VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/Build/Include/Makefile.inc2
-rw-r--r--src/Common/BootEncryption.cpp2
-rw-r--r--src/Common/Dlgcode.c20
-rw-r--r--src/Common/Dlgcode.h4
-rw-r--r--src/Common/Tcdefs.h2
-rw-r--r--src/Core/CoreBase.h4
-rw-r--r--src/Core/Unix/CoreService.cpp55
-rw-r--r--src/Driver/Driver.vcxproj8
-rw-r--r--src/Driver/EncryptedIoQueue.c84
-rw-r--r--src/Main/CommandLineInterface.cpp4
-rw-r--r--src/Main/CommandLineInterface.h2
-rw-r--r--src/Main/UserInterface.cpp6
12 files changed, 115 insertions, 78 deletions
diff --git a/src/Build/Include/Makefile.inc b/src/Build/Include/Makefile.inc
index 11ab12c2..0f68df36 100644
--- a/src/Build/Include/Makefile.inc
+++ b/src/Build/Include/Makefile.inc
@@ -101,5 +101,5 @@ TR_SED_BIN := tr '\n' ' ' | tr -s ' ' ',' | sed -e 's/^,//g' -e 's/,$$/n/' | tr
$(NAME).a: $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3)
@echo Updating library $@
- $(AR) $(AFLAGS) -rcu $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3)
+ $(AR) $(AFLAGS) -rc $@ $(OBJS) $(OBJSEX) $(OBJSNOOPT) $(OBJSHANI) $(OBJSSSE41) $(OBJSSSSE3)
$(RANLIB) $@
diff --git a/src/Common/BootEncryption.cpp b/src/Common/BootEncryption.cpp
index e6e36f12..6a36a60f 100644
--- a/src/Common/BootEncryption.cpp
+++ b/src/Common/BootEncryption.cpp
@@ -3202,7 +3202,7 @@ namespace VeraCrypt
void BootEncryption::UpdateSetupConfigFile (bool bForInstall)
{
// starting from Windows 10 1607 (Build 14393), ReflectDrivers in Setupconfig.ini is supported
- if (IsOSVersionAtLeast (WIN_10, 0) && CurrentOSBuildNumber >= 14393)
+ if (IsWin10BuildAtLeast(WIN_10_1607_BUILD))
{
wchar_t szInstallPath [TC_MAX_PATH];
wchar_t szSetupconfigLocation [TC_MAX_PATH + 20];
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c
index ee3630c0..681761bf 100644
--- a/src/Common/Dlgcode.c
+++ b/src/Common/Dlgcode.c
@@ -1046,6 +1046,20 @@ BOOL IsOSVersionAtLeast (OSVersionEnum reqMinOS, int reqMinServicePack)
>= (major << 16 | minor << 8 | reqMinServicePack));
}
+BOOL IsWin10BuildAtLeast(DWORD minBuild)
+{
+ // Must first be recognized as Windows 10 or higher
+ if (nCurrentOS < WIN_10)
+ return FALSE;
+
+ // If we’re on Windows 10, check build number
+ if (nCurrentOS == WIN_10 && CurrentOSBuildNumber < minBuild)
+ return FALSE;
+
+ // If we are on a higher version of Windows, we are good to go
+ return TRUE;
+}
+
#ifdef SETUP_DLL
static BOOL GetWindowVersionFromFile(DWORD* pdwMajor, DWORD* pdwMinor, DWORD* pdwBuildNumber)
{
@@ -3611,10 +3625,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine)
InitOSVersionInfo();
- if (!IsOSAtLeast (WIN_10))
+ if (!IsWin10BuildAtLeast(WIN_10_1809_BUILD))
{
- // abort using a message that says that VeraCrypt can run only on Windows 10 and later
- AbortProcessDirect(L"VeraCrypt requires at least Windows 10 to run.");
+ // abort using a message that says that VeraCrypt can run only on Windows 10 version 1809 or later
+ AbortProcessDirect(L"VeraCrypt requires at least Windows 10 version 1809 (October 2018 Update) to run.");
}
if (!Is64BitOs())
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 4dfae20f..9ffb5c9d 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -286,6 +286,9 @@ typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
#define ISO_BURNER_TOOL L"isoburn.exe"
#define PRINT_TOOL L"notepad.exe"
+#define WIN_10_1607_BUILD 14393 // Windows 10 version 1607 corresponds to build 14393
+#define WIN_10_1809_BUILD 17763 // Windows 10 version 1809 corresponds to build 17763
