Commit Graph

32 Commits

Author SHA1 Message Date
Mounir IDRASSI d26be95861 Update copyright year to 2026 2026-06-09 09:56:25 +09:00
Mounir IDRASSI 5d7a2a78b8 OpenBSD: fix device-hosted volume sizing
OpenBSD device length detection was returning the raw disk sector count from DIOCGPDINFO directly. That value is not bytes and it describes the physical/default disk label, which caused VeraCrypt to expose an incorrectly sized FUSE backing image through vnd for device-hosted volumes.

Use the current disklabel from DIOCGDINFO, derive the opened partition from the device minor number, and return the selected partition size in bytes. Keep the raw c partition on the whole-disk path by using DL_GETDSIZE there.

Also reject sector-misaligned device-hosted sizes during volume creation so new malformed OpenBSD device-hosted volumes are not created. Do not reject existing malformed headers at mount time, so users can still mount old OpenBSD-created volumes for recovery.

Refs #1589.

Refs #1593.
2026-05-26 11:04:54 +09:00
Mounir IDRASSI a173a11cfe Linux: parallelize header KDF autodetection
Extend the Unix encryption thread pool to run key-derivation work items and use it when mounting volumes without an explicitly selected KDF. This brings Linux/macOS header PRF autodetection closer to the Windows path while keeping selected-KDF mounts unchanged.

Fixes #1610.
2026-05-25 21:54:14 +09:00
Mounir IDRASSI 79bee911be Linux/macOS: enable quick format for file containers
Allow normal file-hosted containers to use quick format in the Unix volume creation path by sizing the host file with ftruncate before backup headers are written.

Enable the GUI checkbox for normal file containers and honor --quick in text mode. Update the Unix HTML documentation for the weaker deniability properties of sparse or unwritten host regions.
2026-05-22 10:46:30 +09:00
Mounir IDRASSI f7c9e62909 macOS: fix typo in defaultDirs in Process::FindSystemBinary 2026-04-13 09:42:40 +09:00
Mounir IDRASSI 87a5024a5b Linux: Allow AppImage file to start with "veracrypt" in any case 2025-06-09 11:07:07 +09:00
Mounir IDRASSI b673901503 Move copyright and links to "AM Crypo", amcrypto.jp and veracrypt.jp 2025-05-11 16:02:20 +09:00
Mounir IDRASSI 3edae48717 Linux: Correct handling of documentation in case of AppImage. Code refactoring. 2025-05-10 19:09:31 +09:00
Mounir IDRASSI c17270fc53 MacOSX: Fix erroneous preprocessor directive 2025-01-20 13:49:31 +01:00
Mounir IDRASSI 2cca2e1daf Linux/FreeBSD: Add absolute paths for system binaries to prevent path hijacking (CVE-2024-54187, collaboration with SivertPL @__tfr)
This commit fixes a critical security vulnerability where VeraCrypt could be tricked into executing malicious binaries with elevated privileges. The vulnerability has two severe implications:

1. When sudo's secure_path option is disabled, attackers could execute malicious binaries with root privileges by placing them in user-writable PATH directories (e.g., making "sudo mount" execute a malicious mount binary)

2. By placing a malicious sudo binary in PATH, attackers could intercept and steal the user's password when VeraCrypt prompts for sudo authentication

The vulnerability allowed attackers to place malicious binaries in user-writable directories that appear in PATH before system directories, potentially leading to privilege escalation and credential theft.

Key changes:
- Implement FindSystemBinary() to locate executables in secure system paths
- Replace all relative binary paths with absolute paths for system commands
- Add security checks for executable permissions
- Update process execution to use absolute paths for:
  * sudo
  * mount
  * fsck
  * terminal emulators
  * file managers
  * system utilities (hdiutil, mdconfig, vnconfig, lofiadm)

The fix ensures all system binaries are called using their absolute paths from secure system directories, preventing both privilege escalation through PATH manipulation and password theft through sudo hijacking.

Security: CVE-2024-54187
2025-01-14 14:59:40 +01:00
Mounir IDRASSI 1b35abb191 Increment version to 1.26.18. Update copyright date. Update Release Notes. Update Windows drivers. 2025-01-14 12:26:28 +01:00
Mounir IDRASSI 455a4f2176 Avoid conflict with C++17 features std::byte by using uint8 type instead of byte 2024-06-12 12:30:04 +02:00
Mounir IDRASSI 34ef189a92 Linux: try use IOCTL BLKGETSIZE64 to get size of device instead of lseek 2023-08-19 20:47:43 +02:00
Mounir IDRASSI b52ce86040 Linux: Fix code dump when built with -D_GLIBCXX_ASSERTIONS caused by an assert in libstdc++.
The variable has enough capacity so pointer &buffer[0] is valid but since clear method was called, we are not supposed to access element at index 0.
Related to Github issue #896
2022-02-18 01:24:32 +01:00
MrLightningBolt 7c3355a2d1 Make system devices work under FreeBSD (#777)
We query the kern.geom.conftxt sysctl for the GEOM configuration to find
the partition offset. Technically speaking it would probably be better
to link against libgeom but this is less overall intrusive. Also
includes a small fix to find the parent device of an encrypted partition
when it is a GPT partition rather than a BSD slice.
2021-07-14 13:48:13 +02:00
kokokodak c8830a04b4 Add support for OpenBSD (#779)
* OpenBSD: add basic support

