diff options
Diffstat (limited to 'src/Common/Password.c')
-rw-r--r-- | src/Common/Password.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/Common/Password.c b/src/Common/Password.c index ae6b8035..c0247207 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -344,60 +344,64 @@ int ChangePwd (const wchar_t *lpszVolume, Password *oldPassword, int old_pkcs5, headerOffset.QuadPart = TC_HIDDEN_VOLUME_HEADER_OFFSET; break; } if (!SetFilePointerEx ((HANDLE) dev, headerOffset, NULL, FILE_BEGIN)) { nStatus = ERR_OS_ERROR; goto error; } /* Read in volume header */ if (!ReadEffectiveVolumeHeader (bDevice, dev, buffer, &bytesRead)) { nStatus = ERR_OS_ERROR; goto error; } if (bytesRead != sizeof (buffer)) { // Windows may report EOF when reading sectors from the last cluster of a device formatted as NTFS memset (buffer, 0, sizeof (buffer)); } /* Try to decrypt the header */ nStatus = ReadVolumeHeader (FALSE, buffer, oldPassword, old_pkcs5, old_pim, &cryptoInfo, NULL); if (nStatus == ERR_CIPHER_INIT_WEAK_KEY) nStatus = 0; // We can ignore this error here + // if the XTS master key is vulnerable, return error and do not allow the user to change the password since the master key will not be changed + if ((nStatus == 0) && cryptoInfo->bVulnerableMasterKey) + nStatus = ERR_XTS_MASTERKEY_VULNERABLE; + if (nStatus == ERR_PASSWORD_WRONG) { continue; // Try next volume type } else if (nStatus != 0) { cryptoInfo = NULL; goto error; } else break; } if (nStatus != 0) { cryptoInfo = NULL; goto error; } if (cryptoInfo->HeaderFlags & TC_HEADER_FLAG_ENCRYPTED_SYSTEM) { nStatus = ERR_SYS_HIDVOL_HEAD_REENC_MODE_WRONG; goto error; } // Change the PKCS-5 PRF if requested by user if (pkcs5 != 0) cryptoInfo->pkcs5 = pkcs5; RandSetHashFunction (cryptoInfo->pkcs5); |