+
void InitGlobalLocks ();
void FinalizeGlobalLocks ();
void cleanup ( void );
@@ -500,6 +503,7 @@ void Debug (char *format, ...);
void DebugMsgBox (char *format, ...);
BOOL IsOSAtLeast (OSVersionEnum reqMinOS);
BOOL IsOSVersionAtLeast (OSVersionEnum reqMinOS, int reqMinServicePack);
+BOOL IsWin10BuildAtLeast(DWORD minBuild);
BOOL IsSupportedOS ();
BOOL Is64BitOs ();
BOOL IsARM();
diff --git a/src/Common/Tcdefs.h b/src/Common/Tcdefs.h
index 0051dba2..48fc12b6 100644
--- a/src/Common/Tcdefs.h
+++ b/src/Common/Tcdefs.h
@@ -261,7 +261,7 @@ void ThrowFatalException(int line);
extern ULONG AllocTag;
-#define TCalloc(size) ((void *) ExAllocatePool2( POOL_FLAG_NON_PAGED, size, AllocTag ))
+#define TCalloc(size) ((void *) ExAllocatePoolUninitialized( NonPagedPoolNx , size, AllocTag ))
#define TCfree(memblock) ExFreePoolWithTag( memblock, AllocTag )
#define DEVICE_DRIVER
diff --git a/src/Core/CoreBase.h b/src/Core/CoreBase.h
index e646fce3..7f830336 100644
--- a/src/Core/CoreBase.h
+++ b/src/Core/CoreBase.h
@@ -77,10 +77,8 @@ namespace VeraCrypt
virtual void SetFileOwner (const FilesystemPath &path, const UserId &owner) const = 0;
virtual DirectoryPath SlotNumberToMountPoint (VolumeSlotNumber slotNumber) const = 0;
virtual void WipePasswordCache () const = 0;
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
virtual void ForceUseDummySudoPassword (bool useDummySudoPassword) { UseDummySudoPassword = useDummySudoPassword;}
virtual bool GetUseDummySudoPassword () const { return UseDummySudoPassword;}
-#endif
Event VolumeDismountedEvent;
Event VolumeMountedEvent;
@@ -91,9 +89,7 @@ namespace VeraCrypt
bool DeviceChangeInProgress;
FilePath ApplicationExecutablePath;
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
bool UseDummySudoPassword;
-#endif
private:
CoreBase (const CoreBase &);
diff --git a/src/Core/Unix/CoreService.cpp b/src/Core/Unix/CoreService.cpp
index 6d0f05e5..e4b75dd3 100644
--- a/src/Core/Unix/CoreService.cpp
+++ b/src/Core/Unix/CoreService.cpp
@@ -292,41 +292,33 @@ namespace VeraCrypt
while (!ElevatedServiceAvailable)
{
// Test if the user has an active "sudo" session.
- // This is only done under Linux / FreeBSD by executing the command 'sudo -n uptime'.
- // In case a "sudo" session is active, the result of the command contains the string 'load average'.
- // Otherwise, the result contains "sudo: a password is required".
- // This may not work on all OSX versions because of a bug in sudo in its version 1.7.10,
- // therefore we keep the old behaviour of sending a 'dummy' password under OSX.
- // See : https://superuser.com/questions/902826/why-does-sudo-n-on-mac-os-x-always-return-0
- //
- // If for some reason we are getting empty output from pipe, we revert to old behavior
- // We also use the old way if the user is forcing the use of dummy password for sudo
-
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
bool authCheckDone = false;
if (!Core->GetUseDummySudoPassword ())
- {
- std::vector<char> buffer(128, 0);
- std::string result;
-
- FILE* pipe = popen("sudo -n uptime 2>&1 | grep 'load average' | wc -l | tr -d '[:blank:]'", "r"); // We redirect stderr to stdout (2>&1) to be able to catch the result of the command
+ {
+ // sudo man page: "If the -l option was specified without a command, sudo, will exit
+ // with a value of 0 if the user is allowed to run sudo, and they authenticated successfully"
+ // We are using -n to avoid prompting the user for a password.
