Merge pull request #418 from microsoft/dev/willxie/r2m

Merge release to main; Version bump to 1.0.43

Author: willxie-eng

CHANGELOG.md

@@ -7,7 +7,15 @@ Please format the changes as follows:
 + BugFixes:
 + Updates:
 
+## 1.0.43
+
+## 1.0.42
++ BugFixes:
+  + Fix Linux build
+
 ## 1.0.41
++ Updates:
+  + Remove PathCch functions in order to support Win7
 
 ## 1.0.40
 + No new changes.

build/Version.props

@@ -12,7 +12,7 @@
     -->
     <SemanticVersionMajor>1</SemanticVersionMajor>
     <SemanticVersionMinor>0</SemanticVersionMinor>
-    <SemanticVersionPatch>41</SemanticVersionPatch>
+    <SemanticVersionPatch>43</SemanticVersionPatch>
 
     <FileVersionMajor>15</FileVersionMajor>
     <FileVersionMinor>1</FileVersionMinor>
@@ -30,15 +30,15 @@
      -->
     <ProxyFileVersionMajor>$(SemanticVersionMajor)</ProxyFileVersionMajor>
     <ProxyFileVersionMinor>0</ProxyFileVersionMinor>
-    <ProxyFileVersionPatch>2</ProxyFileVersionPatch>
+    <ProxyFileVersionPatch>3</ProxyFileVersionPatch>
     <ProxyFileVersion>$(ProxyFileVersionMajor).$(ProxyFileVersionMinor).$(ProxyFileVersionPatch)</ProxyFileVersion>
 
     <!--
       Date when Semantic Version was changed.
       Update for every public release.
       Format is YYYY-MM-DD
     -->
-    <SemanticVersionDate>2021-05-05</SemanticVersionDate>
+    <SemanticVersionDate>2021-08-03</SemanticVersionDate>
 
     <!--
       Build version is used to distinguish internally built NuGet packages.

build/yaml/jobs/codeanalysis/apiscan.yaml

@@ -13,7 +13,7 @@ jobs:
   # No dependencies. Requires Build Stages to ensure that binaries are built
 
   pool:
-    name: VSEng-ReleasePool
+    name: VSEngSS-MicroBuild2019
     demands:
     - msbuild
     - visualstudio
@@ -25,13 +25,20 @@ jobs:
   - checkout: self
     clean: true
 
+  # Expire ApiScan one day before declared expirary, to make sure that we update it before
+  # it expires, regardless of timezone
+  - powershell: if ((Get-Date).Add((New-TimeSpan -Days 1)) -ge (Get-Date -Date "$(ApiScanExpiration)")) { throw "ApiScan key expired. Please update" }
+
   - task: DownloadBuildArtifacts@0
     displayName: Download Windows Files (Release)
     inputs:
       downloadType: single
       artifactName: binaries-windows-Release
       downloadPath: $(Build.ArtifactStagingDirectory)
 
+  - task: NodeTool@0
+    displayName: 'Use Node 6.x'
+
   # Scan only native files that are released as part of the product.
   - task: CopyFiles@2
     displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)\ApiScan'
@@ -58,6 +65,8 @@ jobs:
       symbolsFolder: 'SRV*http://symweb;$(Build.ArtifactStagingDirectory)/ApiScan'
       isLargeApp: false
     continueOnError: true
+    env:
+      AzureServicesAuthConnectionString: runAs=App;AppId=$(ApiScanClientId);TenantId=$(TenantId);AppKey=$(AppKey)
 
   # Publish SecurityAnalysis Logs
   - template: ../../steps/codeanalysis/publishreports.yaml

build/yaml/pipelines/codeanalysis.yaml

@@ -9,7 +9,10 @@
 name: $(date:yyyyMMdd)$(rev:rr)
 
 variables:
-  TeamName: ClrInstrumentationEngine
+- group: CLRIE-ApiScan
+- name: TeamName
+  value: ClrInstrumentationEngine
+  readonly: true
 
 stages:
 

build/yaml/steps/microbuild/signing.yaml

@@ -14,7 +14,7 @@ steps:
     displayName: Set Signing From Parameters
 
 # nuget install MicroBuild.Plugins.Signing
-- task: MicroBuildSigningPlugin@2
+- task: MicroBuildSigningPlugin@3
   displayName: Install Signing Plugin
   condition: and(succeeded(), in(variables['SignType'], 'Real', 'Test'))
   inputs:

