Commit a4841494 authored by Steve Lhomme's avatar Steve Lhomme

contrib: gnutls: fix forbidden calls in Winstore builds

Backport a UNICODE fix that was merged after the GnuTLS code freeze.

Forbid call to GetHandleInformation(). fcntl never goes in that code section in
Winstore builds. It's only used for linux random number generation.

Do not allow calling SecureZeroMemory which is forbidden which is forbidden
and not available as an inline function in some cases.
parent 6e8effb6
From 57f80070ccd8461a224cc84b255844539ab72a8d Mon Sep 17 00:00:00 2001
From: Bruno Haible <bruno@clisp.org>
Date: Sat, 30 May 2020 11:04:02 +0200
Subject: [PATCH] Don't assume that UNICODE is not defined.
Many Windows API functions are defined differently (redirecting to a
function with suffix 'W') if the application defines the macro UNICODE
than by default (redirecting to a function with suffix 'A').
* gnutls/gl/clean-temp.c (OSVERSIONINFO, GetVersionEx): Redirect to the
variant with suffix 'A'.
* gnutls/gl/dirent-private.h (WIN32_FIND_DATA): Likewise.
* gnutls/gl/gc-gnulib.c (CryptAcquireContext): Likewise.
* gnutls/gl/getaddrinfo.c (GetModuleHandle): Likewise.
* gnutls/gl/getlogin.c (GetUserName): Likewise.
* gnutls/gl/getlogin_r.c (GetUserName): Likewise.
* gnutls/gl/gettimeofday.c (LoadLibrary): Likewise.
* gnutls/gl/isatty.c (LoadLibrary, QueryFullProcessImageName): Likewise.
* gnutls/gl/link.c (GetModuleHandle, CreateHardLink): Likewise.
* gnutls/gl/localename.c (GetLocaleInfo, EnumSystemLocales): Likewise.
* gnutls/gl/mountlist.c (GetDriveType): Likewise.
* gnutls/gl/nonblocking.c (GetNamedPipeHandleState): Likewise.
* gnutls/gl/opendir.c (WIN32_FIND_DATA, GetFullPathName, FindFirstFile):
Likewise.
* gnutls/gl/physmem.c (GetModuleHandle): Likewise.
* gnutls/gl/poll.c (GetModuleHandle, PeekConsoleInput, CreateEvent,
PeekMessage, DispatchMessage): Likewise.
* gnutls/gl/progreloc.c (GetModuleFileName): Likewise.
* gnutls/gl/putenv.c (SetEnvironmentVariable): Likewise.
* gnutls/gl/read.c (GetNamedPipeHandleState): Likewise.
* gnutls/gl/readdir.c (FindNextFile): Likewise.
* gnutls/gl/relocatable.c (GetModuleFileName): Likewise.
* gnutls/gl/rename.c (MoveFileEx): Likewise.
* gnutls/gl/rewinddir.c (FindFirstFile): Likewise.
* gnutls/gl/select.c (GetModuleHandle, PeekConsoleInput, CreateEvent,
PeekMessage, DispatchMessage): Likewise.
* gnutls/gl/sethostname.c (GetComputerNameEx, SetComputerNameEx): Likewise.
* gnutls/gl/socket.c (WSASocket): Likewise.
* gnutls/gl/stat-w32.c (LoadLibrary, GetFinalPathNameByHandle): Likewise.
* gnutls/gl/stat.c (WIN32_FIND_DATA, CreateFile, FindFirstFile): Likewise.
* gnutls/gl/stdio-read.c (GetNamedPipeHandleState): Likewise.
* gnutls/gl/stdio-write.c (GetNamedPipeHandleState): Likewise.
* gnutls/gl/tmpdir.c (GetTempPath): Likewise.
* gnutls/gl/tmpfile.c (OSVERSIONINFO, GetVersionEx, GetTempPath): Likewise.
* gnutls/gl/uname.c (OSVERSIONINFO, GetVersionEx): Likewise.
* gnutls/gl/utime.c (CreateFile, GetFileAttributes): Likewise.
* gnutls/gl/windows-cond.c (CreateEvent): Likewise.
* gnutls/gl/windows-rwlock.c (CreateEvent): Likewise.
* gnutls/gl/windows-timedmutex.c (CreateEvent): Likewise.
* gnutls/gl/windows-timedrecmutex.c (CreateEvent): Likewise.
* gnutls/gl/windows-timedrwlock.c (CreateEvent): Likewise.
* gnutls/gl/write.c (GetNamedPipeHandleState): Likewise.
---
gnutls/gl/gettimeofday.c | 4 +++
gnutls/gl/stat-w32.c | 6 +++++
gnutls/gl/stat.c | 7 ++++++
40 files changed, 279 insertions(+), 27 deletions(-)
diff --git gnutls/gl/gettimeofday.c gnutls/gl/gettimeofday.c
index 93914ba92..305ab984e 100644
--- gnutls/gl/gettimeofday.c
+++ gnutls/gl/gettimeofday.c
@@ -33,6 +33,10 @@
#ifdef WINDOWS_NATIVE
+/* Don't assume that UNICODE is not defined. */
+# undef LoadLibrary
+# define LoadLibrary LoadLibraryA
+
# if !(_WIN32_WINNT >= _WIN32_WINNT_WIN8)
/* Avoid warnings from gcc -Wcast-function-type. */
diff --git gnutls/gl/stat-w32.c gnutls/gl/stat-w32.c
index cca12dd9c..19bdfaa37 100644
--- gnutls/gl/stat-w32.c
+++ gnutls/gl/stat-w32.c
@@ -40,6 +40,12 @@
#include "pathmax.h"
#include "verify.h"
+/* Don't assume that UNICODE is not defined. */
+#undef LoadLibrary
+#define LoadLibrary LoadLibraryA
