Windows vulnerability fix : make boot-loader decompressor more robust and secure by adding multiple checks and validation code. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2014-08-27 23:11:54 +0200
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2014-11-08 23:22:59 +0100
commit: ef4355acf8106f7b25ac5ad319f440f05de502c1 (patch)
tree: dd8bc64aa7073551a57c7708e15ddb38acae4d8e /src/Boot/Windows/BootSector.asm
parent: 5fcb262539e0d098e145722566b8ffc048170e6d (diff)
download: VeraCrypt-ef4355acf8106f7b25ac5ad319f440f05de502c1.tar.gz
VeraCrypt-ef4355acf8106f7b25ac5ad319f440f05de502c1.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Boot/Windows/BootSector.asm b/src/Boot/Windows/BootSector.asm
index 74e8381b..1daaadac 100644
--- a/src/Boot/Windows/BootSector.asm
+++ b/src/Boot/Windows/BootSector.asm
@@ -134,6 +134,8 @@ checksum_ok:
 	push dx
 	
 	; Decompress boot loader
+	mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]
+	push cx																		; Compressed data size
 	push TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET + TC_GZIP_HEADER_SIZE			; Compressed data
 	push TC_MAX_BOOT_LOADER_DECOMPRESSED_SIZE									; Output buffer size
 	push TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE + TC_COM_EXECUTABLE_OFFSET		; Output buffer
@@ -145,7 +147,7 @@ checksum_ok:
 	retf
 decompressor_ret:
 
-	add sp, 6
+	add sp, 8
 	pop dx
 	
 	; Restore boot sector segment
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2014-08-27 23:11:54 +0200
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2014-11-08 23:22:59 +0100
commit	ef4355acf8106f7b25ac5ad319f440f05de502c1 (patch)
tree	dd8bc64aa7073551a57c7708e15ddb38acae4d8e /src/Boot/Windows/BootSector.asm
parent	5fcb262539e0d098e145722566b8ffc048170e6d (diff)
download	VeraCrypt-ef4355acf8106f7b25ac5ad319f440f05de502c1.tar.gz VeraCrypt-ef4355acf8106f7b25ac5ad319f440f05de502c1.zip