From 9d1fa01c208c154c210c5e0b24e7be62834b28f7 Mon Sep 17 00:00:00 2001 From: Jonathan Martin Date: Thu, 14 Dec 2023 15:08:54 -0800 Subject: [PATCH] v2.8.6 --- client/common/changelog.txt | 7 +++++++ client/common/version/windscribe_version.h | 4 ++-- installer/windows/bootstrap/main.cpp | 12 ++++++++++++ .../installer/blocks/install_splittunnel.cpp | 5 ++++- installer/windows/uninstaller/uninstall.cpp | 4 +++- 5 files changed, 28 insertions(+), 4 deletions(-) diff --git a/client/common/changelog.txt b/client/common/changelog.txt index a99c8bd7..4af2f88e 100644 --- a/client/common/changelog.txt +++ b/client/common/changelog.txt @@ -1,3 +1,10 @@ +2.8.6 (13/12/2023) +All: + * Updated connected DNS utility (ctrld) to v1.3.2. +Windows: + * Fixed installer/uninstaller local privilege escalation vulnerability. #828 + + 2.8.5 (04/12/2023) All: * Fixed some text in preferences not matching with mobile. #826 diff --git a/client/common/version/windscribe_version.h b/client/common/version/windscribe_version.h index f5ac21d3..9dee037f 100644 --- a/client/common/version/windscribe_version.h +++ b/client/common/version/windscribe_version.h @@ -2,10 +2,10 @@ #define WINDSCRIBE_MAJOR_VERSION 2 #define WINDSCRIBE_MINOR_VERSION 8 -#define WINDSCRIBE_BUILD_VERSION 5 +#define WINDSCRIBE_BUILD_VERSION 6 // only one of these should be enabled; neither -> stable -#define WINDSCRIBE_IS_BETA +//#define WINDSCRIBE_IS_BETA //#define WINDSCRIBE_IS_GUINEA_PIG #define STR_HELPER(x) #x diff --git a/installer/windows/bootstrap/main.cpp b/installer/windows/bootstrap/main.cpp index 9e320bd6..71d02eeb 100644 --- a/installer/windows/bootstrap/main.cpp +++ b/installer/windows/bootstrap/main.cpp @@ -12,6 +12,18 @@ #include "archive/archive.h" #include "wsscopeguard.h" +// Set the DLL load directory to the system directory before entering WinMain(). +struct LoadSystemDLLsFromSystem32 +{ + LoadSystemDLLsFromSystem32() + { + // Remove the current directory from the search path for dynamically loaded + // DLLs as a precaution. This call has no effect for delay load DLLs. + SetDllDirectory(L""); + SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32); + } +} loadSystemDLLs; + static constexpr DWORD kMinOSBuildNumber = 17763; static int showMessageBox(HWND hOwner, LPCTSTR szTitle, UINT nStyle, LPCTSTR szFormat, ...) diff --git a/installer/windows/installer/installer/blocks/install_splittunnel.cpp b/installer/windows/installer/installer/blocks/install_splittunnel.cpp index 37de63e0..49f6e9ec 100644 --- a/installer/windows/installer/installer/blocks/install_splittunnel.cpp +++ b/installer/windows/installer/installer/blocks/install_splittunnel.cpp @@ -18,7 +18,10 @@ InstallSplitTunnel::InstallSplitTunnel(double weight) : IInstallBlock(weight, L" int InstallSplitTunnel::executeStep() { wstring infFile = Path::append(Settings::instance().getPath(), L"splittunnel\\windscribesplittunnel.inf"); - wstring commandLine = wstring(L"setupapi,InstallHinfSection DefaultInstall 132 ") + infFile; + wstring commandLine = + Path::append(Utils::GetSystemDir(), L"setupapi.dll") + + L",InstallHinfSection DefaultInstall 132 " + + infFile; if (!filesystem::exists(infFile)) { Log::instance().out("WARNING: the split tunnel driver inf (%ls) was not found.", infFile.c_str()); diff --git a/installer/windows/uninstaller/uninstall.cpp b/installer/windows/uninstaller/uninstall.cpp index 588a20cc..38a9e750 100644 --- a/installer/windows/uninstaller/uninstall.cpp +++ b/installer/windows/uninstaller/uninstall.cpp @@ -218,7 +218,9 @@ bool Uninstaller::InitializeUninstall() void Uninstaller::UninstallSplitTunnelDriver(const wstring& installationPath) { wostringstream commandLine; - commandLine << L"setupapi,InstallHinfSection DefaultUninstall 132 " << Path::append(installationPath, L"splittunnel\\windscribesplittunnel.inf"); + commandLine << Path::append(Utils::GetSystemDir(), L"setupapi.dll") + << L",InstallHinfSection DefaultUninstall 132 " + << Path::append(installationPath, L"splittunnel\\windscribesplittunnel.inf"); wstring appName = Path::append(Utils::GetSystemDir(), L"rundll32.exe");