29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync#if defined(RT_OS_OS2)

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# define INCL_BASE

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# define INCL_ERRORS

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <os2.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <stdio.h>

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync# include <stdlib.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <unistd.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <sys/fcntl.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <sys/errno.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <sys/syslimits.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync#elif defined(RT_OS_WINDOWS)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <Windows.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# ifndef IN_SUP_HARDENED_R3

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <stdio.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# endif

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#else /* UNIXes */

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <sys/types.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <stdio.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <stdlib.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <dirent.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <dlfcn.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <fcntl.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <limits.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <errno.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <unistd.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# include <sys/stat.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync# include <sys/time.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <sys/fcntl.h>

0c94a8282c9042b02f022302a3d987746140eab9vboxsync# include <pwd.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# ifdef RT_OS_DARWIN

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include <mach-o/dyld.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync# endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#include <VBox/sup.h>

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#include <VBox/err.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#include <iprt/asm.h>

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#include <iprt/ctype.h>

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#include <iprt/param.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#include <iprt/path.h>

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#include <iprt/string.h>

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#include "SUPLibInternal.h"

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync#if defined(RT_OS_WINDOWS) && defined(VBOX_WITH_HARDENING)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# define SUPHNTVI_NO_NT_STUFF

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# include "win/SUPHardenedVerify-win.h"

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#endif

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#define SUPR3HARDENED_MAX_PATH 260U

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#ifdef RT_OS_SOLARIS

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# define dirfd(d) ((d)->d_fd)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)

0c94a8282c9042b02f022302a3d987746140eab9vboxsync# define SUP_COMP_FILENAME suplibHardenedStrICmp

0c94a8282c9042b02f022302a3d987746140eab9vboxsync#else

0c94a8282c9042b02f022302a3d987746140eab9vboxsync# define SUP_COMP_FILENAME suplibHardenedStrCmp

0c94a8282c9042b02f022302a3d987746140eab9vboxsync#endif

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsyncstatic SUPINSTFILE const g_aSupInstallFiles[] =

0c94a8282c9042b02f022302a3d987746140eab9vboxsync{

0c94a8282c9042b02f022302a3d987746140eab9vboxsync /* type, dir, fOpt, "pszFile" */

0c94a8282c9042b02f022302a3d987746140eab9vboxsync /* ---------------------------------------------------------------------- */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, false, "VMMR0.r0" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDDR0.r0" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, false, "VBoxDD2R0.r0" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#ifdef VBOX_WITH_RAW_MODE

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Rc, kSupID_AppPrivArch, false, "VMMGC.gc" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Rc, kSupID_AppPrivArch, false, "VBoxDDGC.gc" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Rc, kSupID_AppPrivArch, false, "VBoxDD2GC.gc" },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxRT" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxVMM" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxREM" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#if HC_ARCH_BITS == 32

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxREM32" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxREM64" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDD" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDD2" SUPLIB_DLL_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxDDU" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxDbg" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxDbg3" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedClipboard" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedFolders" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxDragAndDropSvc" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxGuestPropSvc" SUPLIB_DLL_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxGuestControlSvc" SUPLIB_DLL_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxHostChannel" SUPLIB_DLL_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSharedCrOpenGL" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLhostcrutil" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLhosterrorspu" SUPLIB_DLL_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxOGLrenderspu" SUPLIB_DLL_SUFF },

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxManage" SUPLIB_EXE_SUFF },

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#ifdef VBOX_WITH_MAIN

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_Exe, kSupID_AppBin, false, "VBoxSVC" SUPLIB_EXE_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync #ifdef RT_OS_WINDOWS

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxC" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync #else

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Exe, kSupID_AppPrivArch, false, "VBoxXPCOMIPCD" SUPLIB_EXE_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, false, "VBoxXPCOM" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxXPCOMIPCC" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxC" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArchComp, false, "VBoxSVCM" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Data, kSupID_AppPrivArchComp, false, "VBoxXPCOMBase.xpt" },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync #endif

0c94a8282c9042b02f022302a3d987746140eab9vboxsync#endif

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VRDPAuth" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxAuth" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxVRDP" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxHeadless" SUPLIB_EXE_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxHeadless" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxVideoRecFB" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VirtualBox" SUPLIB_EXE_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VirtualBox" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync# if !defined(RT_OS_DARWIN) && !defined(RT_OS_WINDOWS) && !defined(RT_OS_OS2)

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Dll, kSupID_SharedLib, true, "VBoxKeyboard" SUPLIB_DLL_SUFF },

0c94a8282c9042b02f022302a3d987746140eab9vboxsync# endif

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxSDL" SUPLIB_EXE_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxSDL" SUPLIB_DLL_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "vboxwebsrv" SUPLIB_EXE_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#ifdef RT_OS_LINUX

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxTunctl" SUPLIB_EXE_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#endif

