fix: on Windows use UTF-8 strings instead of system default locale st…

…rings (osquery#6190)
ccombs-sqsp · Feb 28, 2020 · b63dc57 · b63dc57
1 parent d3a10a3
commit b63dc57
Show file tree

Hide file tree

Showing 23 changed files with 358 additions and 312 deletions.
diff --git a/osquery/core/system.cpp b/osquery/core/system.cpp
@@ -157,12 +157,17 @@ std::string getFqdn() {
 #endif
     return fqdn_string;
   } else {
-    unsigned long size = 256;
-    std::vector<char> fqdn(size, 0x0);
+    std::string result;
 #ifdef WIN32
-    GetComputerNameEx(ComputerNameDnsFullyQualified, fqdn.data(), &size);
+    DWORD size = 0;
+    if (0 == GetComputerNameExW(ComputerNameDnsFullyQualified, NULL, &size)) {
+      std::vector<WCHAR> fqdn(size, 0x0);
+      GetComputerNameExW(ComputerNameDnsFullyQualified, fqdn.data(), &size);
+      result = wstringToString(fqdn.data());
+    }
+
 #endif
-    return fqdn.data();
+    return result;
   }
 }
 

diff --git a/osquery/events/windows/ntfs_event_publisher.cpp b/osquery/events/windows/ntfs_event_publisher.cpp
@@ -20,6 +20,7 @@
 #include <osquery/flags.h>
 #include <osquery/logger.h>
 #include <osquery/registry_factory.h>
+#include <osquery/utils/conversions/windows/strings.h>
 #include <osquery/utils/system/errno.h>
 
 #include "osquery/events/windows/ntfs_event_publisher.h"
@@ -214,51 +215,51 @@ Status NTFSEventPublisher::getPathFromReferenceNumber(
     message << "Failed to open the file in volume " << drive_letter
             << ":\\. Error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, ::GetLastError())) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description);
     return Status::failure(message.str());
   }
 
-  auto required_bytes = static_cast<size_t>(::GetFinalPathNameByHandle(
+  auto required_characters = static_cast<size_t>(::GetFinalPathNameByHandleW(
       handle, nullptr, 0, FILE_NAME_NORMALIZED | VOLUME_NAME_DOS));
 
-  if (required_bytes == 0U) {
+  if (required_characters == 0U) {
     auto error_code = ::GetLastError();
     ::CloseHandle(handle);
 
     std::stringstream message;
     message << "Failed to determine the path size for the file in volume "
             << drive_letter << ":\\. Error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, error_code)) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description.c_str());
     return Status::failure(message.str());
   }
 
   // We are going to add an additional byte, as we may or may not have the null
   // terminator already included depending on the operating system version
-  std::string buffer;
-  required_bytes += 1U;
+  std::wstring buffer;
+  required_characters += 1U;
 
-  buffer.resize(required_bytes);
-  if (buffer.size() != required_bytes) {
+  buffer.resize(required_characters);
+  if (buffer.size() != required_characters) {
     ::CloseHandle(handle);
     throw std::bad_alloc();
   }
 
   auto bytes_returned = static_cast<size_t>(
-      ::GetFinalPathNameByHandle(handle,
-                                 &buffer[0],
-                                 static_cast<DWORD>(buffer.size()),
-                                 FILE_NAME_NORMALIZED | VOLUME_NAME_DOS));
+      ::GetFinalPathNameByHandleW(handle,
+                                  &buffer[0],
+                                  static_cast<DWORD>(buffer.size()),
+                                  FILE_NAME_NORMALIZED | VOLUME_NAME_DOS));
 
   auto error_code = ::GetLastError();
   ::CloseHandle(handle);
@@ -268,17 +269,17 @@ Status NTFSEventPublisher::getPathFromReferenceNumber(
     message << "Failed to acquire the path for the file in volume "
             << drive_letter << ":\\. Error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, error_code)) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description.c_str());
     return Status::failure(message.str());
   }
 
   // Paths follow this form: \\?\C:\\path\\to\\folder; skip the prefix
-  path = buffer.c_str() + 4;
+  path = wstringToString(buffer.c_str() + 4);
   buffer.clear();
 
   return Status::success();
@@ -328,25 +329,25 @@ Status NTFSEventPublisher::getVolumeData(VolumeData& volume,
 
