Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 02:58:02 -06:00
Code Activity

Windows: Only load valid XML language files (Language.xx.xml or Language.xx-yy.xml format)

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-08-21 09:24:57 +02:00
parent 0f94015041
commit 695d1735a0
1 changed files with 44 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
src/Common/Language.c
View File

@@ -83,6 +83,31 @@ static char *MapFirstLanguageFile ()
return LanguageFileBuffer; return LanguageFileBuffer;
} }
static int IsValidLanguageFileName(const wchar_t* filename) {
size_t len = wcslen(filename);
// Check the base format and length directly
if (_wcsnicmp(filename, L"Language.", 9) != 0 || (len != 15 && len != 18))
return 0; // Does not start with "Language." or has incorrect length
// Check for the ".xml" suffix
if (_wcsicmp(filename + len - 4, L".xml") != 0)
return 0; // Does not end with ".xml"
// Detailed checks based on the specific length
if (len == 15) {
// Format should be Language.xx.xml
if (iswalpha(filename[9]) && iswalpha(filename[10]))
return 1; // Valid format for short code
} else if (len == 18) {
// Format should be Language.xx-yy.xml
if (iswalpha(filename[9]) && iswalpha(filename[10]) && filename[11] == L'-' &&
iswalpha(filename[12]) && iswalpha(filename[13]))
return 1; // Valid format for long code
}
return 0; // If none of the conditions are met, the filename is invalid
}
static char *MapNextLanguageFile (int resourceid) static char *MapNextLanguageFile (int resourceid)
{ {
@@ -91,6 +116,7 @@ static char *MapNextLanguageFile (int resourceid)
HANDLE file; HANDLE file;
DWORD read; DWORD read;
BOOL bStatus; BOOL bStatus;
BOOL validFileFound = FALSE;
/* free memory here to avoid leaks */ /* free memory here to avoid leaks */
if (LanguageFileBuffer != NULL) if (LanguageFileBuffer != NULL)
@@ -122,6 +148,24 @@ static char *MapNextLanguageFile (int resourceid)
if (LanguageFileFindHandle == INVALID_HANDLE_VALUE) return NULL; if (LanguageFileFindHandle == INVALID_HANDLE_VALUE) return NULL;
if (find.nFileSizeHigh != 0) return NULL; if (find.nFileSizeHigh != 0) return NULL;
// Validate the file name format
while (!validFileFound)
{
if (!IsValidLanguageFileName(find.cFileName))
{
if (!FindNextFileW(LanguageFileFindHandle, &find))
{
FindClose(LanguageFileFindHandle);
LanguageFileFindHandle = INVALID_HANDLE_VALUE;
return NULL;
}
}
else
{
validFileFound = TRUE;
}
}
LanguageFileBuffer = malloc(find.nFileSizeLow + 1); LanguageFileBuffer = malloc(find.nFileSizeLow + 1);
if (LanguageFileBuffer == NULL) return NULL; if (LanguageFileBuffer == NULL) return NULL;