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxNetDHCP" SUPLIB_EXE_SUFF },

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxNetDHCP" SUPLIB_DLL_SUFF },

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync { kSupIFT_Exe, kSupID_AppBin, true, "VBoxNetNAT" SUPLIB_EXE_SUFF },

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync { kSupIFT_Dll, kSupID_AppPrivArch, true, "VBoxNetNAT" SUPLIB_DLL_SUFF },

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#if defined(VBOX_WITH_HARDENING) && defined(RT_OS_WINDOWS)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync# define HARDENED_TESTCASE_BIN_ENTRY(a_szName) \

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync { kSupIFT_TestExe, kSupID_AppBin, true, a_szName SUPLIB_EXE_SUFF }, \

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_TestDll, kSupID_AppBin, true, a_szName SUPLIB_DLL_SUFF }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_BIN_ENTRY("tstMicro"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_BIN_ENTRY("tstPDMAsyncCompletion"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_BIN_ENTRY("tstPDMAsyncCompletionStress"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_BIN_ENTRY("tstVMM"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_BIN_ENTRY("tstVMREQ"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync# define HARDENED_TESTCASE_ENTRY(a_szName) \

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_TestExe, kSupID_Testcase, true, a_szName SUPLIB_EXE_SUFF }, \

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync { kSupIFT_TestDll, kSupID_Testcase, true, a_szName SUPLIB_DLL_SUFF }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstCFGM"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstIntNet-1"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstMMHyperHeap"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstR0ThreadPreemptionDriver"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstRTR0MemUserKernelDriver"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstRTR0SemMutexDriver"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstRTR0TimerDriver"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HARDENED_TESTCASE_ENTRY("tstSSM"),

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#endif

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync};

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsyncstatic SUPVERIFIEDFILE g_aSupVerifiedFiles[RT_ELEMENTS(g_aSupInstallFiles)];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsyncstatic SUPVERIFIEDDIR g_aSupVerifiedDirs[kSupID_End];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsyncstatic int supR3HardenedMakePath(SUPINSTDIR enmDir, char *pszDst, size_t cchDst, bool fFatal)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync{

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int rc;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync switch (enmDir)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_AppBin: /** @todo fix this AppBin crap (uncertain wtf some binaries actually are installed). */

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_Bin:

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedPathExecDir(pszDst, cchDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync break;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_SharedLib:

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedPathSharedLibs(pszDst, cchDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync break;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_AppPrivArch:

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedPathAppPrivateArch(pszDst, cchDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync break;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_AppPrivArchComp:

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedPathAppPrivateArch(pszDst, cchDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync size_t off = suplibHardenedStrLen(pszDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (cchDst - off >= sizeof("/components"))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync suplibHardenedMemCopy(&pszDst[off], "/components", sizeof("/components"));

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = VERR_BUFFER_OVERFLOW;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync break;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync case kSupID_AppPrivNoArch:

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedPathAppPrivateNoArch(pszDst, cchDst);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync break;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync case kSupID_Testcase:

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync rc = supR3HardenedPathExecDir(pszDst, cchDst);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RT_SUCCESS(rc))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync size_t off = suplibHardenedStrLen(pszDst);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (cchDst - off >= sizeof("/testcase"))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync suplibHardenedMemCopy(&pszDst[off], "/testcase", sizeof("/testcase"));

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = VERR_BUFFER_OVERFLOW;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync break;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync default:

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync return supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "supR3HardenedMakePath: enmDir=%d\n", enmDir);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RT_FAILURE(rc))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync supR3HardenedError(rc, fFatal,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "supR3HardenedMakePath: enmDir=%d rc=%d\n", enmDir, rc);

29099c2d04b11e614f1fa399fab9e9162f2788b9vboxsync return rc;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedMakeFilePath(PCSUPINSTFILE pFile, char *pszDst, size_t cchDst, bool fWithFilename, bool fFatal)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /*

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync int rc = supR3HardenedMakePath(pFile->enmDir, pszDst, cchDst, fFatal);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RT_SUCCESS(rc) && fWithFilename)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync size_t cchFile = suplibHardenedStrLen(pFile->pszFile);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync size_t off = suplibHardenedStrLen(pszDst);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (cchDst - off >= cchFile + 2)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszDst[off++] = '/';

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync suplibHardenedMemCopy(&pszDst[off], pFile->pszFile, cchFile + 1);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync rc = supR3HardenedError(VERR_BUFFER_OVERFLOW, fFatal,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "supR3HardenedMakeFilePath: pszFile=%s off=%lu\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync pFile->pszFile, (long)off);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync return rc;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync}

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsyncDECLHIDDEN(int) supR3HardenedVerifyFixedDir(SUPINSTDIR enmDir, bool fFatal)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync{

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (enmDir <= kSupID_Invalid || enmDir >= kSupID_End)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync return supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyDir: enmDir=%d\n", enmDir);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /*

