From 470bdf3e26e433032fe7986f379cad797cdd94cd Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 14 Oct 2021 06:37:50 +0000 Subject: [PATCH] api: use proper instance id bounds Signed-off-by: Jason A. Donenfeld --- api/adapter.c | 2 +- api/adapter.h | 4 ++-- api/rundll32.c | 6 +++--- api/rundll32.h | 2 +- setupapihost/host_win7.h | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/api/adapter.c b/api/adapter.c index ab79f0c..0dd8c42 100644 --- a/api/adapter.c +++ b/api/adapter.c @@ -523,7 +523,7 @@ DeviceCreateCallback( SW_DEVICE_CREATE_CTX *Ctx = Context; Ctx->CreateResult = CreateResult; if (DeviceInstanceId) - wcsncpy_s(Ctx->DeviceInstanceId, MAX_INSTANCE_ID, DeviceInstanceId, _TRUNCATE); + wcsncpy_s(Ctx->DeviceInstanceId, MAX_DEVICE_ID_LEN, DeviceInstanceId, _TRUNCATE); SetEvent(Ctx->Triggered); } diff --git a/api/adapter.h b/api/adapter.h index 567ee82..cfa22fd 100644 --- a/api/adapter.h +++ b/api/adapter.h @@ -8,9 +8,9 @@ #include "wintun.h" #include #include +#include #include -#define MAX_INSTANCE_ID MAX_PATH /* TODO: Is MAX_PATH always enough? */ #define WINTUN_HWID L"Wintun" #define WINTUN_ENUMERATOR (IsWindows7 ? L"ROOT\\" WINTUN_HWID : L"SWD\\" WINTUN_HWID) @@ -28,7 +28,7 @@ typedef struct _WINTUN_ADAPTER SP_DEVINFO_DATA DevInfoData; WCHAR *InterfaceFilename; GUID CfgInstanceID; - WCHAR DevInstanceID[MAX_INSTANCE_ID]; + WCHAR DevInstanceID[MAX_DEVICE_ID_LEN]; DWORD LuidIndex; DWORD IfType; DWORD IfIndex; diff --git a/api/rundll32.c b/api/rundll32.c index 6bdc7c9..5ea2b15 100644 --- a/api/rundll32.c +++ b/api/rundll32.c @@ -311,7 +311,7 @@ InvokeClassInstaller(_In_ LPCWSTR Action, _In_ LPCWSTR Function, _In_ HDEVINFO D { LOG(WINTUN_LOG_INFO, L"Spawning native process to %s instance", Action); - WCHAR InstanceId[MAX_INSTANCE_ID]; + WCHAR InstanceId[MAX_DEVICE_ID_LEN]; DWORD RequiredChars = _countof(InstanceId); if (!SetupDiGetDeviceInstanceIdW(DevInfo, DevInfoData, InstanceId, RequiredChars, &RequiredChars)) { @@ -374,7 +374,7 @@ CreateInstanceWin7ViaRundll32(LPWSTR InstanceId) LOG(WINTUN_LOG_INFO, L"Spawning native process to create instance"); DWORD LastError; - WCHAR Response[MAX_INSTANCE_ID + 1]; + WCHAR Response[MAX_DEVICE_ID_LEN + 1]; if (!ExecuteRunDll32(L"CreateInstanceWin7", L"", Response, _countof(Response))) { LastError = LOG_LAST_ERROR(L"Error executing worker process"); @@ -389,7 +389,7 @@ CreateInstanceWin7ViaRundll32(LPWSTR InstanceId) } LastError = wcstoul(Argv[0], NULL, 16); if (LastError == ERROR_SUCCESS) - wcsncpy_s(InstanceId, MAX_INSTANCE_ID, Argv[1], _TRUNCATE); + wcsncpy_s(InstanceId, MAX_DEVICE_ID_LEN, Argv[1], _TRUNCATE); cleanupArgv: LocalFree(Argv); cleanup: diff --git a/api/rundll32.h b/api/rundll32.h index 030419c..762bfcf 100644 --- a/api/rundll32.h +++ b/api/rundll32.h @@ -23,4 +23,4 @@ DisableInstanceViaRundll32(_In_ HDEVINFO DevInfo, _In_ SP_DEVINFO_DATA *DevInfoD _Return_type_success_(return != FALSE) BOOL -CreateInstanceWin7ViaRundll32(_Out_writes_z_(MAX_INSTANCE_ID) LPWSTR InstanceId); \ No newline at end of file +CreateInstanceWin7ViaRundll32(_Out_writes_z_(MAX_DEVICE_ID_LEN) LPWSTR InstanceId); \ No newline at end of file diff --git a/setupapihost/host_win7.h b/setupapihost/host_win7.h index 4e65bff..2640c26 100644 --- a/setupapihost/host_win7.h +++ b/setupapihost/host_win7.h @@ -4,8 +4,8 @@ */ #include +#include -#define MAX_INSTANCE_ID MAX_PATH /* TODO: Is MAX_PATH always enough? */ #define WINTUN_HWID L"Wintun" VOID __stdcall CreateInstanceWin7(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) @@ -13,7 +13,7 @@ VOID __stdcall CreateInstanceWin7(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, #pragma EXPORT DWORD LastError = ERROR_SUCCESS; - WCHAR InstanceId[MAX_INSTANCE_ID] = { 0 }; + WCHAR InstanceId[MAX_DEVICE_ID_LEN] = { 0 }; HDEVINFO DevInfo = SetupDiCreateDeviceInfoListExW(&GUID_DEVCLASS_NET, NULL, NULL, NULL); if (DevInfo == INVALID_HANDLE_VALUE)