[vlc-devel] [PACTH 3.0 19/21] contrib: gnutls: fix forbidden calls in Winstore builds

Steve Lhomme robux4 at ycbcr.xyz
Mon Jun 22 09:02:59 CEST 2020


Backport a UNICODE fix that was merged after the GnuTLS code freeze.

Forbid call to GetHandleInformation(). fcntl never goes in that code section in
Winstore builds. It's only used for linux random number generation.

Do not allow calling SecureZeroMemory which is forbidden which is forbidden
and not available as an inline function in some cases.

(cherry picked from commit a4841494fd974ec2c6208bc77f0f0c90dc5aebaf)

Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
---
 ...t-assume-that-UNICODE-is-not-defined.patch | 111 ++++++++++++++++++
 ...o-not-call-SecureZeroMemory-on-UWP-b.patch |  43 +++++++
 ...l-GetHandleInformation-in-Winstore-a.patch |  41 +++++++
 contrib/src/gnutls/rules.mak                  |  11 ++
 4 files changed, 206 insertions(+)
 create mode 100644 contrib/src/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
 create mode 100644 contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
 create mode 100644 contrib/src/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch

diff --git a/contrib/src/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch b/contrib/src/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
new file mode 100644
index 0000000000..23114a89ea
--- /dev/null
+++ b/contrib/src/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
@@ -0,0 +1,111 @@
+From 57f80070ccd8461a224cc84b255844539ab72a8d Mon Sep 17 00:00:00 2001
+From: Bruno Haible <bruno at clisp.org>
+Date: Sat, 30 May 2020 11:04:02 +0200
+Subject: [PATCH] Don't assume that UNICODE is not defined.
+
+Many Windows API functions are defined differently (redirecting to a
+function with suffix 'W') if the application defines the macro UNICODE
+than by default (redirecting to a function with suffix 'A').
+
+* gnutls/gl/clean-temp.c (OSVERSIONINFO, GetVersionEx): Redirect to the
+variant with suffix 'A'.
+* gnutls/gl/dirent-private.h (WIN32_FIND_DATA): Likewise.
+* gnutls/gl/gc-gnulib.c (CryptAcquireContext): Likewise.
+* gnutls/gl/getaddrinfo.c (GetModuleHandle): Likewise.
+* gnutls/gl/getlogin.c (GetUserName): Likewise.
+* gnutls/gl/getlogin_r.c (GetUserName): Likewise.
+* gnutls/gl/gettimeofday.c (LoadLibrary): Likewise.
+* gnutls/gl/isatty.c (LoadLibrary, QueryFullProcessImageName): Likewise.
+* gnutls/gl/link.c (GetModuleHandle, CreateHardLink): Likewise.
+* gnutls/gl/localename.c (GetLocaleInfo, EnumSystemLocales): Likewise.
+* gnutls/gl/mountlist.c (GetDriveType): Likewise.
+* gnutls/gl/nonblocking.c (GetNamedPipeHandleState): Likewise.
+* gnutls/gl/opendir.c (WIN32_FIND_DATA, GetFullPathName, FindFirstFile):
+Likewise.
+* gnutls/gl/physmem.c (GetModuleHandle): Likewise.
+* gnutls/gl/poll.c (GetModuleHandle, PeekConsoleInput, CreateEvent,
+PeekMessage, DispatchMessage): Likewise.
+* gnutls/gl/progreloc.c (GetModuleFileName): Likewise.
+* gnutls/gl/putenv.c (SetEnvironmentVariable): Likewise.
+* gnutls/gl/read.c (GetNamedPipeHandleState): Likewise.
+* gnutls/gl/readdir.c (FindNextFile): Likewise.
+* gnutls/gl/relocatable.c (GetModuleFileName): Likewise.
+* gnutls/gl/rename.c (MoveFileEx): Likewise.
+* gnutls/gl/rewinddir.c (FindFirstFile): Likewise.
+* gnutls/gl/select.c (GetModuleHandle, PeekConsoleInput, CreateEvent,
+PeekMessage, DispatchMessage): Likewise.
+* gnutls/gl/sethostname.c (GetComputerNameEx, SetComputerNameEx): Likewise.
+* gnutls/gl/socket.c (WSASocket): Likewise.