	modified:   Build/Include/Makefile.inc
	modified:   Driver/Fuse/FuseService.cpp
	modified:   Main/FatalErrorHandler.cpp
	modified:   Makefile
	modified:   Platform/Unix/File.cpp
	modified:   Platform/Unix/FilesystemPath.cpp
	modified:   Platform/Unix/SystemInfo.cpp

* OpenBSD: some necessary files were missing

	new file:   Core/Unix/OpenBSD/CoreOpenBSD.cpp
	new file:   Core/Unix/OpenBSD/CoreOpenBSD.h
	new file:   Core/Unix/OpenBSD/System.h
2021-07-14 13:43:34 +02:00
Christopher Bergqvist 0a2c565aa9 Switch from auto_ptr to unique_ptr (#638) 2020-06-11 18:02:28 +02:00
Hanno Böck f5aea06281 Fix off by one overflow with 31 args (#541) 2019-11-12 18:04:31 +01:00
Alexander Karzhenkov 6f1ebacd39 Some cleanup related to "Invalid characters..." on mount issue. (#453)
* Revert previous commit

* Fix "Invalid characters..." issue by not using "foreach" macro

The "foreach" macro creates a copy of the container.
This copy is destroyed immediately after the iteration is completed.
C-strings pointers passed to the local array were invalidated
with destroying of "std::string"s contained in the copy.
2019-06-06 11:41:42 +02:00
Mounir IDRASSI 431aae0201 FreeBSD/MacOSX: fix for missing <sys/sysmacros.h> header 2018-04-04 23:47:02 +02:00
Gokturk Yuksek 80fed6f7f7 Platform/Unix: include <sys/sysmacros.h> for major/minor macros (#303)
Starting with glibc 2.26, macros "major" and "minor" are only
available from <sys/sysmacros.h> [0]. The build fails with the
following without including this header:

Unix/FilesystemPath.cpp:84:49: error: ‘major’ was not declared in this scope
Unix/FilesystemPath.cpp:84:113: error: ‘minor’ was not declared in this scope

[0] https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html
2018-04-04 22:37:33 +02:00
Mounir IDRASSI c2a3a00516 Linux: fix compilation error with older versions of gcc (e.g. 4.x) 2017-12-09 15:11:48 +01:00
gv5470 49f9516c9e Linux: autodetect host drive name using sysfs (closes #233) 2017-11-28 19:03:07 +01:00
Mounir IDRASSI 0ebc26e125 Update IDRIX copyright year 2017-06-23 22:15:59 +02:00
David Foerster 11716ed2da Remove trailing whitespace 2016-05-10 22:18:34 +02:00
Mounir IDRASSI 646679da4d Linux: Completely fix gcc-5 "Invalid characters encountered" issue on mount. It was caused by an issue of gcc-5 STL implementation that is causing char* pointers retrieved from std::string using c_str method to become invalid in the child of a child process (after two fork calls). The workaround is to first copy the std:string values in the child before calling the second fork. 2016-03-18 16:27:29 +01:00
Mounir IDRASSI bda7a1d0bd Copyright: update dates to include 2016. 2016-01-20 00:53:24 +01:00
Mounir IDRASSI 041024fbb9 Update license information to reflect the use of a dual license Apache 2.0 and TrueCrypt 3.0. 2015-08-06 00:04:25 +02:00
Mounir IDRASSI 41a22ca4e7 Change namespace from TrueCrypt to VeraCrypt. Rename method from Resources Resources::GetTrueCryptIcon to Resources::GetVeraCryptIcon. 2014-11-08 23:20:14 +01:00
Mounir IDRASSI be4ca4bac6 Replace TrueCrypt from Linux/MacOSX mount point names 2014-11-08 23:19:24 +01:00
Mounir IDRASSI edc9f36322 Replace TrueCrypt references in added sources and resources by VeraCrypt ones. 2014-11-08 23:19:03 +01:00
Mounir IDRASSI 7ffce028d0 Add TrueCrypt 7.1a MacOSX/Linux specific source files. 2014-11-08 23:18:59 +01:00