diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/Build/Include/Makefile.inc | 2 | ||||
-rw-r--r-- | src/Common/BootEncryption.cpp | 2 | ||||
-rw-r--r-- | src/Common/Dlgcode.c | 20 | ||||
-rw-r--r-- | src/Common/Dlgcode.h | 4 | ||||
-rw-r--r-- | src/Common/Tcdefs.h | 2 | ||||
-rw-r--r-- | src/Core/CoreBase.h | 4 | ||||
-rw-r--r-- | src/Core/Unix/CoreService.cpp | 55 | ||||
-rw-r--r-- | src/Driver/Driver.vcxproj | 8 | ||||
-rw-r--r-- | src/Driver/EncryptedIoQueue.c | 84 | ||||
-rw-r--r-- | src/Main/CommandLineInterface.cpp | 4 | ||||
-rw-r--r-- | src/Main/CommandLineInterface.h | 2 | ||||
-rw-r--r-- | src/Main/UserInterface.cpp | 6 |
12 files changed, 115 insertions, 78 deletions
diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc index 11ab12c2..0f68df36 100644 --- a/src/Build/Include/Makefile.inc +++ b/src/Build/Include/Makefile.inc @@ -101,5 +101,5 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr $(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3) @echo Updating library $@ - $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3) + $(AR) $(AFLAGS) -rc $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3) $(RANLIB) $@ diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp index e6e36f12..6a36a60f 100644 --- a/src/Common/BootEncryption.cpp +++ b/src/Common/BootEncryption.cpp @@ -3202,7 +3202,7 @@ namespace VeraCrypt void BootEncryption::UpdateSetupConfigFile (bool bForInstall) { // starting from Windows 10 1607 (Build 14393), ReflectDrivers in Setupconfig.ini is supported - if (IsOSVersionAtLeast (WIN_10, 0) && CurrentOSBuildNumber >= 14393) + if (IsWin10BuildAtLeast(WIN_10_1607_BUILD)) { wchar_t szInstallPath [TC_MAX_PATH]; wchar_t szSetupconfigLocation [TC_MAX_PATH + 20]; diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index ee3630c0..681761bf 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -1046,6 +1046,20 @@ BOOL IsOSVersionAtLeast (OSVersionEnum reqMinOS, int reqMinServicePack) >= (major << 16 | minor << 8 | reqMinServicePack)); } +BOOL IsWin10BuildAtLeast(DWORD minBuild) +{ + // Must first be recognized as Windows 10 or higher + if (nCurrentOS < WIN_10) + return FALSE; + + // If we’re on Windows 10, check build number + if (nCurrentOS == WIN_10 && CurrentOSBuildNumber < minBuild) + return FALSE; + + // If we are on a higher version of Windows, we are good to go + return TRUE; +} + #ifdef SETUP_DLL static BOOL GetWindowVersionFromFile(DWORD* pdwMajor, DWORD* pdwMinor, DWORD* pdwBuildNumber) { @@ -3611,10 +3625,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) InitOSVersionInfo(); - if (!IsOSAtLeast (WIN_10)) + if (!IsWin10BuildAtLeast(WIN_10_1809_BUILD)) { - // abort using a message that says that VeraCrypt can run only on Windows 10 and later - AbortProcessDirect(L"VeraCrypt requires at least Windows 10 to run."); + // abort using a message that says that VeraCrypt can run only on Windows 10 version 1809 or later + AbortProcessDirect(L"VeraCrypt requires at least Windows 10 version 1809 (October 2018 Update) to run."); } if (!Is64BitOs()) diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h index 4dfae20f..9ffb5c9d 100644 --- a/src/Common/Dlgcode.h +++ b/src/Common/Dlgcode.h @@ -286,6 +286,9 @@ typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)( #define ISO_BURNER_TOOL L"isoburn.exe" #define PRINT_TOOL L"notepad.exe" +#define WIN_10_1607_BUILD 14393 // Windows 10 version 1607 corresponds to build 14393 +#define WIN_10_1809_BUILD 17763 // Windows 10 version 1809 corresponds to build 17763 + void InitGlobalLocks (); void FinalizeGlobalLocks (); void cleanup ( void ); @@ -500,6 +503,7 @@ void Debug (char *format, ...); void DebugMsgBox (char *format, ...); BOOL IsOSAtLeast (OSVersionEnum reqMinOS); BOOL IsOSVersionAtLeast (OSVersionEnum reqMinOS, int reqMinServicePack); +BOOL IsWin10BuildAtLeast(DWORD minBuild); BOOL IsSupportedOS (); BOOL Is64BitOs (); BOOL IsARM(); diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h index 0051dba2..48fc12b6 100644 --- a/src/Common/Tcdefs.h +++ b/src/Common/Tcdefs.h @@ -261,7 +261,7 @@ void ThrowFatalException(int line); extern ULONG AllocTag; -#define TCalloc(size) ((void *) ExAllocatePool2( POOL_FLAG_NON_PAGED, size, AllocTag )) +#define TCalloc(size) ((void *) ExAllocatePoolUninitialized( NonPagedPoolNx , size, AllocTag )) #define TCfree(memblock) ExFreePoolWithTag( memblock, AllocTag ) #define DEVICE_DRIVER diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h index e646fce3..7f830336 100644 --- a/src/Core/CoreBase.h +++ b/src/Core/CoreBase.h @@ -77,10 +77,8 @@ namespace VeraCrypt virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0; virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0; virtual void WipePasswordCache () const = 0; -#if defined(TC_LINUX ) || defined (TC_FREEBSD) virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;} virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;} -#endif Event VolumeDismountedEvent; Event VolumeMountedEvent; @@ -91,9 +89,7 @@ namespace VeraCrypt bool DeviceChangeInProgress; FilePath ApplicationExecutablePath; -#if defined(TC_LINUX ) || defined (TC_FREEBSD) bool UseDummySudoPassword; -#endif private: CoreBase (const CoreBase &); diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp index 6d0f05e5..e4b75dd3 100644 --- a/src/Core/Unix/CoreService.cpp +++ b/src/Core/Unix/CoreService.cpp @@ -292,41 +292,33 @@ namespace VeraCrypt while (!ElevatedServiceAvailable) { // Test if the user has an active "sudo" session. - // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'. - // In case a "sudo" session is active, the result of the command contains the string 'load average'. - // Otherwise, the result contains "sudo: a password is required". - // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10, - // therefore we keep the old behaviour of sending a 'dummy' password under OSX. - // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0 - // - // If for some reason we are getting empty output from pipe, we revert to old behavior - // We also use the old way if the user is forcing the use of dummy password for sudo - -#if defined(TC_LINUX ) || defined (TC_FREEBSD) bool authCheckDone = false; if (!Core->GetUseDummySudoPassword ()) - { - std::vector<char> buffer(128, 0); - std::string result; - - FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command + { + // sudo man page: "If the -l option was specified without a command, sudo, will exit + // with a value of 0 if the user is allowed to run sudo, and they authenticated successfully" + // We are using -n to avoid prompting the user for a password. + // We are redirecting stderr to stdout and discarding both to avoid any output. + // This approach also works on newer macOS versions (12.0 and later). + FILE* pipe = popen("sudo -n -l > /dev/null 2>&1", "r"); // redirect stderr to stdout and discard both. if (pipe) { - while (!feof(pipe)) - { - if (fgets(buffer.data(), 128, pipe) != nullptr) - result += buffer.data(); - } - - fflush(pipe); - pclose(pipe); + // We only care about the exit code + char buf[128]; + while (!feof(pipe)) + { + if (fgets(buf, sizeof(buf), pipe) == NULL) + break; + } + int status = pclose(pipe); pipe = NULL; - if (!result.empty() && strlen(result.c_str()) != 0) - { - authCheckDone = true; - if (result[0] == '0') // no line found with "load average" text, rerquest admin password - (*AdminPasswordCallback) (request.AdminPassword); + authCheckDone = true; + + // If exit code != 0, user does NOT have an active session => request password + if (status != 0) + { + (*AdminPasswordCallback)(request.AdminPassword); } } @@ -336,7 +328,7 @@ namespace VeraCrypt request.FastElevation = false; } } -#endif + try { request.Serialize (ServiceInputStream); @@ -353,9 +345,8 @@ namespace VeraCrypt } request.FastElevation = false; -#if defined(TC_LINUX ) || defined (TC_FREEBSD) + if(!authCheckDone) -#endif (*AdminPasswordCallback) (request.AdminPassword); } } diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj index 7f135b35..60585351 100644 --- a/src/Driver/Driver.vcxproj +++ b/src/Driver/Driver.vcxproj @@ -37,7 +37,7 @@ <ConfigurationType>Driver</ConfigurationType> <DriverType>WDM</DriverType> <DriverTargetPlatform>Universal</DriverTargetPlatform> - <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION> + <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration"> <TargetVersion>Windows10</TargetVersion> @@ -46,7 +46,7 @@ <ConfigurationType>Driver</ConfigurationType> <DriverType>WDM</DriverType> <DriverTargetPlatform>Universal</DriverTargetPlatform> - <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION> + <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration"> <TargetVersion>Windows10</TargetVersion> @@ -55,7 +55,7 @@ <ConfigurationType>Driver</ConfigurationType> <DriverType>WDM</DriverType> <DriverTargetPlatform>Universal</DriverTargetPlatform> - <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION> + <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION> </PropertyGroup> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration"> <TargetVersion>Windows10</TargetVersion> @@ -64,7 +64,7 @@ <ConfigurationType>Driver</ConfigurationType> <DriverType>WDM</DriverType> <DriverTargetPlatform>Universal</DriverTargetPlatform> - <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION> + <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION> </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c index 91399c47..de1e4fdc 100644 --- a/src/Driver/EncryptedIoQueue.c +++ b/src/Driver/EncryptedIoQueue.c @@ -225,39 +225,79 @@ static void ReleaseFragmentBuffer (EncryptedIoQueue *queue, uint8 *buffer) } } -BOOL +BOOL UpdateBuffer( - uint8* buffer, - uint8* secRegion, - uint64 bufferDiskOffset, - uint32 bufferLength, - BOOL doUpadte - ) + uint8* buffer, + uint8* secRegion, + SIZE_T secRegionSize, + uint64 bufferDiskOffset, + uint32 bufferLength, + BOOL doUpadte +) { uint64 intersectStart; uint32 intersectLength; uint32 i; - DCS_DISK_ENTRY_LIST *DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512); + DCS_DISK_ENTRY_LIST *DeList = NULL; BOOL updated = FALSE; - if (secRegion == NULL) return FALSE; + if (secRegion == NULL) + return FALSE; + + // Check if secRegion is large enough to hold the DCS_DISK_ENTRY_LIST structure + // starting at offset 512 + if (secRegionSize < (512 + sizeof(DCS_DISK_ENTRY_LIST))) + return FALSE; + + DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512); + + // Ensure Count doesn't exceed the fixed array size + if (DeList->Count > 15) + return FALSE; + for (i = 0; i < DeList->Count; ++i) { if (DeList->DE[i].Type == DE_Sectors) { + uint64 sectorStart = DeList->DE[i].Sectors.Start; + uint64 sectorLength = DeList->DE[i].Sectors.Length; + uint64 sectorOffset = DeList->DE[i].Sectors.Offset; + + // Check that sectorOffset and sectorLength are valid within secRegion + if (sectorOffset > secRegionSize || + sectorLength == 0 || + (sectorOffset + sectorLength) > secRegionSize) + { + // Invalid entry - skip + continue; + } + GetIntersection( bufferDiskOffset, bufferLength, - DeList->DE[i].Sectors.Start, DeList->DE[i].Sectors.Start + DeList->DE[i].Sectors.Length - 1, + sectorStart, sectorStart + sectorLength - 1, &intersectStart, &intersectLength - ); + ); + if (intersectLength != 0) { + uint64 bufferPos = intersectStart - bufferDiskOffset; + uint64 regionPos = sectorOffset + (intersectStart - sectorStart); + + // Check buffer boundaries + if (bufferPos + intersectLength > bufferLength) + continue; // Intersection out of buffer range + + // Check secRegion boundaries + if (regionPos + intersectLength > secRegionSize) + continue; // Intersection out of secRegion range + updated = TRUE; - if(doUpadte && buffer != NULL) { -// Dump("Subst data\n"); + if (doUpadte && buffer != NULL) { memcpy( - buffer + (intersectStart - bufferDiskOffset), - secRegion + DeList->DE[i].Sectors.Offset + (intersectStart - DeList->DE[i].Sectors.Start), + buffer + bufferPos, + secRegion + regionPos, intersectLength - ); - } else { + ); + } + else { + // If no update is needed but intersection found return TRUE; } } @@ -287,7 +327,7 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex // If no active work items remain, signal the event if (InterlockedDecrement(&queue->ActiveWorkItems) == 0) { - KeSetEvent(&queue->NoActiveWorkItemsEvent, IO_NO_INCREMENT, FALSE); + KeSetEvent(&queue->NoActiveWorkItemsEvent, IO_DISK_INCREMENT, FALSE); } // Return the work item to the free list @@ -296,7 +336,7 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex KeReleaseSpinLock(&queue->WorkItemLock, oldIrql); // Release the semaphore to signal that a work item is available - KeReleaseSemaphore(&queue->WorkItemSemaphore, IO_NO_INCREMENT, 1, FALSE); + KeReleaseSemaphore(&queue->WorkItemSemaphore, IO_DISK_INCREMENT, 1, FALSE); // Free the item ReleasePoolBuffer(queue, item); @@ -378,7 +418,7 @@ static VOID CompletionThreadProc(PVOID