diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-08-25 22:53:08 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:22:54 +0100 |
commit | d6aa6536482efa719a44a757ea2622cad86f1e23 (patch) | |
tree | e41deac2e42f5d1c0d62394a1b57c4c718e5e046 | |
parent | 6de2c143b95841224b7d93aae5ce00f0ffc62074 (diff) | |
download | VeraCrypt-d6aa6536482efa719a44a757ea2622cad86f1e23.tar.gz VeraCrypt-d6aa6536482efa719a44a757ea2622cad86f1e23.zip |
Windows vulnerability fix : avoid kernel pointer disclosure through a call to TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG but restricting this call to Kernel Mode.
-rw-r--r-- | src/Driver/Ntdriver.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 9574483b..ce4ebf51 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1504,7 +1504,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex break;
case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG:
- if (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
+ if ( (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
+ && (Irp->RequestorMode == KernelMode)
+ )
{
GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer;
|