL;
BOOL r;
HMODULE hm;
HCERTSTORE hStore = NULL;
HCRYPTMSG hMsg = NULL;
PCCERT_CONTEXT pCertContext = NULL;
DWORD dwEncoding, dwContentType, dwFormatType, dwSubjectSize;
DWORD dwSize, dwEncoding, dwContentType, dwFormatType, dwSubjectSize;
PCMSG_SIGNER_INFO pSignerInfo = NULL;
PCMSG_SIGNER_INFO pCounterSignerInfo = NULL;
DWORD dwSignerInfo = 0;
CERT_INFO CertInfo = { 0 };
SPROG_PUBLISHERINFO ProgPubInfo = { 0 };
wchar_t *szFileName = utf8_to_wchar(path);
wchar_t *szFileName;

// If the path is NULL, get the signature of the current runtime
if (path == NULL) {
szFileName = calloc(MAX_PATH, sizeof(wchar_t));
if (szFileName == NULL)
return NULL;
GetModuleFileNameW(GetModuleHandle(NULL), szFileName, MAX_PATH);
hm = GetModuleHandle(NULL);
if (hm == NULL) {
uprintf("PKI: Could not get current executable handle: %s", WinPKIErrorString());
return NULL;
}
dwSize = GetModuleFileNameW(hm, szFileName, MAX_PATH);
if ((dwSize == 0) || ((dwSize == MAX_PATH) && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))) {
uprintf("PKI: Could not get module filename: %s", WinPKIErrorString());
return NULL;
}
mpath = wchar_to_utf8(szFileName);
} else {
szFileName = utf8_to_wchar(path);
}

// Get message handle and store handle from the signed file.
r = CryptQueryObject(CERT_QUERY_OBJECT_FILE, szFileName,
CERT_QUERY_CONTENT_FLAG_PKCS7_SIGNED_EMBED, CERT_QUERY_FORMAT_FLAG_BINARY,
0, &dwEncoding, &dwContentType, &dwFormatType, &hStore, &hMsg, NULL);
if (!r) {
uprintf("PKI: Failed to get store handle for '%s': %s", path, WindowsErrorString());
uprintf("PKI: Failed to get signature for '%s': %s", (path==NULL)?mpath:path, WinPKIErrorString());
goto out;
}

// Get signer information size.
r = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, NULL, &dwSignerInfo);
if (!r) {
uprintf("PKI: Failed to get signer size: %s", WindowsErrorString);
uprintf("PKI: Failed to get signer size: %s", WinPKIErrorString());
goto out;
}

Expand All @@ -95,7 +183,7 @@ char* GetSignatureName(const char* path)
// Get Signer Information.
r = CryptMsgGetParam(hMsg, CMSG_SIGNER_INFO_PARAM, 0, (PVOID)pSignerInfo, &dwSignerInfo);
if (!r) {
uprintf("PKI: Failed to get signer information: %s", WindowsErrorString());
uprintf("PKI: Failed to get signer information: %s", WinPKIErrorString());
goto out;
}

Expand All @@ -105,7 +193,7 @@ char* GetSignatureName(const char* path)

pCertContext = CertFindCertificateInStore(hStore, ENCODING, 0, CERT_FIND_SUBJECT_CERT, (PVOID)&CertInfo, NULL);
if (!pCertContext) {
uprintf("PKI: Failed to locate signer certificate in temporary store: %s", WindowsErrorString());
uprintf("PKI: Failed to locate signer certificate in temporary store: %s", WinPKIErrorString());
goto out;
}

Expand All @@ -121,6 +209,7 @@ char* GetSignatureName(const char* path)
p = szSubjectName;

out:
safe_free(mpath);
safe_free(szFileName);
safe_free(ProgPubInfo.lpszProgramName);
safe_free(ProgPubInfo.lpszPublisherLink);
Expand Down
15 changes: 7 additions & 8 deletions src/rufus.c
Original file line number Diff line number Diff line change
Expand Up @@ -3232,14 +3232,6 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
}
selected_langid = get_language_id(selected_locale);

if (!vc) {
get_loc_data_file(loc_file, selected_locale);
right_to_left_mode = ((selected_locale->ctrl_id) & LOC_RIGHT_TO_LEFT);
if (MessageBoxExU(NULL, lmprintf(MSG_296), lmprintf(MSG_295),
MB_YESNO | MB_ICONWARNING | MB_IS_RTL | MB_SYSTEMMODAL, selected_langid) != IDYES)
goto out;
}

// This is needed as there appears to be a *FLAW* in Windows allowing the app to run unelevated with some
// weirdly configured user accounts, even as we explicitly set 'requireAdministrator' in the manifest...
if (!IsCurrentProcessElevated()) {
Expand Down Expand Up @@ -3311,6 +3303,13 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
if (get_loc_data_file(loc_file, selected_locale))
WriteSettingStr(SETTING_LOCALE, selected_locale->txt[0]);

if (!vc) {
if (MessageBoxExU(NULL, lmprintf(MSG_296), lmprintf(MSG_295),
MB_YESNO | MB_ICONWARNING | MB_IS_RTL | MB_SYSTEMMODAL, selected_langid) != IDYES)
goto out;
vc = TRUE;
}

/*
* Create the main Window
*/
Expand Down
10 changes: 5 additions & 5 deletions src/rufus.rc
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
IDD_DIALOG DIALOGEX 12, 12, 242, 376
STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
EXSTYLE WS_EX_ACCEPTFILES
CAPTION "Rufus 2.17.1183"
CAPTION "Rufus 2.17.1184"
FONT 8, "Segoe UI Symbol", 400, 0, 0x0
BEGIN
LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8
Expand Down Expand Up @@ -366,8 +366,8 @@ END
//

VS_VERSION_INFO VERSIONINFO
FILEVERSION 2,17,1183,0
PRODUCTVERSION 2,17,1183,0
FILEVERSION 2,17,1184,0
PRODUCTVERSION 2,17,1184,0
FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
FILEFLAGS 0x1L
Expand All @@ -384,13 +384,13 @@ BEGIN
BEGIN
VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
VALUE "FileDescription", "Rufus"
VALUE "FileVersion", "2.17.1183"
VALUE "FileVersion", "2.17.1184"
VALUE "InternalName", "Rufus"
VALUE "LegalCopyright", "� 2011-2017 Pete Batard (GPL v3)"
VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
VALUE "OriginalFilename", "rufus.exe"
VALUE "ProductName", "Rufus"
VALUE "ProductVersion", "2.17.1183"
VALUE "ProductVersion", "2.17.1184"
END
END
BLOCK "VarFileInfo"
Expand Down

0 comments on commit 36cadcf

Please sign in to comment.