Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows: use fix for CVE-2019-19501 only when process elevated otherwise it will not add any benefit compared to standard ShellExecute while at the same time potentially causing issue when opening links.

Browse Source
This commit is contained in:
Mounir IDRASSI
2020-01-22 18:08:09 +01:00
parent 3874e9af97
commit 11aa708076
1 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/Common/Dlgcode.c
View File

@@ -14243,12 +14243,33 @@ cleanup:
return retval; return retval;
} }
// This function checks if the process is running with elevated privileges or not
BOOL IsElevated()
{
DWORD dwSize = 0;
HANDLE hToken = NULL;
TOKEN_ELEVATION tokenInformation;
BOOL bReturn = FALSE;
if(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
if(GetTokenInformation(hToken, TokenElevation, &tokenInformation, sizeof(TOKEN_ELEVATION), &dwSize))
{
if (tokenInformation.TokenIsElevated)
bReturn = TRUE;
}
CloseHandle(hToken);
}
return bReturn;
}
// This function always loads a URL in a non-privileged mode // This function always loads a URL in a non-privileged mode
// If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated // If current process has admin privileges, we execute the command "rundll32 url.dll,FileProtocolHandler URL" as non-elevated
// Use this security mechanism only starting from Windows Vista // Use this security mechanism only starting from Windows Vista
void SafeOpenURL (LPCWSTR szUrl) void SafeOpenURL (LPCWSTR szUrl)
{ {
if (IsAdmin () && IsOSAtLeast (WIN_VISTA)) if (IsOSAtLeast (WIN_VISTA) && IsAdmin () && IsElevated())
{ {
WCHAR szRunDllPath[TC_MAX_PATH]; WCHAR szRunDllPath[TC_MAX_PATH];
WCHAR szUrlDllPath[TC_MAX_PATH]; WCHAR szUrlDllPath[TC_MAX_PATH];