* The static_/safe_ string macros were not properly designed to handle the case where
an expression such as strlen() rather than a static value was passed for the count,
leading to unexpected results, such as excessive truncation of strings. Fix that.
* Also fix a buffer overflow in GetDevices() due to using a wrong string length.
* _snprintf() is not always guaranteed to NUL terminate a string which could
lead to buffer overflows in iso_extract_files() and iso_extract_files().
* Fix this by switching to using the more secure _snprintf_s().
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* For good measure, we also switch to the strncat_s() where possible and also
use memmove() instead of memcpy()/strcpy() as the behaviour of the latter on
overlapping memory regions is undefined.
* Also fix some additional MinGW warnings regarding casts and nb_blocks.
* p[safe_strlen(p)] = 0; was pointless and could lead to a buffer overflow if
the string was not already NUL terminated, so remove it and make sure we
process a buffer that either contains legitimate Syslinux version strings
(that are NUL terminated always) or that has been read through read_file()
(that always adds a NUL terminator to the buffer).
* Also fix some whitespaces in related code sections and switch to using
read_file() for GRUB version lookup.
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* Whereas the length of the buffer allocated for the UTF-8 filename string is
the same length as the UCS-2 (which means it can store twice as many UTF-8
bytes as there are characters in the filename), it is still possible for the
converted UTF-8 string to overflow this buffer if the name contains glyphs
that use 3 or 4-byte sequences.
* As a result, use strncpy with the actual size of the UTF-8 filename buffer
(the following bytes are calloc'd to zero so the truncated string will be
NUL terminated) and produce a warning if the filename is truncated.
* Vulnerability discovered and reported by Mansour Gashasbi (@gashasbi).
* Also add Ctrl-A as a new cheat-mode to toggle the use of Rufus MBR (which is enabled by default)
which replaces the previous UI checkbox. The Disk ID field is now completely removed as we now
use the default values for XP and non XP installs, and will expect people with multiple disks to
disconnect all except the one where they plan to install Windows.
* This allows *runtime* validation of UEFI bootable media, such as Windows
or Linux installers, which, considering the unreliability of USB flash
drives, we assert is a a much better proposal than write-time validation
that utilities like balenaEcther (and to a lesser extent MCT) provide.
* Based on uefi-md5sum (https://github.com/pbatard/uefi-md5sum).
* Unconditionally activated on ISO extraction for GPT targets for now.
This will be changed to a user selectable option later.
* This enables the use of Ctrl-SELECT to also extract files from a .zip
when using non-bootable, DOS, UEFI-NTFS, etc.
* Also clean up some uprintf line terminations and some additional code.
* Also fix some Coverity and MinGW warnings.
* The AMI UEFI NTFS driver (version 0x10000), which is used in many modern systems from
ASUS, Gigabyte, intel and so on, has a major bug whereas depending on the size of the
buffers that are used to write the data onto the NTFS volume from Windows, as well as
read the data from the NTFS volume from UEFI, the data being read may be incorrect
(for details on this, see https://github.com/pbatard/AmiNtfsBug).
* Especially, it appears that if the size of the buffer used to write data on Windows is
smaller than the NTFS cluster size, the bug may be triggered.
* Because of this, we increase the size of ISO write buffer to 64 KB since, per
https://support.microsoft.com/en-gb/topic/default-cluster-size-for-ntfs-fat-and-exfat-9772e6f1-e31a-00d7-e18f-73169155af95
this is the maximum cluster size that can be used for NTFS volumes.
* This increase in size should also help with performance somewhat.
* Also add support for C11's _Static_assert() which may come handy.
* The legacy code we used for writing disk images used the size of the source image as
the maximum number of bytes we should copy, which is fine for uncompressed DD or VHD
images, but not so much for compressed VHDX ones. So we now make sure to use the
actual size of the virtual disk, which we obtain when mounting the VHD/VHDX.
* Also fix log progress update as well as a MinGW warning.
* Mint users sure are lucky that one of them *lied their way through* pretending that
persistence actually used to work with previous version of Mint, when it never did,
because they got us going through a whole refactor of the partition creation process
just so we could make Mint persistence work.
* Closes#2428.
* Also fix a Coverity warning.
* Use of '*.*' as pattern in file save dialog could lead to assert and crash, so
we now try to derive the type of image to be saved from the file extension. We
also did not properly handle user cancellation in the file save dialog.
* Also update iso9660/iso9660_fs.c to latest proposal of El Torito image handling.
* Also add a couple asserts in the hash table functions so that, if these ever get
triggered we will pick them from Windows Store reports, and clean up code.
* Per linuxmint/linuxmint#622 some ISOs may have a /EFI/boot/bootx64.efi that
is a symbolic to a nonexisting file.
* This is originally due to a Debian bug that was fixed in:
5bff71fea2
* Work around this by trying to extract a working bootx64.efi from the El-Torito image.
* Also improve DumpFatDir() to not replace already existing files.
* Also update copyright year and improve uprintf error handling
* Also bump GitHub Actions dependencies. Note that we do NOT want to update to
upload-artifact v4 because it BREAKS the creation of artifacts from matrix.
See: https://github.com/actions/upload-artifact#v4---whats-new
* Closes#2382
* Closes#2383
Pete Batard