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (g_aSupVerifiedDirs[enmDir].fValidated)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync return VINF_SUCCESS; /** @todo revalidate? */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /* initialize the entry. */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (g_aSupVerifiedDirs[enmDir].hDir != 0)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyDir: hDir=%p enmDir=%d\n",

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync (void *)g_aSupVerifiedDirs[enmDir].hDir, enmDir);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync g_aSupVerifiedDirs[enmDir].hDir = -1;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync g_aSupVerifiedDirs[enmDir].fValidated = false;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync char szPath[RTPATH_MAX];

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync int rc = supR3HardenedMakePath(enmDir, szPath, sizeof(szPath), fFatal);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RT_SUCCESS(rc))

0c94a8282c9042b02f022302a3d987746140eab9vboxsync {

0c94a8282c9042b02f022302a3d987746140eab9vboxsync#if defined(RT_OS_WINDOWS)

0c94a8282c9042b02f022302a3d987746140eab9vboxsync PRTUTF16 pwszPath;

0c94a8282c9042b02f022302a3d987746140eab9vboxsync rc = RTStrToUtf16(szPath, &pwszPath);

0c94a8282c9042b02f022302a3d987746140eab9vboxsync if (RT_SUCCESS(rc))

0c94a8282c9042b02f022302a3d987746140eab9vboxsync {

0c94a8282c9042b02f022302a3d987746140eab9vboxsync HANDLE hDir = CreateFileW(pwszPath,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync GENERIC_READ,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync FILE_SHARE_READ | FILE_SHARE_DELETE | FILE_SHARE_WRITE,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync NULL,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync OPEN_EXISTING,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS,

0c94a8282c9042b02f022302a3d987746140eab9vboxsync NULL);

0c94a8282c9042b02f022302a3d987746140eab9vboxsync if (hDir != INVALID_HANDLE_VALUE)

0c94a8282c9042b02f022302a3d987746140eab9vboxsync {

0c94a8282c9042b02f022302a3d987746140eab9vboxsync /** @todo check the type */

0c94a8282c9042b02f022302a3d987746140eab9vboxsync /* That's all on windows, for now at least... */

0c94a8282c9042b02f022302a3d987746140eab9vboxsync g_aSupVerifiedDirs[enmDir].hDir = (intptr_t)hDir;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync g_aSupVerifiedDirs[enmDir].fValidated = true;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else if (enmDir == kSupID_Testcase)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync g_aSupVerifiedDirs[enmDir].fValidated = true;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = VINF_SUCCESS; /* Optional directory, ignore if missing. */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync int err = GetLastError();

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_PATH_NOT_FOUND, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyDir: Failed to open \"%s\": err=%d\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, err);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync RTUtf16Free(pwszPath);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync rc = supR3HardenedError(rc, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyDir: Failed to convert \"%s\" to UTF-16: err=%d\n", szPath, rc);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync#else /* UNIXY */

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync int fd = open(szPath, O_RDONLY, 0);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (fd >= 0)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync struct stat st;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (!fstat(fd, &st))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync if ( st.st_uid == 0

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync && !(st.st_mode & (S_IWGRP | S_IWOTH))

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync && S_ISDIR(st.st_mode))

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync g_aSupVerifiedDirs[enmDir].hDir = fd;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync g_aSupVerifiedDirs[enmDir].fValidated = true;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync {

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if (!S_ISDIR(st.st_mode))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(VERR_NOT_A_DIRECTORY, fFatal,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync "supR3HardenedVerifyDir: \"%s\" is not a directory\n",

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync szPath, (long)st.st_uid);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else if (st.st_uid)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync "supR3HardenedVerifyDir: Cannot trust the directory \"%s\": not owned by root (st_uid=%ld)\n",

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync szPath, (long)st.st_uid);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync "supR3HardenedVerifyDir: Cannot trust the directory \"%s\": group and/or other writable (st_mode=0%lo)\n",

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync szPath, (long)st.st_mode);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync close(fd);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync int err = errno;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync "supR3HardenedVerifyDir: Failed to fstat \"%s\": %s (%d)\n",

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync szPath, strerror(err), err);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync close(fd);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else if (enmDir == kSupID_Testcase)

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync {

f9cdd92d151d9c28eb0f1aed25863fc04f85691dvboxsync g_aSupVerifiedDirs[enmDir].fValidated = true;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync rc = VINF_SUCCESS; /* Optional directory, ignore if missing. */

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int err = errno;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(VERR_PATH_NOT_FOUND, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyDir: Failed to open \"%s\": %s (%d)\n",

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync szPath, strerror(err), err);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync#endif /* UNIXY */

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync return rc;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync}

