VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-08-31 22:00:23 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 22:23:08 (GMT)
commitf82e16f0a1b2be294b8fcd7e45f8b0d940e53e82 (patch)
treea2874b8ccdba3358d9a7f6b828c418106a95013e
parent4fa4d6d22708231a51bdff93ef3220aa95b6fc80 (diff)
downloadVeraCrypt-f82e16f0a1b2be294b8fcd7e45f8b0d940e53e82.zip
VeraCrypt-f82e16f0a1b2be294b8fcd7e45f8b0d940e53e82.tar.gz
Windows vulnerability fix: correct checking device name to avoid possible bypass attack detected by the Open Crypto Audit project
-rw-r--r--src/Driver/Ntdriver.c18
1 files changed, 17 insertions, 1 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index ce4ebf5..72f35c6 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1734,6 +1734,22 @@ void TCSleep (int milliSeconds)
TCfree (timer);
}
+BOOL IsDeviceName(wchar_t wszVolume[TC_MAX_PATH])
+{
+ if ( (wszVolume[0] == '\\')
+ && (wszVolume[1] == 'D' || wszVolume[1] == 'd')
+ && (wszVolume[2] == 'E' || wszVolume[2] == 'e')
+ && (wszVolume[3] == 'V' || wszVolume[3] == 'v')
+ && (wszVolume[4] == 'I' || wszVolume[4] == 'i')
+ && (wszVolume[5] == 'C' || wszVolume[5] == 'c')
+ && (wszVolume[6] == 'E' || wszVolume[6] == 'e')
+ )
+ {
+ return TRUE;
+ }
+ else
+ return FALSE;
+}
/* VolumeThreadProc does all the work of processing IRP's, and dispatching them
to either the ReadWrite function or the DeviceControl function */
@@ -1749,7 +1765,7 @@ VOID VolumeThreadProc (PVOID Context)
Dump ("Mount THREAD OPENING VOLUME BEGIN\n");
- if (memcmp (pThreadBlock->mount->wszVolume, WIDE ("\\Device"), 14) != 0)
+ if ( !IsDeviceName (pThreadBlock->mount->wszVolume))
{
RtlStringCbCopyW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),WIDE ("\\??\\"));
RtlStringCbCatW (pThreadBlock->wszMountVolume, sizeof(pThreadBlock->wszMountVolume),pThreadBlock->mount->wszVolume);