diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-11-28 18:36:36 +0100 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2019-11-30 23:39:58 +0100 |
commit | 1921b89c48680ec0a180adeaab26a23c3e5a3f72 (patch) | |
tree | 674c4ba7db427520f2f34237443d089b000138d7 | |
parent | 2d4d3ab4ed0ee86d46fe2b44ca1e56a3d2916f68 (diff) | |
download | VeraCrypt-DCS-1921b89c48680ec0a180adeaab26a23c3e5a3f72.tar.gz VeraCrypt-DCS-1921b89c48680ec0a180adeaab26a23c3e5a3f72.zip |
Fix F5 showing previous password after failed authentication attempt. Ensure that even wrong password value are cleared from memory.VeraCrypt_1.24-Update2
-rw-r--r-- | DcsInt/DcsInt.c | 48 | ||||
-rw-r--r-- | Library/PasswordLib/ConsolePassword.c | 26 | ||||
-rw-r--r-- | Library/VeraCryptLib/DcsVeraCrypt.c | 2 |
3 files changed, 47 insertions, 29 deletions
diff --git a/DcsInt/DcsInt.c b/DcsInt/DcsInt.c index 7dd98ec..b7e392f 100644 --- a/DcsInt/DcsInt.c +++ b/DcsInt/DcsInt.c @@ -160,29 +160,33 @@ PrepareBootParams( IN PCRYPTO_INFO cryptoInfo)
{
BootArguments *bootArgs;
- if (bootParams == NULL) return EFI_UNSUPPORTED;
- bootArgs = &bootParams->BootArgs;
- TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
- bootArgs->BootLoaderVersion = VERSION_NUM;
- bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
- bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
- bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
- CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
- bootArgs->HiddenSystemPartitionStart = 0;
- bootArgs->DecoySystemPartitionStart = 0;
- bootArgs->BootDriveSignature = bootDriveSignature;
- bootArgs->Flags = (uint32)(gAuthPim << 16);
- bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
- bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
- bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
- bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
- SetSecRegionParamsMemory();
+ EFI_STATUS status;
+ if (bootParams == NULL) status = EFI_UNSUPPORTED;
+ else {
+ bootArgs = &bootParams->BootArgs;
+ TC_SET_BOOT_ARGUMENTS_SIGNATURE(bootArgs->Signature);
+ bootArgs->BootLoaderVersion = VERSION_NUM;
+ bootArgs->CryptoInfoOffset = (uint16)(FIELD_OFFSET(BOOT_PARAMS, BootCryptoInfo));
+ bootArgs->CryptoInfoLength = (uint16)(sizeof(BOOT_CRYPTO_HEADER) + 2 + sizeof(SECREGION_BOOT_PARAMS));
+ bootArgs->HeaderSaltCrc32 = gHeaderSaltCrc32;
+ CopyMem(&bootArgs->BootPassword, &gAuthPassword, sizeof(gAuthPassword));
+ bootArgs->HiddenSystemPartitionStart = 0;
+ bootArgs->DecoySystemPartitionStart = 0;
+ bootArgs->BootDriveSignature = bootDriveSignature;
+ bootArgs->Flags = (uint32)(gAuthPim << 16);
+ bootArgs->BootArgumentsCrc32 = GetCrc32((byte *)bootArgs, (int)((byte *)&bootArgs->BootArgumentsCrc32 - (byte *)bootArgs));
+ bootParams->BootCryptoInfo.ea = (uint16)cryptoInfo->ea;
+ bootParams->BootCryptoInfo.mode = (uint16)cryptoInfo->mode;
+ bootParams->BootCryptoInfo.pkcs5 = (uint16)cryptoInfo->pkcs5;
+ SetSecRegionParamsMemory();
+ status = EFI_SUCCESS;
+ }
// Clean auth data
MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
MEM_BURN(&gAuthPim, sizeof(gAuthPim));
- return EFI_SUCCESS;
+ return status;
}
void GetIntersection(uint64 start1, uint32 length1, uint64 start2, uint64 end2, uint64 *intersectStart, uint32 *intersectLength)
@@ -708,6 +712,10 @@ SecRegionTryDecrypt() break;
} else {
ERR_PRINT(L"%a", gAuthErrorMsg);
+ // clear previous failed authentication information
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ if (gAuthPimRqt)
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
}
retry--;
} while (vcres != 0 && retry > 0);
@@ -1186,6 +1194,10 @@ UefiMain( gST->ConIn->Reset(gST->ConIn, FALSE);
if (EFI_ERROR(res)) {
+ // clear buffers with potential authentication data
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
+ MEM_BURN(&gAuthPim, sizeof(gAuthPim));
+
if (res == EFI_TIMEOUT)
return OnExit(gOnExitTimeout, OnExitAuthTimeout, res);
else if (res == EFI_DCS_USER_CANCELED)
diff --git a/Library/PasswordLib/ConsolePassword.c b/Library/PasswordLib/ConsolePassword.c index 0b2d3c6..8588a19 100644 --- a/Library/PasswordLib/ConsolePassword.c +++ b/Library/PasswordLib/ConsolePassword.c @@ -29,6 +29,8 @@ AskConsolePwdInt( EFI_INPUT_KEY key;
UINT32 count = 0;
UINTN i;
+
+ if ((asciiLine != NULL) && (line_max >= 1)) asciiLine[0] = '\0';
gST->ConOut->EnableCursor(gST->ConOut, TRUE);
if (gPasswordTimeout) {
@@ -63,19 +65,21 @@ AskConsolePwdInt( if (key.ScanCode == SCAN_F5) {
show = show ? 0 : 1;
- if (show) {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
- }
- OUT_PRINT(L"%a", asciiLine);
- }
- else {
- for (i = 0; i < count; i++) {
- OUT_PRINT(L"\b");
+ if (count > 0) {
+ if (show) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"\b");
+ }
+ OUT_PRINT(L"%a", asciiLine);
}
- if (gPasswordProgress) {
+ else {
for (i = 0; i < count; i++) {
- OUT_PRINT(L"*");
+ OUT_PRINT(L"\b");
+ }
+ if (gPasswordProgress) {
+ for (i = 0; i < count; i++) {
+ OUT_PRINT(L"*");
+ }
}
}
}
diff --git a/Library/VeraCryptLib/DcsVeraCrypt.c b/Library/VeraCryptLib/DcsVeraCrypt.c index c3e8a39..b99ed0b 100644 --- a/Library/VeraCryptLib/DcsVeraCrypt.c +++ b/Library/VeraCryptLib/DcsVeraCrypt.c @@ -400,9 +400,11 @@ VCAskPwd( VOID
VCAuthAsk()
{
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
VCAskPwd(AskPwdLogin, &gAuthPassword);
if ((gAuthPwdCode == AskPwdRetCancel) || (gAuthPwdCode == AskPwdRetTimeout)) {
+ MEM_BURN(&gAuthPassword, sizeof(gAuthPassword));
return;
}
|