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync#ifdef RT_OS_WINDOWS

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsyncstatic int supR3HardenedVerifyFileOpen(PCSUPINSTFILE pFile, bool fFatal, intptr_t *phFile)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync{

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync *phFile = -1;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync char szPath[RTPATH_MAX];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int rc = supR3HardenedMakeFilePath(pFile, szPath, sizeof(szPath), true /*fWithFilename*/, fFatal);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync PRTUTF16 pwszPath;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = RTStrToUtf16(szPath, &pwszPath);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync HANDLE hFile = CreateFileW(pwszPath,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync GENERIC_READ,

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync FILE_SHARE_READ,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync NULL,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync OPEN_EXISTING,

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync FILE_ATTRIBUTE_NORMAL,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync NULL);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (hFile)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync *phFile = (intptr_t)hFile;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = VINF_SUCCESS;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int err = GetLastError();

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if ( !pFile->fOptional

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync || ( err != ERROR_FILE_NOT_FOUND

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync && (err != ERROR_PATH_NOT_FOUND || pFile->enmDir != kSupID_Testcase) ) )

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(VERR_PATH_NOT_FOUND, fFatal,

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync "supR3HardenedVerifyFileInternal: Failed to open '%s': err=%d\n", szPath, err);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync }

0c94a8282c9042b02f022302a3d987746140eab9vboxsync RTUtf16Free(pwszPath);

0c94a8282c9042b02f022302a3d987746140eab9vboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

0c94a8282c9042b02f022302a3d987746140eab9vboxsync rc = supR3HardenedError(rc, fFatal, "supR3HardenedVerifyFileInternal: Failed to convert '%s' to UTF-16: %Rrc\n",

0c94a8282c9042b02f022302a3d987746140eab9vboxsync szPath, rc);

0c94a8282c9042b02f022302a3d987746140eab9vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync return rc;

0c94a8282c9042b02f022302a3d987746140eab9vboxsync}

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

0c94a8282c9042b02f022302a3d987746140eab9vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsyncstatic int supR3HardenedVerifyFileSignature(PCSUPINSTFILE pFile, PSUPVERIFIEDFILE pVerified, bool fFatal, bool fLeaveFileOpen)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync{

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync# if defined(VBOX_WITH_HARDENING) && !defined(IN_SUP_R3_STATIC) /* Latter: Not in VBoxCpuReport and friends. */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int rc;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync intptr_t hFileOpened;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync intptr_t hFile = pVerified->hFile;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (hFile != -1)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync hFileOpened = -1;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedVerifyFileOpen(pFile, fFatal, &hFileOpened);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_FAILURE(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync return rc;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync hFile = hFileOpened;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync /*

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync char szErr[1024];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync RTERRINFO ErrInfo;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync RTErrInfoInit(&ErrInfo, szErr, sizeof(szErr));

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync uint32_t fFlags = SUPHNTVI_F_REQUIRE_BUILD_CERT;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (pFile->enmType == kSupIFT_Rc)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync fFlags |= SUPHNTVI_F_RC_IMAGE;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supHardenedWinVerifyImageByHandleNoName((HANDLE)hFile, fFlags, &ErrInfo);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->fCheckedSignature = true;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->fCheckedSignature = false;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedError(rc, fFatal, "supR3HardenedVerifyFileInternal: '%s': Image verify error rc=%Rrc: %s\n",

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pFile->pszFile, rc, szErr);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync /*

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (hFileOpened != -1)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (fLeaveFileOpen && RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->hFile = hFileOpened;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync else

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync CloseHandle((HANDLE)hFileOpened);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync }

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync return rc;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync# else /* Not checking signatures. */

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync return VINF_SUCCESS;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync# endif /* Not checking signatures. */

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync}

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync#endif

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsyncstatic int supR3HardenedVerifyFileInternal(int iFile, bool fFatal, bool fLeaveFileOpen, bool fVerifyAll)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync{

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync PCSUPINSTFILE pFile = &g_aSupInstallFiles[iFile];

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync PSUPVERIFIEDFILE pVerified = &g_aSupVerifiedFiles[iFile];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync /*

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if (pVerified->fValidated)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /** @todo revalidate? Check that the file hasn't been replace or similar. */

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#ifdef RT_OS_WINDOWS

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (!pVerified->fCheckedSignature && !fVerifyAll)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync return supR3HardenedVerifyFileSignature(pFile, pVerified, fFatal, fLeaveFileOpen);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#endif

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync return VINF_SUCCESS;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /* initialize the entry. */

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (pVerified->hFile != 0)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync "supR3HardenedVerifyFileInternal: hFile=%p (%s)\n",

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync (void *)pVerified->hFile, pFile->pszFile);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->hFile = -1;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->fValidated = false;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#ifdef RT_OS_WINDOWS

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->fCheckedSignature = false;

