Windows Driver: Protect captured subject context during processing of user access token.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2015-08-29 23:25:34 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2015-08-31 00:30:56 +0200
commit: dc6c279339f8e3a18569afce002fc9329cebeeb7 (patch)
tree: 076eed9dc70514fbf3718d9819dcf362b591c6bd
parent: 2f2cb6b7aef0bc297269916c47149faee08a968f (diff)
download: VeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.tar.gz
VeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index d292acb9..a5965c96 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -2653,6 +2653,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
 		PACCESS_TOKEN accessToken;
 
 		SeCaptureSubjectContext (&subContext);
+		SeLockSubjectContext(&subContext);
 		accessToken = SeQuerySubjectContextToken (&subContext);
 
 		if (!accessToken)
@@ -2678,6 +2679,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
 			}
 		}
 
+		SeUnlockSubjectContext(&subContext);
 		SeReleaseSubjectContext (&subContext);
 
 		if (NT_SUCCESS (ntStatus))
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2015-08-29 23:25:34 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2015-08-31 00:30:56 +0200
commit	dc6c279339f8e3a18569afce002fc9329cebeeb7 (patch)
tree	076eed9dc70514fbf3718d9819dcf362b591c6bd
parent	2f2cb6b7aef0bc297269916c47149faee08a968f (diff)
download	VeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.tar.gz VeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.zip