(PUP-3837) FFI Registry access code

Iristyle · Iristyle · commit b46ede74f640 · 2015-02-02T23:04:43.000-08:00
- Ruby 2.1.5 has introduced a number of bugs into the Windows Registry access code, including: - Forcing UTF-16LE read values to be re-encoded in the current local codepage, which can trigger encoding issues where valid Unicode characters in the registry cannot be translated properly (for instance en-dash U+2013 which cannot be represented in IBM437) These code paths may be triggered by the each_key or each_value enumerators which call an internal export_string method that performs this dangerous re-encoding. Also note that another helper called expand_environ may also trigger bad encoding conversions when accessing REG_MULTI_SZ value that have environment variables that must be expanded. Fortunately, these variables should more often than not be in the current active codepage and present less of a problem in actual use. - The inability to delete registry keys / values due to ANSI API declarations that are being fed wide character UTF-16LE strings https://bugs.ruby-lang.org/issues/10820 - Therefore, rewrite our own helpers around keys / values that convert UTF-16LE strings to UTF-8 as these are easier to work with in Ruby code. In practical terms, this conversion will be lossless as the only codepoints these encodings don't share are unused / invalid. Remove tests that were based on old ANSI API usage. Ensure Encoding.default_external is not used. - The impact of these changes is relatively low, and primarily affects the package provider and enumeration of installed Windows MSIs. Instead of using Win32::Registry#each_key, use Puppet::Util::Windows::Registry#each_key - Add FILETIME structure, LPBYTE and QWORD to FFI helpers - Add new integration test that demonstrates round-tripping a well known problematic Unicode string through the Registry that would trigger bad behavior in Win32::Registry. UTF-16LE bytes are written to the registry through Win32::Registry, read back through our helpers and compare to a well-known UTF-8 translation of said bytes. - Add Registry deletion helpers solely for the sake of working around Ruby's deletion bugs, so that integration test code can properly clean up after itself.
diff --git a/lib/puppet/provider/package/windows/package.rb b/lib/puppet/provider/package/windows/package.rb
@@ -35,7 +35,7 @@ def self.with_key(&block)
           mode |= KEY_READ
           begin
             open(hive, 'Software\Microsoft\Windows\CurrentVersion\Uninstall', mode) do |uninstall|
-              uninstall.each_key do |name, wtime|
+              each_key(uninstall) do |name, wtime|
                 open(hive, "#{uninstall.keyname}\\#{name}", mode) do |key|
                   yield key, values(key)
                 end
diff --git a/lib/puppet/util/windows/api_types.rb b/lib/puppet/util/windows/api_types.rb
@@ -42,6 +42,7 @@ def read_win32_bool
 
     alias_method :read_dword, :read_uint32
     alias_method :read_win32_ulong, :read_uint32
+    alias_method :read_qword, :read_uint64
 
     alias_method :read_hresult, :read_int32
 
@@ -52,10 +53,10 @@ def read_handle
     alias_method :read_wchar, :read_uint16
     alias_method :read_word,  :read_uint16
 
-    def read_wide_string(char_length)
+    def read_wide_string(char_length, dst_encoding = Encoding.default_external)
       # char_length is number of wide chars (typically excluding NULLs), *not* bytes
       str = get_bytes(0, char_length * 2).force_encoding('UTF-16LE')
-      str.encode(Encoding.default_external)
+      str.encode(dst_encoding)
     end
 
     def read_arbitrary_wide_string_up_to(max_char_length = 512)
@@ -139,6 +140,7 @@ def read_com_memory_pointer(&block)
   FFI.typedef :pointer, :lpcvoid
   FFI.typedef :pointer, :lpvoid
   FFI.typedef :pointer, :lpword
+  FFI.typedef :pointer, :lpbyte
   FFI.typedef :pointer, :lpdword
   FFI.typedef :pointer, :pdword
   FFI.typedef :pointer, :phandle
@@ -229,6 +231,18 @@ def to_local_time
       end
     end
 
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx
+    # Contains a 64-bit value representing the number of 100-nanosecond
+    # intervals since January 1, 1601 (UTC).
+    # typedef struct _FILETIME {
+    #   DWORD dwLowDateTime;
+    #   DWORD dwHighDateTime;
+    # } FILETIME, *PFILETIME;
+    class FILETIME < FFI::Struct
+      layout :dwLowDateTime, :dword,
+             :dwHighDateTime, :dword
+    end
+
     ffi_convention :stdcall
 