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync#endif

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync /*

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int rc = supR3HardenedVerifyFixedDir(pFile->enmDir, fFatal);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (RT_SUCCESS(rc))

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#if defined(RT_OS_WINDOWS)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedVerifyFileOpen(pFile, fFatal, &pVerified->hFile);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (RT_SUCCESS(rc))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (!fVerifyAll)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedVerifyFileSignature(pFile, pVerified, fFatal, fLeaveFileOpen);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (RT_SUCCESS(rc))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync pVerified->fValidated = true;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (!fLeaveFileOpen)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync CloseHandle((HANDLE)pVerified->hFile);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync pVerified->hFile = -1;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#else /* !RT_OS_WINDOWS */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync char szPath[RTPATH_MAX];

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync rc = supR3HardenedMakeFilePath(pFile, szPath, sizeof(szPath), true /*fWithFilename*/, fFatal);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (RT_SUCCESS(rc))

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync int fd = open(szPath, O_RDONLY, 0);

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync if (fd >= 0)

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync {

19320d55d1417c39b3b5673a53aaa5ef177242c8vboxsync /*

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync struct stat st;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (!fstat(fd, &st))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

9c9db71d639cf066ed41d49629d46d48bff4be2fvboxsync if ( st.st_uid == 0

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync && !(st.st_mode & (S_IWGRP | S_IWOTH))

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync && S_ISREG(st.st_mode))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /* it's valid. */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (fLeaveFileOpen)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync pVerified->hFile = fd;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync close(fd);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync pVerified->fValidated = true;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (!S_ISREG(st.st_mode))

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_IS_A_DIRECTORY, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyFileInternal: \"%s\" is not a regular file\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, (long)st.st_uid);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else if (st.st_uid)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyFileInternal: Cannot trust the file \"%s\": not owned by root (st_uid=%ld)\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, (long)st.st_uid);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyFileInternal: Cannot trust the file \"%s\": group and/or other writable (st_mode=0%lo)\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, (long)st.st_mode);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync close(fd);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync int err = errno;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_ACCESS_DENIED, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyFileInternal: Failed to fstat \"%s\": %s (%d)\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, strerror(err), err);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync close(fd);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync else

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync {

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync int err = errno;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (!pFile->fOptional || err != ENOENT)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = supR3HardenedError(VERR_PATH_NOT_FOUND, fFatal,

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync "supR3HardenedVerifyFileInternal: Failed to open \"%s\": %s (%d)\n",

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync szPath, strerror(err), err);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#endif /* !RT_OS_WINDOWS */

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync return rc;

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync}

9c9db71d639cf066ed41d49629d46d48bff4be2fvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsyncstatic int supR3HardenedVerifySameFile(int iFile, const char *pszFilename, bool fFatal)

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync{

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync PCSUPINSTFILE pFile = &g_aSupInstallFiles[iFile];

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync /*

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync char szName[RTPATH_MAX];

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync int rc = supR3HardenedMakeFilePath(pFile, szName, sizeof(szName), true /*fWithFilename*/, fFatal);

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync if (RT_FAILURE(rc))

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync return rc;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if (SUP_COMP_FILENAME(szName, pszFilename))

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync {

44372afb953dc9f1f1ec71943f5f561a607c0307vboxsync /*

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync rc = VERR_NOT_SAME_DEVICE;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync#if defined(RT_OS_WINDOWS)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync LPSTR pszIgnored;

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync char szName2[RTPATH_MAX];

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync if ( GetFullPathName(szName, RT_ELEMENTS(szName2), &szName2[0], &pszIgnored)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync && GetFullPathName(pszFilename, RT_ELEMENTS(szName), &szName[0], &pszIgnored))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (!SUP_COMP_FILENAME(szName2, szName))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync rc = VINF_SUCCESS;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync AssertCompile(RTPATH_MAX >= PATH_MAX);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync char szName2[RTPATH_MAX];

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if ( realpath(szName, szName2) != NULL

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync && realpath(pszFilename, szName) != NULL)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (!SUP_COMP_FILENAME(szName2, szName))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = VINF_SUCCESS;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RT_FAILURE(rc))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync supR3HardenedMakeFilePath(pFile, szName, sizeof(szName), true /*fWithFilename*/, fFatal);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedError(rc, fFatal,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "supR3HardenedVerifySameFile: \"%s\" isn't the same as \"%s\"\n",

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszFilename, szName);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync return VINF_SUCCESS;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync}

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsyncDECLHIDDEN(int) supR3HardenedVerifyFixedFile(const char *pszFilename, bool fFatal)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync{

