diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-09-01 00:00:23 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:23:08 +0100 |
commit | f82e16f0a1b2be294b8fcd7e45f8b0d940e53e82 (patch) | |
tree | a2874b8ccdba3358d9a7f6b828c418106a95013e | |
parent | 4fa4d6d22708231a51bdff93ef3220aa95b6fc80 (diff) | |
download | VeraCrypt-f82e16f0a1b2be294b8fcd7e45f8b0d940e53e82.tar.gz VeraCrypt-f82e16f0a1b2be294b8fcd7e45f8b0d940e53e82.zip |
Windows vulnerability fix: correct checking device name to avoid possible bypass attack detected by the Open Crypto Audit project
-rw-r--r-- | src/Driver/Ntdriver.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index ce4ebf51..72f35c67 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1734,6 +1734,22 @@ void TCSleep (int milliSeconds) TCfree (timer);
}
+BOOL IsDeviceName(wchar_t wszVolume[TC_MAX_PATH])
+{
+ if ( (wszVolume[0] == '\\')
+ && (wszVolume[1] == 'D' || wszVolume[1] == 'd')
+ && (wszVolume[2] == 'E' || wszVolume[2] == 'e')
+ && (wszVolume[3] == 'V' || wszVolume[3] == 'v')
+ && (wszVolume[4] == 'I' || wszVolume[4] == 'i')
+ && (wszVolume[5] == 'C' || wszVolume[5] == 'c')
+ && (wszVolume[6] == 'E' || wszVolume[6] == 'e')
+ )
+ {
+ return TRUE;
+ }
+ else
+ return FALSE;
+}
/* VolumeThreadProc does all the work of processing IRP's, and dispatching them
to either the ReadWrite function or the DeviceControl function */
@@ -1749,7 +1765,7 @@ VOID VolumeThreadProc (PVOID Context) Dump ("Mount THREAD OPENING VOLUME BEGIN\n");
- if (memcmp (pThreadBlock->mount->wszVolume, WIDE ("\\Device"), 14) != 0)
+ if ( !IsDeviceName (pThreadBlock->mount->wszVolume))
{
RtlStringCbCopyW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),WIDE ("\\??\\"));
RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume);
|