+ // We are redirecting stderr to stdout and discarding both to avoid any output.
+ // This approach also works on newer macOS versions (12.0 and later).
+ FILE* pipe = popen("sudo -n -l > /dev/null 2>&1", "r"); // redirect stderr to stdout and discard both.
if (pipe)
{
- while (!feof(pipe))
- {
- if (fgets(buffer.data(), 128, pipe) != nullptr)
- result += buffer.data();
- }
-
- fflush(pipe);
- pclose(pipe);
+ // We only care about the exit code
+ char buf[128];
+ while (!feof(pipe))
+ {
+ if (fgets(buf, sizeof(buf), pipe) == NULL)
+ break;
+ }
+ int status = pclose(pipe);
pipe = NULL;
- if (!result.empty() && strlen(result.c_str()) != 0)
- {
- authCheckDone = true;
- if (result[0] == '0') // no line found with "load average" text, rerquest admin password
- (*AdminPasswordCallback) (request.AdminPassword);
+ authCheckDone = true;
+
+ // If exit code != 0, user does NOT have an active session => request password
+ if (status != 0)
+ {
+ (*AdminPasswordCallback)(request.AdminPassword);
}
}
@@ -336,7 +328,7 @@ namespace VeraCrypt
request.FastElevation = false;
}
}
-#endif
+
try
{
request.Serialize (ServiceInputStream);
@@ -353,9 +345,8 @@ namespace VeraCrypt
}
request.FastElevation = false;
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
+
if(!authCheckDone)
-#endif
(*AdminPasswordCallback) (request.AdminPassword);
}
}
diff --git a/src/Driver/Driver.vcxproj b/src/Driver/Driver.vcxproj
index 7f135b35..60585351 100644
--- a/src/Driver/Driver.vcxproj
+++ b/src/Driver/Driver.vcxproj
@@ -37,7 +37,7 @@
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
- <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION>
+ <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
@@ -46,7 +46,7 @@
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
- <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION>
+ <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
@@ -55,7 +55,7 @@
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
- <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION>
+ <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|ARM64'" Label="Configuration">
<TargetVersion>Windows10</TargetVersion>
@@ -64,7 +64,7 @@
<ConfigurationType>Driver</ConfigurationType>
<DriverType>WDM</DriverType>
<DriverTargetPlatform>Universal</DriverTargetPlatform>
- <_NT_TARGET_VERSION>0xA000008</_NT_TARGET_VERSION>
+ <_NT_TARGET_VERSION>0xA000006</_NT_TARGET_VERSION>
</PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
<ImportGroup Label="ExtensionSettings">
diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c
index 91399c47..de1e4fdc 100644
--- a/src/Driver/EncryptedIoQueue.c
+++ b/src/Driver/EncryptedIoQueue.c
@@ -225,39 +225,79 @@ static void ReleaseFragmentBuffer (EncryptedIoQueue *queue, uint8 *buffer)
}
}
-BOOL
+BOOL
UpdateBuffer(
- uint8* buffer,
- uint8* secRegion,
- uint64 bufferDiskOffset,
- uint32 bufferLength,
- BOOL doUpadte
- )
+ uint8* buffer,
+ uint8* secRegion,
+ SIZE_T secRegionSize,
+ uint64 bufferDiskOffset,
+ uint32 bufferLength,
+ BOOL doUpadte
+)
{
uint64 intersectStart;
uint32 intersectLength;
uint32 i;
- DCS_DISK_ENTRY_LIST *DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512);
+ DCS_DISK_ENTRY_LIST *DeList = NULL;
BOOL updated = FALSE;
- if (secRegion == NULL) return FALSE;
+ if (secRegion == NULL)
+ return FALSE;
+
+ // Check if secRegion is large enough to hold the DCS_DISK_ENTRY_LIST structure
+ // starting at offset 512
+ if (secRegionSize < (512 + sizeof(DCS_DISK_ENTRY_LIST)))
+ return FALSE;
+
+ DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512);
+
+ // Ensure Count doesn't exceed the fixed array size
+ if (DeList->Count > 15)
+ return FALSE;
+
for (i = 0; i < DeList->Count; ++i) {
if (DeList->DE[i].Type == DE_Sectors) {
+ uint64 sectorStart = DeList->DE[i].Sectors.Start;
+ uint64 sectorLength = DeList->DE[i].Sectors.Length;
+ uint64 sectorOffset = DeList->DE[i].Sectors.Offset;
+
+ // Check that sectorOffset and sectorLength are valid within secRegion
+ if (sectorOffset > secRegionSize ||
+ sectorLength == 0 ||
+ (sectorOffset + sectorLength) > secRegionSize)
+ {
+ // Invalid entry - skip
+ continue;
+ }
+
GetIntersection(
bufferDiskOffset, bufferLength,
- DeList->DE[i].Sectors.Start, DeList->DE[i].Sectors.Start + DeList->DE[i].Sectors.Length - 1,
+ sectorStart, sectorStart + sectorLength - 1,
&intersectStart, &intersectLength
- );
+ );
+
if (intersectLength != 0) {
+ uint64 bufferPos = intersectStart - bufferDiskOffset;
+ uint64 regionPos = sectorOffset + (intersectStart - sectorStart);
+
+ // Check buffer boundaries
+ if (bufferPos + intersectLength > bufferLength)
+ continue; // Intersection out of buffer range
+
+ // Check secRegion boundaries
+ if (regionPos + intersectLength > secRegionSize)
+ continue; // Intersection out of secRegion range
+
updated = TRUE;
- if(doUpadte && buffer != NULL) {
-// Dump("Subst data\n");
+ if (doUpadte && buffer != NULL) {
memcpy(
- buffer + (intersectStart - bufferDiskOffset),
- secRegion + DeList->DE[i].Sectors.Offset + (intersectStart - DeList->DE[i].Sectors.Start),
+ buffer + bufferPos,
+ secRegion + regionPos,
intersectLength
- );
- } else {
+ );
+ }
+ else {
+ // If no update is needed but intersection found
return TRUE;
}
}
@@ -287,7 +327,7 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex
// If no active work items remain, signal the event
if (InterlockedDecrement(&queue->ActiveWorkItems) == 0)
{
- KeSetEvent(&queue->NoActiveWorkItemsEvent, IO_NO_INCREMENT, FALSE);
+ KeSetEvent(&queue->NoActiveWorkItemsEvent, IO_DISK_INCREMENT, FALSE);
}
// Return the work item to the free list
@@ -296,7 +336,7 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex
KeReleaseSpinLock(&queue->WorkItemLock, oldIrql);
// Release the semaphore to signal that a work item is available
- KeReleaseSemaphore(&queue->WorkItemSemaphore, IO_NO_INCREMENT, 1, FALSE);
+ KeReleaseSemaphore(&queue->WorkItemSemaphore, IO_DISK_INCREMENT, 1, FALSE);
// Free the item
ReleasePoolBuffer(queue, item);
@@ -378,7 +418,7 @@ static VOID CompletionThreadProc(PVOID threadArg)
// Dump("Read sector %lld count %d\n", request->Offset.QuadPart >> 9, request->Length >> 9);
// Update subst sectors
if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) {
- UpdateBuffer(request->Data, queue->SecRegionData, request->Offset.QuadPart, request->Length, TRUE);
+ UpdateBuffer(request->Data, queue->SecRegionData, queue->SecRegionSize, request->Offset.QuadPart, request->Length, TRUE);
}
if (request->CompleteOriginalIrp)
@@ -731,7 +771,7 @@ static VOID MainThreadProc (PVOID threadArg)
}
// Update subst sectors
if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) {
- UpdateBuffer(buffer, queue->SecRegionData, alignedOffset.QuadPart, alignedLength, TRUE);
+ UpdateBuffer(buffer, queue->SecRegionData, queue->SecRegionSize, alignedOffset.QuadPart, alignedLength, TRUE);
}
memcpy (dataBuffer, buffer + (item->OriginalOffset.LowPart & (ENCRYPTION_DATA_UNIT_SIZE - 1)), item->OriginalLength);
@@ -824,7 +864,7 @@ static VOID MainThreadProc (PVOID threadArg)
}
else if (item->Write
&& (queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)
- && UpdateBuffer (NULL, queue->SecRegionData, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE))
+ && UpdateBuffer (NULL, queue->SecRegionData, queue->SecRegionSize, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE))
{
// Prevent inappropriately designed software from damaging important data
Dump ("Preventing write to the system GPT area\n");
diff --git a/src/Main/CommandLineInterface.cpp b/src/Main/CommandLineInterface.cpp
index 735cbeef..08042c9e 100644
--- a/src/Main/CommandLineInterface.cpp
+++ b/src/Main/CommandLineInterface.cpp
@@ -32,9 +32,7 @@ namespace VeraCrypt
ArgAllowScreencapture (false),
ArgDisableFileSizeCheck (false),
ArgUseLegacyPassword (false),
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
ArgUseDummySudoPassword (false),
-#endif
StartBackgroundTask (false)
{
wxCmdLineParser parser;
@@ -376,9 +374,7 @@ namespace VeraCrypt
ArgDisableFileSizeCheck = parser.Found (L"no-size-check");
ArgUseLegacyPassword = parser.Found (L"legacy-password-maxlength");
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
ArgUseDummySudoPassword = parser.Found (L"use-dummy-sudo-password");
-#endif
#if !defined(TC_WINDOWS) && !defined(TC_MACOSX)
if (parser.Found (L"fs-options", &str))
diff --git a/src/Main/CommandLineInterface.h b/src/Main/CommandLineInterface.h
index f773ca6f..7e7b1054 100644
--- a/src/Main/CommandLineInterface.h
+++ b/src/Main/CommandLineInterface.h
@@ -87,9 +87,7 @@ namespace VeraCrypt
bool ArgAllowScreencapture;
bool ArgDisableFileSizeCheck;
bool ArgUseLegacyPassword;
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
bool ArgUseDummySudoPassword;
-#endif
bool StartBackgroundTask;
UserPreferences Preferences;
diff --git a/src/Main/UserInterface.cpp b/src/Main/UserInterface.cpp
index b216101a..4bb8bcda 100644
--- a/src/Main/UserInterface.cpp
+++ b/src/Main/UserInterface.cpp
@@ -496,8 +496,8 @@ namespace VeraCrypt
EX2MSG (PasswordOrKeyboardLayoutIncorrect, LangString["PASSWORD_OR_KEYFILE_WRONG"] + LangString["LINUX_EX2MSG_PASSWORDORKEYBOARDLAYOUTINCORRECT"]);
EX2MSG (PasswordOrMountOptionsIncorrect, LangString["PASSWORD_OR_KEYFILE_OR_MODE_WRONG"] + LangString["LINUX_EX2MSG_PASSWORDORMOUNTOPTIONSINCORRECT"]);
EX2MSG (PasswordTooLong, StringFormatter (LangString["LINUX_EX2MSG_PASSWORDTOOLONG"], (int) VolumePassword::MaxSize));
- EX2MSG (PasswordUTF8TooLong, LangString["PASSWORD_UTF8_TOO_LONG"]);
- EX2MSG (PasswordLegacyUTF8TooLong, LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"]);
+ EX2MSG (PasswordUTF8TooLong, StringFormatter (LangString["PASSWORD_UTF8_TOO_LONG"], (int) VolumePassword::MaxSize));
+ EX2MSG (PasswordLegacyUTF8TooLong, StringFormatter (LangString["LEGACY_PASSWORD_UTF8_TOO_LONG"], (int) VolumePassword::MaxLegacySize));
EX2MSG (PasswordUTF8Invalid, LangString["PASSWORD_UTF8_INVALID"]);
EX2MSG (PartitionDeviceRequired, LangString["LINUX_EX2MSG_PARTITIONDEVICEREQUIRED"]);
EX2MSG (ProtectionPasswordIncorrect, LangString["LINUX_EX2MSG_PROTECTIONPASSWORDINCORRECT"]);
@@ -570,9 +570,7 @@ namespace VeraCrypt
Core->SetAdminPasswordCallback (shared_ptr <GetStringFunctor> (new AdminPasswordRequestHandler));
}
-#if defined(TC_LINUX ) || defined (TC_FREEBSD)
Core->ForceUseDummySudoPassword (CmdLine->ArgUseDummySudoPassword);
-#endif
Core->WarningEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnWarning));
Core->VolumeMountedEvent.Connect (EventConnector <UserInterface> (this, &UserInterface::OnVolumeMounted));