src/Common.Headers/Common.Headers.vcxitems

@@ -19,6 +19,7 @@
     <ClInclude Include="$(MSBuildThisFileDirectory)InitOnce.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)SafeFindFileHandle.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)Singleton.h" />
+    <ClInclude Include="$(MSBuildThisFileDirectory)StringUtils.h" />
     <ClInclude Include="$(MSBuildThisFileDirectory)tstring.h" />
   </ItemGroup>
 </Project>

src/Common.Headers/StringUtils.h

@@ -0,0 +1,86 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+#pragma once
+
+#include <string>
+
+class StringUtils
+{
+public:
+
+    // The maximum string length. Set arbitrarily;
+    static const size_t MAX_STRING_LEN = 10000;
+
+    // Gets the length of the given string using the the standard wcsnlen_s.
+    // Returns E_BOUNDS if the length of wszString is greater than MAX_STRING_LEN.
+    // For use with untrusted data which may not have a null terminator.
+    static HRESULT WStringLen(_In_ const WCHAR* wszString, _Out_ size_t& len)
+    {
+        len = wcsnlen_s(wszString, MAX_STRING_LEN);
+
+        if (len >= MAX_STRING_LEN)
+        {
+            return E_BOUNDS;
+        }
+
+        return S_OK;
+    }
+
+    // Gets the length of the given string using the standard strnlen.
+    // Returns E_BOUNDS if the length of wszString is greater than MAX_STRING_LEN.
+    // For use with untrusted data which may not have a null terminator.
+    static HRESULT StringLen(_In_ const char* szString, _Out_ size_t& len)
+    {
+        len = strnlen(szString, MAX_STRING_LEN);
+
+        if (len >= MAX_STRING_LEN)
+        {
+            return E_BOUNDS;
+        }
+
+        return S_OK;
+    }
+
+    // Gets the length of the given string using the standard wcsnlen_s.
+    // Yields the same result as calling wcsnlen_s(wszString, MAX_STRING_LEN);
+    // For use with untrusted data which may not have a null terminator.
+    static size_t WStringLen(_In_ const WCHAR* wszString)
+    {
+        return wcsnlen_s(wszString, MAX_STRING_LEN);
+    }
+
+
+    // Gets the length of the given string using the standard strnlen.
+    // Yields the same result as calling strnlen(szString, MAX_STRING_LEN);
+    // For use with untrusted data which may not have a null terminator.
+    static size_t StringLen(_In_ const char* szString)
+    {
+        return strnlen(szString, MAX_STRING_LEN);
+    }
+
+    // Modifies pwszPath by appending pwszMore.
+    // Checks cBounds before appending to prevent buffer overflows.
+    //
+    // This function wraps PathAppend since supporting Win7 means PathCchAppend is not available.
+    static HRESULT SafePathAppend(_Inout_updates_z_(cBounds) LPWSTR pwszPath, _In_ LPCWSTR pwszMore, _In_ size_t cBounds)
+    {
+#ifndef PLATFORM_UNIX
+        // If PathAppend fails, the destination buffer will be cleared. Check bounds before appending.
+        // +1 for additional directory separator character, +1 for null terminator.
+        if (StringUtils::WStringLen(pwszPath) + StringUtils::WStringLen(pwszMore) + 2 > cBounds)
+        {
+            return E_BOUNDS;
+        }
+
+        if (!PathAppend(pwszPath, pwszMore))
+        {
+            return E_FAIL;
+        }
+
+        return S_OK;
+#else
+        return PathCchAppend(pwszPath, MAX_PATH, pwszMore);
+#endif
+    }
+};

src/Common.Lib/Common.Lib.vcxproj

@@ -47,7 +47,7 @@
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>Common.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;%(AdditionalDependencies);Faultrep.lib;PathCch.lib</AdditionalDependencies>
+      <AdditionalDependencies>Common.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;Faultrep.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalOptions Condition="'$(Platform)'=='Win32'">/SafeSEH %(AdditionalOptions)</AdditionalOptions>
     </Link>
     <Lib>

src/InstrumentationEngine.Lib/CMakeLists.txt

@@ -22,7 +22,6 @@ set(src_files
     ./InstrumentationMethodSetting.cpp
     ./LoggerService.cpp
     ./Logging.cpp
-    ./StringUtils.cpp
 )
 
 add_lib(${PROJECT_NAME}

src/InstrumentationEngine.Lib/InstrumentationEngine.Lib.vcxproj

@@ -114,7 +114,6 @@
     <ClInclude Include="SharedArray.h" />
     <ClInclude Include="SignatureValidator.h" />
     <ClInclude Include="stdafx.h" />
-    <ClInclude Include="StringUtils.h" />
     <ClInclude Include="targetver.h" />
     <ClInclude Include="Util.h" />
   </ItemGroup>
@@ -138,7 +137,6 @@
     <ClCompile Include="stdafx.cpp">
       <PrecompiledHeader>Create</PrecompiledHeader>
     </ClCompile>
-    <ClCompile Include="StringUtils.cpp" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\Common.Lib\Common.Lib.vcxproj">

src/InstrumentationEngine.Lib/InstrumentationMethod.cpp

@@ -8,6 +8,7 @@
 #ifndef PLATFORM_UNIX
 #include "SignatureValidator.h"
 #endif
+#include "../Common.Headers/StringUtils.h"
 
