diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-07-16 11:08:24 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2023-07-16 11:08:24 +0200 |
commit | 6267b91931af87db2b95172389a6fbaac206e42e (patch) | |
tree | bcee2266f1c5d9c5311d90fabe3fcb8aa79f8e93 /src | |
parent | c759c2230b2e4df1faabea934313b8046e9420d1 (diff) | |
download | VeraCrypt-6267b91931af87db2b95172389a6fbaac206e42e.tar.gz VeraCrypt-6267b91931af87db2b95172389a6fbaac206e42e.zip |
Windows: fix issue with fastCreate by requesting SE_MANAGE_VOLUME_NAME privilege before calling CreateFile
This ensures that the returned handle inherits the privilege
Diffstat (limited to 'src')
-rw-r--r-- | src/Common/Format.c | 54 |
1 files changed, 28 insertions, 26 deletions
diff --git a/src/Common/Format.c b/src/Common/Format.c index bcbb94a1..a34b227d 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -344,6 +344,26 @@ begin_format: else { /* File-hosted volume */ + BOOL speedupFileCreation = FALSE; + // speedup for file creation only makes sens when using quick format for non hidden volumes + if (!volParams->hiddenVol && !bInstantRetryOtherFilesys && volParams->quickFormat && volParams->fastCreateFile) + { + // we set required privileges to speedup file creation before we create the file so that the file handle inherits the privileges + if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE)) + { + DWORD dwLastError = GetLastError(); + if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO)) + { + SetLastError(dwLastError); + nStatus = ERR_OS_ERROR; + goto error; + } + } + else + { + speedupFileCreation = TRUE; + } + } dev = CreateFile (volParams->volumePath, GENERIC_READ | GENERIC_WRITE, (volParams->hiddenVol || bInstantRetryOtherFilesys) ? (FILE_SHARE_READ | FILE_SHARE_WRITE) : 0, @@ -373,13 +393,8 @@ begin_format: if (!volParams->hiddenVol && !bInstantRetryOtherFilesys) { LARGE_INTEGER volumeSize; - BOOL speedupFileCreation = FALSE; volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE; - // speedup for file creation only makes sens when using quick format - if (volParams->quickFormat && volParams->fastCreateFile) - speedupFileCreation = TRUE; - if (volParams->sparseFileSwitch && volParams->quickFormat) { // Create as sparse file container @@ -401,28 +416,15 @@ begin_format: if (speedupFileCreation) { - if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE)) - { - DWORD dwLastError = GetLastError(); - if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO)) - { - SetLastError(dwLastError); - nStatus = ERR_OS_ERROR; - goto error; - } - } - else + // accelerate file creation by telling Windows not to fill all file content with zeros + // this has security issues since it will put existing disk content into file container + // We use this mechanism only when switch /fastCreateFile specific and when quick format + // also specified and which is documented to have security issues. + // we don't check returned status because failure is not issue for us + if (!SetFileValidData (dev, volumeSize.QuadPart)) { - // accelerate file creation by telling Windows not to fill all file content with zeros - // this has security issues since it will put existing disk content into file container - // We use this mechanism only when switch /fastCreateFile specific and when quick format - // also specified and which is documented to have security issues. - // we don't check returned status because failure is not issue for us - if (!SetFileValidData (dev, volumeSize.QuadPart)) - { - nStatus = ERR_OS_ERROR; - goto error; - } + nStatus = ERR_OS_ERROR; + goto error; } } |