If an attacker with SeImeprsonatePrivilege manages to create a
namedpipe server with a name matching that used by the "Interactive
Service", the GUI connecting to it could allow the attacker to
impersonate the GUI user.
Fix by validating the service pipe by comparing the pid of the pipe
server with that of the "Interactive Service".
Note: GetNamedPipeServerProcessId() returns the pid of the process
that created the first instance of the pipe. So, this patch only
guards against a rogue pipe instance created before the service
has started. This has to work in combination with a patch for the
service that disallows creation of additional pipe instances when
the service is running.
CVE: CVE-2024-4877
Reported by: Zeze with TeamT5 <zeze7w@gmail.com>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Use Shell_NotifyGetRect to find the icon location and place the
tip window a fixed distance above/below it.
It appears GUID_NULL used for above is not pulled in by shellapi.h.
Define locally when absent.
Also add TTF_RTLREADING for RTL languages. How to right justify
as well in this case is unclear.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Built-in tray notification icon has a tip text length limit of 128
characters which is often limited for showing the connected profile name,
connected since time and IP addresses. If the profile name is long the IP
numbers could get truncated.
Fix by using a custom tooltip window and display it when mouse hovers over
the icon. As the status bar need not be at the bottom of the screen (could be
at right, left or top as well), the location of the window is chosen based
on the mouse co-ordinates that trigger the hover event.
In case of errors while setting up the tooltip window, fall back to the current
behaviour.
If the message is too long to include time and IP, truncate the profile name
part of the message.
v2: Do not use wParam in NIN_POPUOPEN message as it does not seem to work
on Windows 11. Instead use GetCursorPos() for mouse location.
Fixes issue #666
Signed-off-by: Selva Nair <selva.nair@gmail.com>
The tray icon and its tip text get updated to the connecting state when starting
a new status window thread. This is not enough for persistent connections as these
can be restarted from the hold state which does not go through a new thread creation.
To see the bug, disconnect and reconnect a persistent connection and have it wait in the
connecting state. The tray icon colour does not change to yellow and the tray tip message
does not show the "Connecting to:" text.
Fix by ensuring that CheckAndSetTrayIcon() or SetTrayIcon() gets called whenever a state
change message is received.
Fixes issue #668
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Add ASAN build configuration, based on debug with ASAN
enabled. This might help finding crashes like in
https://github.com/OpenVPN/openvpn-gui/issues/548
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Since we use Visual Studio as generator, CMAKE_BUILD_TYPE doesn't make
sense, since configuration (release/debug) is specified on build step,
not configure step.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
There is no point in localizing "OpenVPN GUI"
tray icon tooltip. Remove it from resources and
replace with PACKAGE_NAME define.
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Switches to vcpkg-caching instead of directory caching.
While here, don't explicitely export VCPKG_ROOT.
run-vcpkg already takes care of that.
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
- The policy setting is checked when GUI is started. Any change
in policy will be effective only after restarting the GUI.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
- Only "hot" user input -- i.e, freshly typed password starting
from an empty string, with keyboard focus still in the edit
box -- can be revealed.
In particular, prefilled passwod (from cached value) cannot be
revealed.
- Once keyboard focus moves out of the password edit box, the inpit has
to be deleted for the reveal feature to get re-enabled.
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Commit 2b1e586
"Replace Sleep by a Wait function that pumps messages"
replaced Sleep() with a wait function which also processes messages.
However WM_MANAGEMENT message in some cases requires actual delay to be
processed. To achieve that, bring back original Sleep().
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Yuriy Darnobyt