+* gnutls/gl/stat-w32.c (LoadLibrary, GetFinalPathNameByHandle): Likewise.
+* gnutls/gl/stat.c (WIN32_FIND_DATA, CreateFile, FindFirstFile): Likewise.
+* gnutls/gl/stdio-read.c (GetNamedPipeHandleState): Likewise.
+* gnutls/gl/stdio-write.c (GetNamedPipeHandleState): Likewise.
+* gnutls/gl/tmpdir.c (GetTempPath): Likewise.
+* gnutls/gl/tmpfile.c (OSVERSIONINFO, GetVersionEx, GetTempPath): Likewise.
+* gnutls/gl/uname.c (OSVERSIONINFO, GetVersionEx): Likewise.
+* gnutls/gl/utime.c (CreateFile, GetFileAttributes): Likewise.
+* gnutls/gl/windows-cond.c (CreateEvent): Likewise.
+* gnutls/gl/windows-rwlock.c (CreateEvent): Likewise.
+* gnutls/gl/windows-timedmutex.c (CreateEvent): Likewise.
+* gnutls/gl/windows-timedrecmutex.c (CreateEvent): Likewise.
+* gnutls/gl/windows-timedrwlock.c (CreateEvent): Likewise.
+* gnutls/gl/write.c (GetNamedPipeHandleState): Likewise.
+---
+ gnutls/gl/gettimeofday.c          |  4 +++
+ gnutls/gl/stat-w32.c              |  6 +++++
+ gnutls/gl/stat.c                  |  7 ++++++
+ 40 files changed, 279 insertions(+), 27 deletions(-)
+
+diff --git gnutls/gl/gettimeofday.c gnutls/gl/gettimeofday.c
+index 93914ba92..305ab984e 100644
+--- gnutls/gl/gettimeofday.c
++++ gnutls/gl/gettimeofday.c
+@@ -33,6 +33,10 @@
+
+ #ifdef WINDOWS_NATIVE
+
++/* Don't assume that UNICODE is not defined.  */
++# undef LoadLibrary
++# define LoadLibrary LoadLibraryA
++
+ # if !(_WIN32_WINNT >= _WIN32_WINNT_WIN8)
+
+ /* Avoid warnings from gcc -Wcast-function-type.  */
+diff --git gnutls/gl/stat-w32.c gnutls/gl/stat-w32.c
+index cca12dd9c..19bdfaa37 100644
+--- gnutls/gl/stat-w32.c
++++ gnutls/gl/stat-w32.c
+@@ -40,6 +40,12 @@
+ #include "pathmax.h"
+ #include "verify.h"
+
++/* Don't assume that UNICODE is not defined.  */
++#undef LoadLibrary
++#define LoadLibrary LoadLibraryA
++#undef GetFinalPathNameByHandle
++#define GetFinalPathNameByHandle GetFinalPathNameByHandleA
++
+ #if !(_WIN32_WINNT >= _WIN32_WINNT_VISTA)
+
+ /* Avoid warnings from gcc -Wcast-function-type.  */
+diff --git gnutls/gl/stat.c gnutls/gl/stat.c
+index e074e6a0a..9d3965d3c 100644
+--- gnutls/gl/stat.c
++++ gnutls/gl/stat.c
+@@ -65,6 +65,13 @@ orig_stat (const char *filename, struct stat *buf)
+ # define WIN32_LEAN_AND_MEAN
+ # include <windows.h>
+ # include "stat-w32.h"
++/* Don't assume that UNICODE is not defined.  */
++# undef WIN32_FIND_DATA
++# define WIN32_FIND_DATA WIN32_FIND_DATAA
++# undef CreateFile
++# define CreateFile CreateFileA
++# undef FindFirstFile
++# define FindFirstFile FindFirstFileA
+ #endif
+
+ #ifdef WINDOWS_NATIVE
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch b/contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
new file mode 100644
index 0000000000..6e09b59e38
--- /dev/null
+++ b/contrib/src/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
@@ -0,0 +1,43 @@
+From 3c950e27a8d20603f100bf21d402f74355a495c1 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Mon, 8 Jun 2020 16:07:59 +0200
+Subject: [PATCH] explicit_bzero: Do not call SecureZeroMemory on UWP builds
+
+The call is forbidden:
+https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/aa366877(v=vs.85)
+
+It's considered a legacy API and is implemented as an always inline function.
+
+There is no good replacement API that is available in UWP.
+
+Signed-off-by: Steve Lhomme <robux4 at ycbcr.xyz>
+---
+ gnutls/gl/explicit_bzero.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git gnutls/gl/explicit_bzero.c gnutls/gl/explicit_bzero.c
+index b1df418e5..3b8cc4ea4 100644
+--- gnutls/gl/explicit_bzero.c