     # http://msdn.microsoft.com/en-us/library/windows/desktop/aa366730(v=vs.85).aspx
diff --git a/lib/puppet/util/windows/registry.rb b/lib/puppet/util/windows/registry.rb
@@ -13,6 +13,8 @@ module Registry
     KEY_WRITE      = 0x20006
     KEY_ALL_ACCESS = 0x2003f
 
+    ERROR_NO_MORE_ITEMS = 259
+
     def root(name)
       Win32::Registry.const_get(name)
     rescue NameError
@@ -30,51 +32,277 @@ def open(name, path, mode = KEY_READ | KEY64, &block)
       end
     end
 
-    def values(subkey)
-      values = {}
-      subkey.each_value do |name, type, data|
+    def keys(key)
+      keys = {}
+      each_key(key) { |subkey, filetime| keys[subkey] = filetime }
+      keys
+    end
+
+    # subkey is String which contains name of subkey.
+    # wtime is last write time as FILETIME (64-bit integer). (see Registry.wtime2time)
+    def each_key(key, &block)
+      index = 0
+      subkey = nil
+
+      begin
+        subkey, filetime = reg_enum_key(key.hkey, index)
+        yield subkey, filetime if !subkey.nil?
+        index += 1
+      end while !subkey.nil?
+
+      index
+    end
+
+    def delete_key(key, subkey_name, mode = KEY64)
+      reg_delete_key_ex(key.hkey, subkey_name, mode)
+    end
+
+    def values(key)
+      vals = {}
+      each_value(key) { |subkey, type, data| vals[subkey] = data }
+      vals
+    end
+
+    def each_value(key, &block)
+      index = 0
+      subkey = nil
+
+      begin
+        subkey, type, data = reg_enum_value(key.hkey, index)
+        yield subkey, type, data if !subkey.nil?
+        index += 1
+      end while !subkey.nil?
+
+      index
+    end
+
+    def delete_value(key, subkey_name)
+      reg_delete_value(key.hkey, subkey_name)
+    end
+
+    private
+
+    def reg_enum_key(hkey, index, max_key_length = Win32::Registry::Constants::MAX_KEY_LENGTH)
+      subkey, filetime = nil, nil
+
+      FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
+        FFI::MemoryPointer.new(FFI::WIN32::FILETIME.size) do |filetime_ptr|
+          FFI::MemoryPointer.new(:wchar, max_key_length) do |subkey_ptr|
+            subkey_length_ptr.write_dword(max_key_length)
+
+            # RegEnumKeyEx cannot be called twice to properly size the buffer
+            result = RegEnumKeyExW(hkey, index,
+              subkey_ptr, subkey_length_ptr,
+              FFI::Pointer::NULL, FFI::Pointer::NULL,
+              FFI::Pointer::NULL, filetime_ptr)
+
+            break if result == ERROR_NO_MORE_ITEMS
+
+            if result != FFI::ERROR_SUCCESS
+              raise Puppet::Util::Windows::Error.new('Failed to enumerate registry keys')
+            end
+
+            filetime = FFI::WIN32::FILETIME.new(filetime_ptr)
+            subkey_length = subkey_length_ptr.read_dword
+            subkey = subkey_ptr.read_wide_string(subkey_length, Encoding::UTF_8)
+          end
+        end
+      end
+
+      [subkey, filetime]
+    end
+
+    def reg_enum_value(hkey, index, max_value_length = Win32::Registry::Constants::MAX_VALUE_LENGTH)
+      subkey, type, data = nil, nil, nil
+
+      FFI::MemoryPointer.new(:dword) do |subkey_length_ptr|
+        FFI::MemoryPointer.new(:wchar, max_value_length) do |subkey_ptr|
+          # RegEnumValueW cannot be called twice to properly size the buffer
+          subkey_length_ptr.write_dword(max_value_length)
+
+          result = RegEnumValueW(hkey, index,
+            subkey_ptr, subkey_length_ptr,
+            FFI::Pointer::NULL, FFI::Pointer::NULL,
+            FFI::Pointer::NULL, FFI::Pointer::NULL
+          )
+
+          break if result == ERROR_NO_MORE_ITEMS
+
+          if result != FFI::ERROR_SUCCESS
+            raise Puppet::Util::Windows::Error.new('Failed to enumerate registry values')
+          end
+
+          subkey_length = subkey_length_ptr.read_dword
+          subkey = subkey_ptr.read_wide_string(subkey_length, Encoding::UTF_8)
+
+          type, data = read(hkey, subkey_ptr)
+        end
+      end
+
+      [subkey, type, data]
+    end
+
+    # Read a registry value named name and return array of
+    # [ type, data ].
+    # When name is nil, the `default' value is read.
+    # type is value type. (see Win32::Registry::Constants module)
+    # data is value data, its class is:
+    # :REG_SZ, REG_EXPAND_SZ
+    #    String
+    # :REG_MULTI_SZ
+    #    Array of String
+    # :REG_DWORD, REG_DWORD_BIG_ENDIAN, REG_QWORD
+    #    Integer
+    # :REG_BINARY
+    #    String (contains binary data)
+    #
+    # When rtype is specified, the value type must be included by
+    # rtype array, or TypeError is raised.
+    def read(hkey, name_ptr, *rtype)
+      result = nil
+
+      query_value_ex(hkey, name_ptr) do |type, data_ptr, byte_length|
+        unless rtype.empty? or rtype.include?(type)
+          raise TypeError, "Type mismatch (expect #{rtype.inspect} but #{type} present)"
+        end
+
+        string_length = 0
+        # buffer is raw bytes, *not* chars - less a NULL terminator
+        string_length = (byte_length / FFI.type_size(:wchar)) - 1 if byte_length > 0
+
         case type
-        when Win32::Registry::REG_MULTI_SZ
-          data.each { |str| force_encoding(str) }
         when Win32::Registry::REG_SZ, Win32::Registry::REG_EXPAND_SZ
-          force_encoding(data)
+          result = [ type, data_ptr.read_wide_string(string_length, Encoding::UTF_8) ]
+        when Win32::Registry::REG_MULTI_SZ
+          result = [ type, data_ptr.read_wide_string(string_length, Encoding::UTF_8).split(/\0/) ]
+        when Win32::Registry::REG_BINARY
+          result = [ type, data.read_bytes(0, byte_length) ]
+        when Win32::Registry::REG_DWORD
+          result = [ type, data_ptr.read_dword ]
+        when Win32::Registry::REG_DWORD_BIG_ENDIAN
+          result = [ type, data_ptr.order(:big).read_dword ]
+        when Win32::Registry::REG_QWORD
+          result = [ type, data_ptr.read_qword ]
+        else
+          raise TypeError, "Type #{type} is not supported."
         end
-        values[name] = data
       end
-      values
+
+      result
     end
 
