mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.12.7

This commit is contained in:
DavidXanatos 2024-01-07 00:23:30 +01:00
parent f05fdf23b9
commit 2d871e37ef
3 changed files with 128 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGELOG.md
View File

@ -9,10 +9,14 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed
- Make Duplicate Box Config keep the order of the original box configuration [#3523](https://github.com/sandboxie-plus/Sandboxie/issues/3523)
- Save options as new defaults disappears from the Summary page [#3522](https://github.com/sandboxie-plus/Sandboxie/issues/3522)
- Windows Explorer has difficulty navigating when running in a sandbox with data protection enabled on Windows 11 [#3517](https://github.com/sandboxie-plus/Sandboxie/issues/3517) [#3516](https://github.com/sandboxie-plus/Sandboxie/issues/3516)
- fixed Windows Explorer has difficulty navigating when running in a sandbox with data protection enabled on Windows 11 [#3517](https://github.com/sandboxie-plus/Sandboxie/issues/3517) [#3516](https://github.com/sandboxie-plus/Sandboxie/issues/3516)
- the default template for privacy boxes now sets NormalFilePath=%ProgramData%\Microsoft\
- MessageBox with MB_DEFAULT_DESKTOP_ONLY or MB_SERVICE_NOTIFICATION can not display title and text correctly in security hardened box. [#3529](https://github.com/sandboxie-plus/Sandboxie/issues/3529)
- Can't run npm inside security hardened sandbox on Windows 11 [#3505](https://github.com/sandboxie-plus/Sandboxie/issues/3505)
- fixed MessageBox with MB_DEFAULT_DESKTOP_ONLY or MB_SERVICE_NOTIFICATION can not display title and text correctly in security hardened box. [#3529](https://github.com/sandboxie-plus/Sandboxie/issues/3529)
- fixed Can't run npm inside security hardened sandbox on Windows 11 [#3505](https://github.com/sandboxie-plus/Sandboxie/issues/3505)
- fixed [1.12.6] Symlink and open path issue [#3537](https://github.com/sandboxie-plus/Sandboxie/issues/3537)
## [1.12.6 / 5.67.6] - 2024-01-02

114
Sandboxie/core/dll/file.c
View File

@ -438,6 +438,7 @@ _FX NTSTATUS File_GetCopyPathImpl(WCHAR* TruePath, WCHAR **OutCopyPath, ULONG *O
ULONG length;
WCHAR* name;
const FILE_DRIVE *drive;
const FILE_GUID* guid;
ULONG PrefixLength;
length = wcslen(TruePath);
@ -577,26 +578,48 @@ _FX NTSTATUS File_GetCopyPathImpl(WCHAR* TruePath, WCHAR **OutCopyPath, ULONG *O
else
drive = File_GetDriveForUncPath(TruePath, length, &drive_len);
if (drive) {
if (!drive)
guid = File_GetGuidForPath(TruePath, length);
WCHAR drive_letter = drive->letter;
if (drive || guid) {
WCHAR drive_letter = 0;
WCHAR sn[10] = { 0 };
WCHAR drive_guid[38 + 1];
if (drive) {
drive_letter = drive->letter;
wcscpy(sn, drive->sn);
}
else { // if guid
wcscpy(drive_guid, guid->guid);
drive_len = guid->len;
}
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
wmemcpy(name, _Drive, _DriveLen);
name += _DriveLen;
*name = drive_letter;
++name;
if (drive_letter) {
if (File_DriveAddSN && *drive->sn) {
*name = L'~';
*name = drive_letter;
++name;
wcscpy(name, drive->sn);
name += 9;
}
if (File_DriveAddSN && *sn) {
*name = L'\0';
*name = L'~';
++name;
wcscpy(name, sn);
name += 9;
}
*name = L'\0';
}
else { // if guid
wcscpy(name, drive_guid);
name += wcslen(drive_guid); // = 38
}
if (length == drive_len) {
@ -669,6 +692,7 @@ _FX NTSTATUS File_GetTruePathImpl(ULONG length, WCHAR **OutTruePath, ULONG *OutF
ULONG prefixLen = 0;
WCHAR* name;
const FILE_DRIVE *drive;
const FILE_GUID* guid;
check_sandbox_prefix:
@ -736,12 +760,43 @@ check_sandbox_prefix:
_wcsnicmp(*OutTruePath, _Drive, _DriveLen - 1) == 0)
{
name = (*OutTruePath);
if (name[_DriveLen - 1] == L'\\')
drive = File_GetDriveForLetter(name[_DriveLen]);
else
drive = NULL;
if (! drive) {
drive = NULL;
guid = NULL;
if (name[_DriveLen - 1] == L'\\') {
if (name[_DriveLen] == L'{')
guid = File_GetLinkForGuid(&name[_DriveLen]);
else
drive = File_GetDriveForLetter(name[_DriveLen]);
}
if (drive) {
ULONG len = _DriveLen + 1; /* drive letter */
// skip any suffix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (!ptr) ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\0');
len = (ULONG)(ptr - *OutTruePath);
}
File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
drive->path, drive->len);
}
else if (guid) {
ULONG len = _DriveLen + 38; /* drive guid*/
File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
guid->path, guid->len);
}
else {
//
// caller specified invalid path for \sandbox\drive\x
//
@ -749,19 +804,6 @@ check_sandbox_prefix:
return STATUS_BAD_INITIAL_PC;
}
ULONG len = _DriveLen + 1; /* drive letter */
// skip any suffix after the drive letter
if (File_DriveAddSN) {
WCHAR* ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\\');
if (!ptr) ptr = wcschr(*OutTruePath + _DriveLen + 1, L'\0');
len = (ULONG)(ptr - *OutTruePath);
}
File_GetName_FixTruePrefix(TlsData,
OutTruePath, &length, len,
drive->path, drive->len);
if (p_convert_links_again) *p_convert_links_again = TRUE;
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
@ -883,6 +925,7 @@ _FX NTSTATUS File_GetName(
ULONG objname_len;
WCHAR *objname_buf;
const FILE_DRIVE *drive;
const FILE_GUID* guid;
BOOLEAN have_trailing_backslash, add_trailing_backslash;
BOOLEAN have_tilde;
BOOLEAN convert_links_again;
@ -917,6 +960,7 @@ _FX NTSTATUS File_GetName(
}
drive = NULL;
guid = NULL;
free_true_path = FALSE;
@ -1090,9 +1134,11 @@ _FX NTSTATUS File_GetName(
// the next section of code from trying to translate symlinks
//
drive = File_GetDriveForPath(
objname_buf, objname_len / sizeof(WCHAR));
if (drive) {
drive = File_GetDriveForPath(objname_buf, objname_len / sizeof(WCHAR));
if(!drive)
guid = File_GetGuidForPath(objname_buf, objname_len / sizeof(WCHAR));
if (drive || guid) {
name = Dll_GetTlsNameBuffer(
TlsData, TRUE_NAME_BUFFER,
@ -1106,7 +1152,7 @@ _FX NTSTATUS File_GetName(
}
}
if (drive) {
if (drive || guid) {
File_GetName_ConvertLinks(
TlsData, OutTruePath, convert_wow64_link);
@ -1202,7 +1248,7 @@ _FX NTSTATUS File_GetName(
// if this is a named pipe or mail slot, return special status
//
if ((! drive) && File_IsNamedPipe(*OutTruePath, NULL)) {
if (!drive && !guid && File_IsNamedPipe(*OutTruePath, NULL)) {
return STATUS_BAD_INITIAL_PC;
}