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync const char *pszName = supR3HardenedPathFilename(pszFilename);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync for (unsigned iFile = 0; iFile < RT_ELEMENTS(g_aSupInstallFiles); iFile++)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (!SUP_COMP_FILENAME(pszName, g_aSupInstallFiles[iFile].pszFile))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync int rc = supR3HardenedVerifySameFile(iFile, pszFilename, fFatal);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (RT_SUCCESS(rc))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedVerifyFileInternal(iFile, fFatal, false /* fLeaveFileOpen */, false /* fVerifyAll */);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync return rc;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync return VERR_NOT_FOUND;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync}

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsyncstatic int supR3HardenedVerifyProgram(const char *pszProgName, bool fFatal, bool fLeaveOpen)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync{

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync int rc = VINF_SUCCESS;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync bool fExe = false;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync bool fDll = false;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync size_t const cchProgName = suplibHardenedStrLen(pszProgName);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync for (unsigned iFile = 0; iFile < RT_ELEMENTS(g_aSupInstallFiles); iFile++)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if (!suplibHardenedStrNCmp(pszProgName, g_aSupInstallFiles[iFile].pszFile, cchProgName))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if ( ( g_aSupInstallFiles[iFile].enmType == kSupIFT_Dll

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync || g_aSupInstallFiles[iFile].enmType == kSupIFT_TestDll)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync && !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgName], SUPLIB_DLL_SUFF))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /* This only has to be found (once). */

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (fDll)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyProgram: duplicate DLL entry for \"%s\"\n", pszProgName);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync else

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedVerifyFileInternal(iFile, fFatal, fLeaveOpen, false /* fVerifyAll */);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync fDll = true;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync else if ( ( g_aSupInstallFiles[iFile].enmType == kSupIFT_Exe

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync || g_aSupInstallFiles[iFile].enmType == kSupIFT_TestExe)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync && !suplibHardenedStrCmp(&g_aSupInstallFiles[iFile].pszFile[cchProgName], SUPLIB_EXE_SUFF))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /* Here we'll have to check that the specific program is the same as the entry. */

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (fExe)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedError(VERR_INTERNAL_ERROR, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyProgram: duplicate EXE entry for \"%s\"\n", pszProgName);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync else

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedVerifyFileInternal(iFile, fFatal, fLeaveOpen, false /* fVerifyAll */);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync fExe = true;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync char szFilename[RTPATH_MAX];

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync int rc2 = supR3HardenedPathExecDir(szFilename, sizeof(szFilename) - cchProgName - sizeof(SUPLIB_EXE_SUFF));

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (RT_SUCCESS(rc2))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync suplibHardenedStrCat(szFilename, "/");

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync suplibHardenedStrCat(szFilename, g_aSupInstallFiles[iFile].pszFile);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync supR3HardenedVerifySameFile(iFile, szFilename, fFatal);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync else

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync rc = supR3HardenedError(rc2, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyProgram: failed to query program path: rc=%d\n", rc2);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync }

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (RT_SUCCESS(rc))

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync {

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync if (!fDll && !fExe)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedError(VERR_NOT_FOUND, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyProgram: Couldn't find the program \"%s\"\n", pszProgName);

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync else if (!fExe)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedError(VERR_NOT_FOUND, fFatal,

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync "supR3HardenedVerifyProgram: Couldn't find the EXE entry for \"%s\"\n", pszProgName);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync else if (!fDll)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync rc = supR3HardenedError(VERR_NOT_FOUND, fFatal,

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync "supR3HardenedVerifyProgram: Couldn't find the DLL entry for \"%s\"\n", pszProgName);

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync }

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync return rc;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync}

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsyncDECLHIDDEN(int) supR3HardenedVerifyAll(bool fFatal, const char *pszProgName)

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync{

c66c4413faa5a72ce047742f9acfa85e94dec8afvboxsync /*

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync#if defined(RT_OS_WINDOWS)

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync bool fLeaveOpen = true;

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync#else

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync bool fLeaveOpen = false;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync#endif

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync /*

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync int rc = VINF_SUCCESS;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync for (unsigned iFile = 0; iFile < RT_ELEMENTS(g_aSupInstallFiles); iFile++)

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync {

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync int rc2 = supR3HardenedVerifyFileInternal(iFile, fFatal, fLeaveOpen, true /* fVerifyAll */);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if (RT_FAILURE(rc2) && RT_SUCCESS(rc))

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync rc = rc2;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync }

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync /*

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync int rc2 = supR3HardenedVerifyProgram(pszProgName, fFatal, fLeaveOpen);

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync if (RT_FAILURE(rc2) && RT_SUCCESS(rc))

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync rc2 = rc;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync return rc;