++++ gnutls/gl/explicit_bzero.c
+@@ -35,6 +35,9 @@
+ #if defined _WIN32 && !defined __CYGWIN__
+ # define  WIN32_LEAN_AND_MEAN
+ # include <windows.h>
++# if !defined WINAPI_FAMILY || WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)
++#  define USE_SECURE_ZERO_MEMORY
++# endif
+ #endif
+ 
+ #if _LIBC
+@@ -48,7 +51,7 @@
+ void
+ explicit_bzero (void *s, size_t len)
+ {
+-#if defined _WIN32 && !defined __CYGWIN__
++#if defined USE_SECURE_ZERO_MEMORY
+   (void) SecureZeroMemory (s, len);
+ #elif HAVE_EXPLICIT_MEMSET
+   explicit_memset (s, '\0', len);
+-- 
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch b/contrib/src/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch
new file mode 100644
index 0000000000..9175fbed24
--- /dev/null
+++ b/contrib/src/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch
@@ -0,0 +1,41 @@
+From 0c8ca1736ee07c7d7dbce05108120cf4f8937bd0 Mon Sep 17 00:00:00 2001
+From: Steve Lhomme <robux4 at ycbcr.xyz>
+Date: Thu, 4 Jun 2020 10:15:38 +0200
+Subject: [PATCH] fcntl: do not call GetHandleInformation() in Winstore apps
+
+The API is forbidden [1] and HANDLE_FLAG_INHERIT would never be set as exec()
+is not allowed either [2].
+
+[1] https://docs.microsoft.com/en-us/windows/win32/api/handleapi/nf-handleapi-gethandleinformation
+[2] https://docs.microsoft.com/en-us/cpp/cppcx/crt-functions-not-supported-in-universal-windows-platform-apps
+---
+ gl/fcntl.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/gl/fcntl.c b/gl/fcntl.c
+index 6b9927ec4..e316ca306 100644
+--- a/gl/fcntl.c
++++ b/gl/fcntl.c
+@@ -229,12 +229,19 @@ fcntl (int fd, int action, /* arg */...)
+       {
+ # if defined _WIN32 && ! defined __CYGWIN__
+         HANDLE handle = (HANDLE) _get_osfhandle (fd);
++#  if WINAPI_FAMILY_PARTITION (WINAPI_PARTITION_DESKTOP)
+         DWORD flags;
+         if (handle == INVALID_HANDLE_VALUE
+             || GetHandleInformation (handle, &flags) == 0)
+           errno = EBADF;
+         else
+           result = (flags & HANDLE_FLAG_INHERIT) ? 0 : FD_CLOEXEC;
++#  else /* ! WINAPI_PARTITION_DESKTOP */
++        if (handle == INVALID_HANDLE_VALUE)
++          errno = EBADF;
++        else
++          result = 0;
++#  endif /* ! WINAPI_PARTITION_DESKTOP */
+ # else /* !W32 */
+         /* Use dup2 to reject invalid file descriptors.  No way to
+            access this information, so punt.  */
+--
+2.26.0.windows.1
+
diff --git a/contrib/src/gnutls/rules.mak b/contrib/src/gnutls/rules.mak
index 2ebb872cee..5f35140ea4 100644
--- a/contrib/src/gnutls/rules.mak
+++ b/contrib/src/gnutls/rules.mak
@@ -20,6 +20,17 @@ $(TARBALLS)/gnutls-$(GNUTLS_VERSION).tar.xz:
 gnutls: gnutls-$(GNUTLS_VERSION).tar.xz .sum-gnutls
 	$(UNPACK)
 	$(APPLY) $(SRC)/gnutls/gnutls-fix-mangling.patch
+
+	# backport gnulib patch
+	$(APPLY) $(SRC)/gnutls/0001-Don-t-assume-that-UNICODE-is-not-defined.patch
+
+	# fix forbidden UWP call which can't be upstreamed as they won't
+	# differentiate for winstore, only _WIN32_WINNT
+	$(APPLY) $(SRC)/gnutls/0001-fcntl-do-not-call-GetHandleInformation-in-Winstore-a.patch
+
+	# forbidden RtlSecureZeroMemory call in winstore builds
+	$(APPLY) $(SRC)/gnutls/0001-explicit_bzero-Do-not-call-SecureZeroMemory-on-UWP-b.patch
+
 	# disable the dllimport in static linking (pkg-config --static doesn't handle Cflags.private)
 	cd $(UNPACK_DIR) && sed -i.orig -e s/"_SYM_EXPORT __declspec(dllimport)"/"_SYM_EXPORT"/g lib/includes/gnutls/gnutls.h.in
 ifdef HAVE_ANDROID
-- 
2.26.2



More information about the vlc-devel mailing list