-    if defined?(Encoding)
-      def force_encoding(str)
-        if @encoding.nil?
-          # See https://bugs.ruby-lang.org/issues/8943
-          # Ruby uses ANSI versions of Win32 APIs to read values from the
-          # registry. The encoding of these strings depends on the active
-          # code page. However, ruby incorrectly sets the string
-          # encoding to US-ASCII. So we must force the encoding to the
-          # correct value.
-          begin
-            cp = GetACP()
-            @encoding = Encoding.const_get("CP#{cp}")
-          rescue
-            @encoding = Encoding.default_external
+    def query_value_ex(hkey, name_ptr, &block)
+      FFI::MemoryPointer.new(:dword) do |type_ptr|
+        FFI::MemoryPointer.new(:dword) do |length_ptr|
+          result = RegQueryValueExW(hkey, name_ptr,
+            FFI::Pointer::NULL, type_ptr,
+            FFI::Pointer::NULL, length_ptr)
+
+          FFI::MemoryPointer.new(:byte, length_ptr.read_dword) do |buffer_ptr|
+            result = RegQueryValueExW(hkey, name_ptr,
+              FFI::Pointer::NULL, type_ptr,
+              buffer_ptr, length_ptr)
+
+            if result != FFI::ERROR_SUCCESS
+              raise Puppet::Util::Windows::Error.new("Failed to query registry value")
+            end
+
+            # allows caller to use FFI MemoryPointer helpers to read / shape
+            yield [type_ptr.read_dword, buffer_ptr, length_ptr.read_dword]
           end
         end
-
-        str.force_encoding(@encoding)
       end
-    else
-      def force_encoding(str, enc)
+    end
+
+    def reg_delete_value(hkey, name)
+      result = 0
+
+      FFI::Pointer.from_string_to_wide_string(name) do |name_ptr|
+        result = RegDeleteValueW(hkey, name_ptr)
+
+        if result != FFI::ERROR_SUCCESS
+          raise Puppet::Util::Windows::Error.new("Failed to delete registry value #{name}")
+        end
       end
+
+      result
     end
-    private :force_encoding
 
