Skip to content

Commit

Permalink
1.12.7
Browse files Browse the repository at this point in the history
  • Loading branch information
@DavidXanatos
DavidXanatos committed Jan 6, 2024
1 parent f05fdf2 commit 2d871e3
Show file tree
Hide file tree
Showing 3 changed files with 127 additions and 40 deletions.
10 changes: 7 additions & 3 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- Make Duplicate Box Config keep the order of the original box configuration [#3523](https://github.com/sandboxie-plus/Sandboxie/issues/3523)
- Save options as new defaults disappears from the Summary page [#3522](https://github.com/sandboxie-plus/Sandboxie/issues/3522)
- Windows Explorer has difficulty navigating when running in a sandbox with data protection enabled on Windows 11 [#3517](https://github.com/sandboxie-plus/Sandboxie/issues/3517) [#3516](https://github.com/sandboxie-plus/Sandboxie/issues/3516)
- fixed Windows Explorer has difficulty navigating when running in a sandbox with data protection enabled on Windows 11 [#3517](https://github.com/sandboxie-plus/Sandboxie/issues/3517) [#3516](https://github.com/sandboxie-plus/Sandboxie/issues/3516)
- the default template for privacy boxes now sets NormalFilePath=%ProgramData%\Microsoft\
- MessageBox with MB_DEFAULT_DESKTOP_ONLY or MB_SERVICE_NOTIFICATION can not display title and text correctly in security hardened box. [#3529](https://github.com/sandboxie-plus/Sandboxie/issues/3529)
- Can't run npm inside security hardened sandbox on Windows 11 [#3505](https://github.com/sandboxie-plus/Sandboxie/issues/3505)
- fixed MessageBox with MB_DEFAULT_DESKTOP_ONLY or MB_SERVICE_NOTIFICATION can not display title and text correctly in security hardened box. [#3529](https://github.com/sandboxie-plus/Sandboxie/issues/3529)
- fixed Can't run npm inside security hardened sandbox on Windows 11 [#3505](https://github.com/sandboxie-plus/Sandboxie/issues/3505)
- fixed [1.12.6] Symlink and open path issue [#3537](https://github.com/sandboxie-plus/Sandboxie/issues/3537)




## [1.12.6 / 5.67.6] - 2024-01-02

Expand Down
112 changes: 79 additions & 33 deletions Sandboxie/core/dll/file.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -438,6 +438,7 @@ _FX NTSTATUS File_GetCopyPathImpl(WCHAR* TruePath, WCHAR **OutCopyPath, ULONG *O
ULONG length;
WCHAR* name;
const FILE_DRIVE *drive;
const FILE_GUID* guid;
ULONG PrefixLength;

length = wcslen(TruePath);
Expand Down Expand Up @@ -577,26 +578,48 @@ _FX NTSTATUS File_GetCopyPathImpl(WCHAR* TruePath, WCHAR **OutCopyPath, ULONG *O
else
drive = File_GetDriveForUncPath(TruePath, length, &drive_len);

if (drive) {
if (!drive)
guid = File_GetGuidForPath(TruePath, length);

if (drive || guid) {

WCHAR drive_letter = 0;
WCHAR sn[10] = { 0 };
WCHAR drive_guid[38 + 1];

WCHAR drive_letter = drive->letter;
if (drive) {
drive_letter = drive->letter;
wcscpy(sn, drive->sn);
}
else { // if guid
wcscpy(drive_guid, guid->guid);
drive_len = guid->len;
}

LeaveCriticalSection(File_DrivesAndLinks_CritSec);

wmemcpy(name, _Drive, _DriveLen);
name += _DriveLen;
*name = drive_letter;
++name;

if (File_DriveAddSN && *drive->sn) {
if (drive_letter) {

*name = L'~';
*name = drive_letter;
++name;
wcscpy(name, drive->sn);
name += 9;

if (File_DriveAddSN && *sn) {

*name = L'~';
++name;
wcscpy(name, sn);
name += 9;
}

*name = L'\0';
}
else { // if guid

*name = L'\0';
wcscpy(name, drive_guid);
name += wcslen(drive_guid); // = 38
}

if (length == drive_len) {

Expand Down Expand Up @@ -669,6 +692,7 @@ _FX NTSTATUS File_GetTruePathImpl(ULONG length, WCHAR **OutTruePath, ULONG *OutF
ULONG prefixLen = 0;
WCHAR* name;
const FILE_DRIVE *drive;
const FILE_GUID* guid;

check_sandbox_prefix:

Expand Down Expand Up @@ -736,32 +760,50 @@ _FX NTSTATUS File_GetTruePathImpl(ULONG length, WCHAR **OutTruePath, ULONG *OutF
_wcsnicmp(*OutTruePath, _Drive, _DriveLen - 1) == 0)
{
name = (*OutTruePath);
if (name[_DriveLen - 1] == L'\\')
drive = File_GetDriveForLetter(name[_DriveLen]);
else
drive = NULL;

if (! drive) {
drive = NULL;
guid = NULL;

if (name[_DriveLen - 1] == L'\\') {
if (name[_DriveLen] == L'{')
guid = File_GetLinkForGuid(&name[_DriveLen]);
else
drive = File_GetDriveForLetter(name[_DriveLen]);
}


if (drive) {

ULONG len = _DriveLen + 1; /* drive letter */

// skip any suffix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (!ptr) ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\0');
len = (ULONG)(ptr - *OutTruePath);
}