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync}

66b58af085e22ee26be57f98127fb49ee2e91790vboxsync

661bfa5aae55ac2f94fa1cb131ea2323e5f6e633vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedSetErrorN(int rc, PRTERRINFO pErrInfo, unsigned cMsgs, ...)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (pErrInfo)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync size_t cbErr = pErrInfo->cbMsg;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync char *pszErr = pErrInfo->pszMsg;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync va_list va;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync va_start(va, cMsgs);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync while (cMsgs-- > 0 && cbErr > 0)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync const char *pszMsg = va_arg(va, const char *);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync size_t cchMsg = VALID_PTR(pszMsg) ? suplibHardenedStrLen(pszMsg) : 0;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (cchMsg >= cbErr)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync cchMsg = cbErr - 1;

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync suplibHardenedMemCopy(pszErr, pszMsg, cchMsg);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszErr[cchMsg] = '\0';

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszErr += cchMsg;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync cbErr -= cchMsg;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync va_end(va);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pErrInfo->rc = rc;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pErrInfo->fFlags |= RTERRINFO_FLAGS_SET;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return rc;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedSetError3(int rc, PRTERRINFO pErrInfo, const char *pszMsg1,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync const char *pszMsg2, const char *pszMsg3)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetErrorN(rc, pErrInfo, 3, pszMsg1, pszMsg2, pszMsg3);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#ifdef SOME_UNUSED_FUNCTION

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedSetError2(int rc, PRTERRINFO pErrInfo, const char *pszMsg1,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync const char *pszMsg2)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetErrorN(rc, pErrInfo, 2, pszMsg1, pszMsg2);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedSetError(int rc, PRTERRINFO pErrInfo, const char *pszMsg)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetErrorN(rc, pErrInfo, 1, pszMsg);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif /* SOME_UNUSED_FUNCTION */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsynctypedef struct SUPR3HARDENEDPATHINFO

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /** The length of the path in szCopy. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync uint16_t cch;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync /** The number of path components. */

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync uint16_t cComponents;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync /** Set if the path ends with slash, indicating that it's a directory

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync bool fDirSlash;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync /** The offset where each path component starts, i.e. the char after the

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync uint16_t aoffComponents[32+1];

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync /** A normalized copy of the path.

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync char szPath[SUPR3HARDENED_MAX_PATH * 2];

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync} SUPR3HARDENEDPATHINFO;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsynctypedef SUPR3HARDENEDPATHINFO *PSUPR3HARDENEDPATHINFO;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync

88e56f700a3b8dfdf1646f96320f335e22339caavboxsyncstatic int supR3HardenedVerifyPathSanity(const char *pszPath, PRTERRINFO pErrInfo, PSUPR3HARDENEDPATHINFO pInfo)

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync{

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync const char *pszSrc = pszPath;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync char *pszDst = pInfo->szPath;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /*

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#if defined(RT_OS_WINDOWS) || defined(RT_OS_OS2)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if ( !RT_C_IS_ALPHA(pszSrc[0])

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync || pszSrc[1] != ':'

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync || !RTPATH_IS_SLASH(pszSrc[2]))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_NOT_ABSOLUTE, pErrInfo, "The path is not absolute: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync *pszDst++ = RT_C_TO_UPPER(pszSrc[0]);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync *pszDst++ = ':';

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync *pszDst++ = RTPATH_SLASH;

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync pszSrc += 3;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (!RTPATH_IS_SLASH(pszSrc[0]))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_NOT_ABSOLUTE, pErrInfo, "The path is not absolute: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync *pszDst++ = RTPATH_SLASH;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszSrc += 1;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /*

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (pszSrc[0] == '\0')

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_IS_ROOT, pErrInfo, "The path is root: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if ( pszSrc[1] == '\0'

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync || pszSrc[2] == '\0')

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_TOO_SHORT, pErrInfo, "The path is too short: '", pszPath, "'");

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /*

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync pInfo->cComponents = 0;

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync pInfo->fDirSlash = false;

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync while (pszSrc[0])

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync {

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /* Sanity checks. */

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync if (RTPATH_IS_SLASH(pszSrc[0])) /* can be relaxed if we care. */

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_NOT_CLEAN, pErrInfo,

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync "The path is not clean of double slashes: '", pszPath, "'");

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync if ( pszSrc[0] == '.'

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync && pszSrc[1] == '.'

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync && RTPATH_IS_SLASH(pszSrc[2]))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_NOT_ABSOLUTE, pErrInfo,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "The path is not absolute: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /* Record the start of the component. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (pInfo->cComponents >= RT_ELEMENTS(pInfo->aoffComponents) - 1)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_TOO_MANY_COMPONENTS, pErrInfo,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "The path has too many components: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pInfo->aoffComponents[pInfo->cComponents++] = pszDst - &pInfo->szPath[0];

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /* Traverse to the end of the component, copying it as we go along. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync while (pszSrc[0])

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (RTPATH_IS_SLASH(pszSrc[0]))