   VolumeData volume_data = {};
   volume_data.volume_handle =
-      ::CreateFile(volume_path.c_str(),
-                   GENERIC_READ,
-                   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
-                   nullptr,
-                   OPEN_EXISTING,
-                   FILE_FLAG_BACKUP_SEMANTICS,
-                   nullptr);
+      ::CreateFileW(stringToWstring(volume_path).c_str(),
+                    GENERIC_READ,
+                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+                    nullptr,
+                    OPEN_EXISTING,
+                    FILE_FLAG_BACKUP_SEMANTICS,
+                    nullptr);
 
   if (volume_data.volume_handle == INVALID_HANDLE_VALUE) {
     std::stringstream message;
     message << "Failed to open the following drive: " << volume_path
             << " due to the following error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, ::GetLastError())) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description.c_str());
     return Status::failure(message.str());
   }
 
@@ -356,13 +357,13 @@ Status NTFSEventPublisher::getVolumeData(VolumeData& volume,
   root_folder_path.append(":\\");
 
   volume_data.root_folder_handle =
-      ::CreateFile(root_folder_path.c_str(),
-                   GENERIC_READ,
-                   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
-                   nullptr,
-                   OPEN_EXISTING,
-                   FILE_FLAG_BACKUP_SEMANTICS,
-                   nullptr);
+      ::CreateFileW(stringToWstring(root_folder_path).c_str(),
+                    GENERIC_READ,
+                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+                    nullptr,
+                    OPEN_EXISTING,
+                    FILE_FLAG_BACKUP_SEMANTICS,
+                    nullptr);
 
   if (volume_data.root_folder_handle == INVALID_HANDLE_VALUE) {
     auto error_code = ::GetLastError();
@@ -372,12 +373,12 @@ Status NTFSEventPublisher::getVolumeData(VolumeData& volume,
     message << "Failed to get the root folder handle for volume '"
             << drive_letter << "'. Error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, error_code)) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description.c_str());
     return Status::failure(message.str());
   }
 
@@ -402,12 +403,12 @@ Status NTFSEventPublisher::getVolumeData(VolumeData& volume,
     message << "Failed to get the root reference number for volume '"
             << drive_letter << "'. Error: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, error_code)) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
 
-    message << description;
+    message << wstringToString(description.c_str());
     return Status::failure(message.str());
   }
 

diff --git a/osquery/events/windows/usn_journal_reader.cpp b/osquery/events/windows/usn_journal_reader.cpp
@@ -236,13 +236,13 @@ Status USNJournalReader::initialize() {
       std::string("\\\\.\\") + d_->journal_reader_context->drive_letter + ":";
 
   d_->volume_handle =
-      ::CreateFile(d_->volume_path.c_str(),
-                   FILE_GENERIC_READ,
-                   FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
-                   nullptr,
-                   OPEN_EXISTING,
-                   0,
-                   nullptr);
+      ::CreateFileW(stringToWstring(d_->volume_path).c_str(),
+                    FILE_GENERIC_READ,
+                    FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+                    nullptr,
+                    OPEN_EXISTING,
+                    0,
+                    nullptr);
 
   if (d_->volume_handle == INVALID_HANDLE_VALUE) {
     std::stringstream error_message;
@@ -275,11 +275,11 @@ Status USNJournalReader::initialize() {
                      "number for the following volume: "
                   << d_->volume_path << ". Error message: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, error_code)) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
-    error_message << description;
+    error_message << wstringToString(description.c_str());
 
     return Status::failure(error_message.str());
   }
@@ -328,11 +328,11 @@ Status USNJournalReader::acquireRecords() {
     error_message << "Failed to read the journal of the following volume: "
                   << d_->volume_path << ". Error message: ";
 
-    std::string description;
+    std::wstring description;
     if (!getWindowsErrorDescription(description, ::GetLastError())) {
-      description = "Unknown error";
+      description = L"Unknown error";
     }
-    error_message << description;
+    error_message << wstringToString(description.c_str());
 
     return Status::failure(error_message.str());
   }