45
Sandboxie/core/dll/file_link.c
View File

@ -258,6 +258,45 @@ _FX FILE_DRIVE *File_GetDriveForLetter(WCHAR drive_letter)
}
//---------------------------------------------------------------------------
// File_GetGuidForPath
//---------------------------------------------------------------------------
_FX FILE_GUID *File_GetGuidForPath(const WCHAR *Path, ULONG PathLen)
{
FILE_GUID *guid;
EnterCriticalSection(File_DrivesAndLinks_CritSec);
guid = List_Head(File_GuidLinks);
while (guid) {
if (PathLen >= guid->len
&& _wcsnicmp(Path, guid->path, guid->len) == 0) {
//
// make sure access to \Device\HarddiskVolume10 (for M:),
// for instance, is not matched by \Device\HarddiskVolume1
// (for C:), by requiring a backslash or null character
// to follow the matching drive path
//
const WCHAR *ptr = Path + guid->len;
if (*ptr == L'\\' || *ptr == L'\0')
break;
}
guid = List_Next(guid);
}
if(!guid)
LeaveCriticalSection(File_DrivesAndLinks_CritSec);
return guid;
}
//---------------------------------------------------------------------------
// File_GetLinkForGuid
//---------------------------------------------------------------------------
@ -991,23 +1030,21 @@ _FX FILE_LINK *File_AddTempLink(WCHAR *path)
if (NT_SUCCESS(status)) {
USHORT SubstituteNameLength = 0;
WCHAR* SubstituteNameBuffer = NULL;
//USHORT PrintNameLength = 0;
//WCHAR* PrintNameBuffer = NULL;
BOOL RelativePath = FALSE;
if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_SYMLINK)
{
SubstituteNameLength = reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength;
SubstituteNameBuffer = &reparseDataBuffer->SymbolicLinkReparseBuffer.PathBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
if (reparseDataBuffer->SymbolicLinkReparseBuffer.Flags & SYMLINK_FLAG_RELATIVE)
RelativePath = TRUE;
SubstituteNameBuffer[reparseDataBuffer->SymbolicLinkReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
}
else if (reparseDataBuffer->ReparseTag == IO_REPARSE_TAG_MOUNT_POINT)
{
SubstituteNameLength = reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength;
SubstituteNameBuffer = &reparseDataBuffer->MountPointReparseBuffer.PathBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameOffset/sizeof(WCHAR)];
SubstituteNameBuffer[reparseDataBuffer->MountPointReparseBuffer.SubstituteNameLength / sizeof(WCHAR)] = 0;
}
if (SubstituteNameBuffer && !RelativePath) // todo RelativePath - for now we fall back to UserReparse = FALSE;