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync {

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszSrc++;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if (*pszSrc)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync *pszDst++ = RTPATH_SLASH;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pInfo->fDirSlash = true;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync break;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync *pszDst++ = *pszSrc++;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync if ((uintptr_t)(pszDst - &pInfo->szPath[0]) >= SUPR3HARDENED_MAX_PATH)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return supR3HardenedSetError3(VERR_SUPLIB_PATH_TOO_LONG, pErrInfo,

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync "The path is too long: '", pszPath, "'");

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync }

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /* Terminate the string and enter its length. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszDst[0] = '\0';

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pszDst[1] = '\0'; /* for aoffComponents */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pInfo->cch = (uint16_t)(pszDst - &pInfo->szPath[0]);

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync pInfo->aoffComponents[pInfo->cComponents] = pInfo->cch + 1;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync return VINF_SUCCESS;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync}

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsynctypedef struct SUPR3HARDENEDFSOBJSTATE

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#ifdef RT_OS_WINDOWS

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /** Not implemented for windows yet. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync char chTodo;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#else

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync /** The stat output. */

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync struct stat Stat;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync#endif

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync} SUPR3HARDENEDFSOBJSTATE;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsynctypedef SUPR3HARDENEDFSOBJSTATE *PSUPR3HARDENEDFSOBJSTATE;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsynctypedef SUPR3HARDENEDFSOBJSTATE const *PCSUPR3HARDENEDFSOBJSTATE;

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsyncstatic int supR3HardenedQueryFsObjectByPath(char const *pszPath, PSUPR3HARDENEDFSOBJSTATE pFsObjState, PRTERRINFO pErrInfo)

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync{

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync#if defined(RT_OS_WINDOWS)

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /** @todo Windows hardening. */

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync pFsObjState->chTodo = 0;

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync return VINF_SUCCESS;

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync#else

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /*

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync if (lstat(pszPath, &pFsObjState->Stat) != 0)

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync {

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /* Ignore access errors */

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync if (errno != EACCES)

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync return supR3HardenedSetErrorN(VERR_SUPLIB_STAT_FAILED, pErrInfo,

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync 5, "stat failed with ", strerror(errno), " on: '", pszPath, "'");

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync }

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /*

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync /** @todo */

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync return VINF_SUCCESS;

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync#endif

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync}

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

49a6b09abb20015b0af3e618a1f92b7e26785e90vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsyncstatic int supR3HardenedQueryFsObjectByHandle(RTHCUINTPTR hNative, PSUPR3HARDENEDFSOBJSTATE pFsObjState,

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync char const *pszPath, PRTERRINFO pErrInfo)

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync{

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#if defined(RT_OS_WINDOWS)

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync /** @todo Windows hardening. */

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync pFsObjState->chTodo = 0;

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync return VINF_SUCCESS;

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#else

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync /*

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync if (fstat((int)hNative, &pFsObjState->Stat) != 0)

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync return supR3HardenedSetErrorN(VERR_SUPLIB_STAT_FAILED, pErrInfo,

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync 5, "fstat failed with ", strerror(errno), " on '", pszPath, "'");

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync /*

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync /** @todo */

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync return VINF_SUCCESS;

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync#endif

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync}

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync

88e56f700a3b8dfdf1646f96320f335e22339caavboxsyncstatic int supR3HardenedIsSameFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState1, PCSUPR3HARDENEDFSOBJSTATE pFsObjState2,

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync const char *pszPath, PRTERRINFO pErrInfo)

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync{

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync#if defined(RT_OS_WINDOWS)

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync /** @todo Windows hardening. */

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync return VINF_SUCCESS;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync#elif defined(RT_OS_OS2)

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync return VINF_SUCCESS;

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync

88e56f700a3b8dfdf1646f96320f335e22339caavboxsync#else

0c69348b58bb8eabb1bea8867ee932b667bd0d34vboxsync /*

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync if ( pFsObjState1->Stat.st_ino != pFsObjState2->Stat.st_ino

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync || pFsObjState1->Stat.st_dev != pFsObjState2->Stat.st_dev)

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync return supR3HardenedSetError3(VERR_SUPLIB_NOT_SAME_OBJECT, pErrInfo,

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync "The native handle is not the same as '", pszPath, "' (ino/dev)");

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync if ( pFsObjState1->Stat.st_uid != pFsObjState2->Stat.st_uid

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync || pFsObjState1->Stat.st_gid != pFsObjState2->Stat.st_gid)

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync return supR3HardenedSetError3(VERR_SUPLIB_NOT_SAME_OBJECT, pErrInfo,

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync "The native handle is not the same as '", pszPath, "' (uid/gid)");

5c4d7e2aae42bbf39793dfa686925f076a56b4d5vboxsync if ( (pFsObjState1->Stat.st_mode & (S_IFMT | S_IWUSR | S_IWGRP | S_IWOTH))