+    def reg_delete_key_ex(hkey, name, regsam = KEY64)
+      result = 0
+
+      FFI::Pointer.from_string_to_wide_string(name) do |name_ptr|
+        result = RegDeleteKeyExW(hkey, name_ptr, regsam, 0)
+
+        if result != FFI::ERROR_SUCCESS
+          raise Puppet::Util::Windows::Error.new("Failed to delete registry key #{name}")
+        end
+      end
+
+      result
+    end
 
     ffi_convention :stdcall
 
-    # http://msdn.microsoft.com/en-us/library/windows/desktop/dd318070(v=vs.85).aspx
-    # UINT GetACP(void);
-    ffi_lib :kernel32
-    attach_function_private :GetACP, [], :uint32
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724862(v=vs.85).aspx
+    # LONG WINAPI RegEnumKeyEx(
+    #   _In_         HKEY hKey,
+    #   _In_         DWORD dwIndex,
+    #   _Out_        LPTSTR lpName,
+    #   _Inout_      LPDWORD lpcName,
+    #   _Reserved_   LPDWORD lpReserved,
+    #   _Inout_      LPTSTR lpClass,
+    #   _Inout_opt_  LPDWORD lpcClass,
+    #   _Out_opt_    PFILETIME lpftLastWriteTime
+    # );
+    ffi_lib :advapi32
+    attach_function_private :RegEnumKeyExW,
+      [:handle, :dword, :lpwstr, :lpdword, :lpdword, :lpwstr, :lpdword, :pointer], :win32_long
+
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724865(v=vs.85).aspx
+    # LONG WINAPI RegEnumValue(
+    #   _In_         HKEY hKey,
+    #   _In_         DWORD dwIndex,
+    #   _Out_        LPTSTR lpValueName,
+    #   _Inout_      LPDWORD lpcchValueName,
+    #   _Reserved_   LPDWORD lpReserved,
+    #   _Out_opt_    LPDWORD lpType,
+    #   _Out_opt_    LPBYTE lpData,
+    #   _Inout_opt_  LPDWORD lpcbData
+    # );
+    ffi_lib :advapi32
+    attach_function_private :RegEnumValueW,
+      [:handle, :dword, :lpwstr, :lpdword, :lpdword, :lpdword, :lpbyte, :lpdword], :win32_long
+
+    # https://msdn.microsoft.com/en-us/library/windows/desktop/ms724911(v=vs.85).aspx
+    # LONG WINAPI RegQueryValueExW(
+    #   _In_         HKEY hKey,
+    #   _In_opt_     LPCTSTR lpValueName,
+    #   _Reserved_   LPDWORD lpReserved,
+    #   _Out_opt_    LPDWORD lpType,
+    #   _Out_opt_    LPBYTE lpData,
+    #   _Inout_opt_  LPDWORD lpcbData
+    # );
+    ffi_lib :advapi32
+    attach_function_private :RegQueryValueExW,
+      [:handle, :lpcwstr, :lpdword, :lpdword, :lpbyte, :lpdword], :win32_long
+
+    # LONG WINAPI RegDeleteValue(
+    #   _In_      HKEY hKey,
+    #   _In_opt_  LPCTSTR lpValueName
+    # );
+    ffi_lib :advapi32
+    attach_function_private :RegDeleteValueW,
+      [:handle, :lpcwstr], :win32_long
+
+    # LONG WINAPI RegDeleteKeyEx(
+    #   _In_        HKEY hKey,
+    #   _In_        LPCTSTR lpSubKey,
+    #   _In_        REGSAM samDesired,
+    #   _Reserved_  DWORD Reserved
+    # );
+    ffi_lib :advapi32
+    attach_function_private :RegDeleteKeyExW,
+      [:handle, :lpcwstr, :win32_ulong, :dword], :win32_long
   end
 end
diff --git a/spec/unit/util/windows/registry_spec.rb b/spec/unit/util/windows/registry_spec.rb