File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
drive->path, drive->len);
}
else if (guid) {

ULONG len = _DriveLen + 38; /* drive guid*/

File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
guid->path, guid->len);
}
else {

//
// caller specified invalid path for \sandbox\drive\x
//
*OutTruePath = NULL;
return STATUS_BAD_INITIAL_PC;
}

ULONG len = _DriveLen + 1; /* drive letter */

// skip any suffix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (!ptr) ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\0');
len = (ULONG)(ptr - *OutTruePath);
}

File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
drive->path, drive->len);

if (p_convert_links_again) *p_convert_links_again = TRUE;

LeaveCriticalSection(File_DrivesAndLinks_CritSec);
Expand Down Expand Up @@ -883,6 +925,7 @@ _FX NTSTATUS File_GetName(
ULONG objname_len;
WCHAR *objname_buf;
const FILE_DRIVE *drive;
const FILE_GUID* guid;
BOOLEAN have_trailing_backslash, add_trailing_backslash;
BOOLEAN have_tilde;
BOOLEAN convert_links_again;
Expand Down Expand Up @@ -917,6 +960,7 @@ _FX NTSTATUS File_GetName(
}

drive = NULL;
guid = NULL;

free_true_path = FALSE;

Expand Down Expand Up @@ -1090,9 +1134,11 @@ _FX NTSTATUS File_GetName(
// the next section of code from trying to translate symlinks
//

drive = File_GetDriveForPath(
objname_buf, objname_len / sizeof(WCHAR));
if (drive) {
drive = File_GetDriveForPath(objname_buf, objname_len / sizeof(WCHAR));
if(!drive)
guid = File_GetGuidForPath(objname_buf, objname_len / sizeof(WCHAR));

if (drive || guid) {

name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER,
Expand All @@ -1106,7 +1152,7 @@ _FX NTSTATUS File_GetName(
}
}

if (drive) {
if (drive || guid) {

File_GetName_ConvertLinks(
TlsData, OutTruePath, convert_wow64_link);
Expand Down Expand Up @@ -1202,7 +1248,7 @@ _FX NTSTATUS File_GetName(
// if this is a named pipe or mail slot, return special status
//

if ((! drive) && File_IsNamedPipe(*OutTruePath, NULL)) {
if (!drive && !guid && File_IsNamedPipe(*OutTruePath, NULL)) {

return STATUS_BAD_INITIAL_PC;
}
Expand Down
45 changes: 41 additions & 4 deletions Sandboxie/core/dll/file_link.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -258,6 +258,45 @@ _FX FILE_DRIVE *File_GetDriveForLetter(WCHAR drive_letter)
}


//---------------------------------------------------------------------------
// File_GetGuidForPath
//---------------------------------------------------------------------------


_FX FILE_GUID *File_GetGuidForPath(const WCHAR *Path, ULONG PathLen)
{
FILE_GUID *guid;

EnterCriticalSection(File_DrivesAndLinks_CritSec);

guid = List_Head(File_GuidLinks);
while (guid) {

if (PathLen >= guid->len
&& _wcsnicmp(Path, guid->path, guid->len) == 0) {

//
// make sure access to \Device\HarddiskVolume10 (for M:),
// for instance, is not matched by \Device\HarddiskVolume1
// (for C:), by requiring a backslash or null character
// to follow the matching drive path
//

const WCHAR *ptr = Path + guid->len;
if (*ptr == L'\\' || *ptr == L'\0')
break;
}

guid = List_Next(guid);
}

if(!guid)
LeaveCriticalSection(File_DrivesAndLinks_CritSec);

return guid;
}


//---------------------------------------------------------------------------
// File_GetLinkForGuid
//---------------------------------------------------------------------------
Expand Down Expand Up @@ -991,23 +1030,21 @@ _FX FILE_LINK *File_AddTempLink(WCHAR *path)

if (NT_SUCCESS(status)) {

USHORT SubstituteNameLength = 0;
WCHAR* SubstituteNameBuffer = NULL;
//USHORT PrintNameLength = 0;
//WCHAR* PrintNameBuffer = NULL;
BOOL RelativePath = FALSE;

if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
SubstituteNameLength = reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength;
SubstituteNameBuffer = &reparseDataBuffer->SymbolicLinkReparseBuffer.PathBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
if (reparseDataBuffer->SymbolicLinkReparseBuffer.Flags & SYMLINK_FLAG_RELATIVE)
RelativePath = TRUE;
SubstituteNameBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
}
else if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
SubstituteNameLength = reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength;
SubstituteNameBuffer = &reparseDataBuffer->MountPointReparseBuffer.PathBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
SubstituteNameBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
}

if (SubstituteNameBuffer && !RelativePath) // todo RelativePath - for now we fall back to UserReparse = FALSE;
Expand Down

0 comments on commit 2d871e3

Please sign in to comment.