threadArg) // Dump("Read sector %lld count %d\n", request->Offset.QuadPart >> 9, request->Length >> 9); // Update subst sectors if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) { - UpdateBuffer(request->Data, queue->SecRegionData, request->Offset.QuadPart, request->Length, TRUE); + UpdateBuffer(request->Data, queue->SecRegionData, queue->SecRegionSize, request->Offset.QuadPart, request->Length, TRUE); } if (request->CompleteOriginalIrp) @@ -731,7 +771,7 @@ static VOID MainThreadProc (PVOID threadArg) } // Update subst sectors if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) { - UpdateBuffer(buffer, queue->SecRegionData, alignedOffset.QuadPart, alignedLength, TRUE); + UpdateBuffer(buffer, queue->SecRegionData, queue->SecRegionSize, alignedOffset.QuadPart, alignedLength, TRUE); } memcpy (dataBuffer, buffer + (item->OriginalOffset.LowPart & (ENCRYPTION_DATA_UNIT_SIZE - 1)), item->OriginalLength); @@ -824,7 +864,7 @@ static VOID MainThreadProc (PVOID threadArg) } else if (item->Write && (queue->SecRegionData != NULL) && (queue->SecRegionSize > 512) - && UpdateBuffer (NULL, queue->SecRegionData, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE)) + && UpdateBuffer (NULL, queue->SecRegionData, queue->SecRegionSize, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE)) { // Prevent inappropriately designed software from damaging important data Dump ("Preventing write to the system GPT area\n"); diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp index 735cbeef..08042c9e 100644 --- a/src/Main/CommandLineInterface.cpp +++ b/src/Main/CommandLineInterface.cpp @@ -32,9 +32,7 @@ namespace VeraCrypt ArgAllowScreencapture (false), ArgDisableFileSizeCheck (false), ArgUseLegacyPassword (false), -#if defined(TC_LINUX ) || defined (TC_FREEBSD) ArgUseDummySudoPassword (false), -#endif StartBackgroundTask (false) { wxCmdLineParser parser; @@ -376,9 +374,7 @@ namespace VeraCrypt ArgDisableFileSizeCheck = parser.Found (L"no-size-check"); ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength"); -#if defined(TC_LINUX ) || defined (TC_FREEBSD) ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password"); -#endif #if !defined(TC_WINDOWS) && !defined(TC_MACOSX) if (parser.Found (L"fs-options", &str)) diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h index f773ca6f..7e7b1054 100644 --- a/src/Main/CommandLineInterface.h +++ b/src/Main/CommandLineInterface.h @@ -87,9 +87,7 @@ namespace VeraCrypt bool ArgAllowScreencapture; bool ArgDisableFileSizeCheck; bool ArgUseLegacyPassword; -#if defined(TC_LINUX ) || defined (TC_FREEBSD) bool ArgUseDummySudoPassword; -#endif bool StartBackgroundTask; UserPreferences Preferences; diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp index b216101a..4bb8bcda 100644 --- a/src/Main/UserInterface.cpp +++ b/src/Main/UserInterface.cpp @@ -496,8 +496,8 @@ namespace VeraCrypt EX2MSG (PasswordOrKeyboardLayoutIncorrect, LangString["PASSWORD_OR_KEYFILE_WRONG"] + LangString["LINUX_EX2MSG_PASSWORDORKEYBOARDLAYOUTINCORRECT"]); EX2MSG (PasswordOrMountOptionsIncorrect, LangString["PASSWORD_OR_KEYFILE_OR_MODE_WRONG"] + LangString["LINUX_EX2MSG_PASSWORDORMOUNTOPTIONSINCORRECT"]); EX2MSG (PasswordTooLong, StringFormatter (LangString["LINUX_EX2MSG_PASSWORDTOOLONG"], (int) VolumePassword::MaxSize)); - EX2MSG (PasswordUTF8TooLong, LangString["PASSWORD_UTF8_TOO_LONG"]); - EX2MSG (PasswordLegacyUTF8TooLong, LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"]); + EX2MSG (PasswordUTF8TooLong, StringFormatter (LangString["PASSWORD_UTF8_TOO_LONG"], (int) VolumePassword::MaxSize)); + EX2MSG (PasswordLegacyUTF8TooLong, StringFormatter (LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"], (int) VolumePassword::MaxLegacySize)); EX2MSG (PasswordUTF8Invalid, LangString["PASSWORD_UTF8_INVALID"]); EX2MSG (PartitionDeviceRequired, LangString["LINUX_EX2MSG_PARTITIONDEVICEREQUIRED"]); EX2MSG (ProtectionPasswordIncorrect, LangString["LINUX_EX2MSG_PROTECTIONPASSWORDINCORRECT"]); @@ -570,9 +570,7 @@ namespace VeraCrypt Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler)); } -#if defined(TC_LINUX ) || defined (TC_FREEBSD) Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword); -#endif Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning)); Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted)); |