 
 MicrosoftInstrumentationEngine::CInstrumentationMethod::CInstrumentationMethod(
@@ -80,10 +81,24 @@ HRESULT MicrosoftInstrumentationEngine::CInstrumentationMethod::InitializeCore(
         return E_INVALIDARG;
     }
 
+    if ((m_bstrModuleFolder.Length() >= MAX_PATH))
+    {
+        CLogging::LogError(_T("CInstrumentationMethod::Initialize - module folder path is too long, PID: %u"), GetCurrentProcessId());
+        return E_BOUNDS;
+    }
+
     WCHAR wszModuleFullPath[MAX_PATH];
-    memset(wszModuleFullPath, 0, MAX_PATH);
+    ZeroMemory(wszModuleFullPath, MAX_PATH * sizeof(WCHAR));
     wcscpy_s(wszModuleFullPath, MAX_PATH, m_bstrModuleFolder);
-    PathCchAppend(wszModuleFullPath, MAX_PATH, m_bstrModule);
+
+    hr = StringUtils::SafePathAppend(wszModuleFullPath, m_bstrModule, MAX_PATH);
+    if (FAILED(hr))
+    {
+        CLogging::LogError(
+            _T("CInstrumentationMethod::Initialize - failed to append method dll to method configuration folder, PID: %u, hr: %x, target: '%s' + '%s'"),
+            GetCurrentProcessId(), hr, m_bstrModuleFolder.m_str, m_bstrModule.m_str);
+        return hr;
+    }
 
     m_hmod = ::LoadLibrary(wszModuleFullPath);
 

src/InstrumentationEngine.Lib/StringUtils.cpp

@@ -47,7 +47,7 @@ using namespace ATL;
 #include <sal.h>
 
 #ifndef PLATFORM_UNIX
-#include <PathCch.h>
+#include <Shlwapi.h>
 #endif
 
 #ifdef PLATFORM_UNIX

src/InstrumentationEngine.Lib/StringUtils.h

@@ -47,7 +47,7 @@
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>Common.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;%(AdditionalDependencies);Faultrep.lib;PathCch.lib</AdditionalDependencies>
+      <AdditionalDependencies>Common.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;Faultrep.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalOptions Condition="'$(Platform)'=='Win32'">/SafeSEH %(AdditionalOptions)</AdditionalOptions>
     </Link>
     <Lib>

src/InstrumentationEngine.Lib/stdafx.h

@@ -65,7 +65,7 @@
   </ImportGroup>
   <ItemDefinitionGroup>
     <ClCompile>
-      <AdditionalIncludeDirectories>$(OutDir);..\Common.Lib;..\InstrumentationEngine.ProfilerProxy.Lib;..\..\inc;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>$(OutDir);..\Common.Lib;..\InstrumentationEngine.ProfilerProxy.Lib;..\..\inc;..\InstrumentationEngine.Lib;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <WarningLevel>Level3</WarningLevel>
       <PreprocessorDefinitions>_WINDOWS;_USRDLL;INSTRUMENTATIONENGINEPROFILERPROXY_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <PreprocessorDefinitions Condition="'$(Platform)'=='Win32'">WIN32;%(PreprocessorDefinitions)</PreprocessorDefinitions>
@@ -74,7 +74,7 @@
       <SubSystem>Windows</SubSystem>
       <GenerateDebugInformation>true</GenerateDebugInformation>
       <AdditionalLibraryDirectories>$(OutDir);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>Common.Lib.lib;InstrumentationEngine.ProfilerProxy.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;%(AdditionalDependencies);Faultrep.lib;PathCch.lib</AdditionalDependencies>
+      <AdditionalDependencies>Common.Lib.lib;InstrumentationEngine.ProfilerProxy.Lib.lib;kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;msxml6.lib;version.lib;mscoree.lib;Faultrep.lib;Shlwapi.lib;%(AdditionalDependencies)</AdditionalDependencies>
       <AdditionalOptions Condition="'$(Platform)'=='Win32'">/SafeSEH %(AdditionalOptions)</AdditionalOptions>
     </Link>
   </ItemDefinitionGroup>