+#undef GetFinalPathNameByHandle
+#define GetFinalPathNameByHandle GetFinalPathNameByHandleA
+
#if !(_WIN32_WINNT >= _WIN32_WINNT_VISTA)
/* Avoid warnings from gcc -Wcast-function-type. */
diff --git gnutls/gl/stat.c gnutls/gl/stat.c
index e074e6a0a..9d3965d3c 100644
--- gnutls/gl/stat.c
+++ gnutls/gl/stat.c
@@ -65,6 +65,13 @@ orig_stat (const char *filename, struct stat *buf)
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
# include "stat-w32.h"
+/* Don't assume that UNICODE is not defined. */
+# undef WIN32_FIND_DATA
+# define WIN32_FIND_DATA WIN32_FIND_DATAA
+# undef CreateFile
+# define CreateFile CreateFileA
+# undef FindFirstFile
+# define FindFirstFile FindFirstFileA
#endif
#ifdef WINDOWS_NATIVE
--
2.26.0.windows.1
From 3c950e27a8d20603f100bf21d402f74355a495c1 Mon Sep 17 00:00:00 2001
From: Steve Lhomme <robux4@ycbcr.xyz>
Date: Mon, 8 Jun 2020 16:07:59 +0200
Subject: [PATCH] explicit_bzero: Do not call SecureZeroMemory on UWP builds
The call is forbidden:
https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
It's considered a legacy API and is implemented as an always inline function.
There is no good replacement API that is available in UWP.
Signed-off-by: Steve Lhomme <robux4@ycbcr.xyz>
---
gnutls/gl/explicit_bzero.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git gnutls/gl/explicit_bzero.c gnutls/gl/explicit_bzero.c
index b1df418e5..3b8cc4ea4 100644
--- gnutls/gl/explicit_bzero.c
+++ gnutls/gl/explicit_bzero.c
@@ -35,6 +35,9 @@
#if defined _WIN32 && !defined __CYGWIN__
# define WIN32_LEAN_AND_MEAN
# include <windows.h>
+# if !defined WINAPI_FAMILY || WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
+# define USE_SECURE_ZERO_MEMORY
+# endif
#endif
#if _LIBC
@@ -48,7 +51,7 @@
void
explicit_bzero (void *s, size_t len)
{
-#if defined _WIN32 && !defined __CYGWIN__
+#if defined USE_SECURE_ZERO_MEMORY
(void) SecureZeroMemory (s, len);
#elif HAVE_EXPLICIT_MEMSET
explicit_memset (s, '\0', len);
--
2.26.0.windows.1
From 0c8ca1736ee07c7d7dbce05108120cf4f8937bd0 Mon Sep 17 00:00:00 2001
From: Steve Lhomme <robux4@ycbcr.xyz>
Date: Thu, 4 Jun 2020 10:15:38 +0200
Subject: [PATCH] fcntl: do not call GetHandleInformation() in Winstore apps
The API is forbidden [1] and HANDLE_FLAG_INHERIT would never be set as exec()
is not allowed either [2].
[1] https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-gethandleinformation
[2] https://docs.microsoft.com/en-us/cpp/cppcx/crt-functions-not-supported-in-universal-windows-platform-apps
---
gl/fcntl.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gl/fcntl.c b/gl/fcntl.c
index 6b9927ec4..e316ca306 100644
--- a/gl/fcntl.c
+++ b/gl/fcntl.c
@@ -229,12 +229,19 @@ fcntl (int fd, int action, /* arg */...)
{
# if defined _WIN32 && ! defined __CYGWIN__
HANDLE handle = (HANDLE) _get_osfhandle (fd);
+# if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
DWORD flags;
if (handle == INVALID_HANDLE_VALUE
|| GetHandleInformation (handle, &flags) == 0)
errno = EBADF;
else
result = (flags & HANDLE_FLAG_INHERIT) ? 0 : FD_CLOEXEC;
+# else /* ! WINAPI_PARTITION_DESKTOP */
+ if (handle == INVALID_HANDLE_VALUE)
+ errno = EBADF;
+ else
+ result = 0;
+# endif /* ! WINAPI_PARTITION_DESKTOP */
# else /* !W32 */
/* Use dup2 to reject invalid file descriptors. No way to
access this information, so punt. */
--
2.26.0.windows.1
......@@ -20,6 +20,17 @@ $(TARBALLS)/gnutls-$(GNUTLS_VERSION).tar.xz:
gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls
$(UNPACK)
$(APPLY) $(SRC)/gnutls/gnutls-fix-mangling.patch
# backport gnulib patch
$(APPLY) $(SRC)/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
# fix forbidden UWP call which can't be upstreamed as they won't
# differentiate for winstore, only _WIN32_WINNT
$(APPLY) $(SRC)/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch
# forbidden RtlSecureZeroMemory call in winstore builds
$(APPLY) $(SRC)/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
# disable the dllimport in static linking (pkg-config --static doesn't handle Cflags.private)
cd $(UNPACK_DIR) && sed -i.orig -e s/"_SYM_EXPORT __declspec(dllimport)"/"_SYM_EXPORT"/g lib/includes/gnutls/gnutls.h.in
ifdef HAVE_ANDROID
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment