VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2015-08-29 23:25:34 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2015-08-31 00:30:56 +0200
commitdc6c279339f8e3a18569afce002fc9329cebeeb7 (patch)
tree076eed9dc70514fbf3718d9819dcf362b591c6bd
parent2f2cb6b7aef0bc297269916c47149faee08a968f (diff)
downloadVeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.tar.gz
VeraCrypt-dc6c279339f8e3a18569afce002fc9329cebeeb7.zip
Windows Driver: Protect captured subject context during processing of user access token.
-rw-r--r--src/Driver/Ntdriver.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index d292acb9..a5965c96 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -2653,6 +2653,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
PACCESS_TOKEN accessToken;
SeCaptureSubjectContext (&subContext);
+ SeLockSubjectContext(&subContext);
accessToken = SeQuerySubjectContextToken (&subContext);
if (!accessToken)
@@ -2678,6 +2679,7 @@ NTSTATUS MountDevice (PDEVICE_OBJECT DeviceObject, MOUNT_STRUCT *mount)
}
}
+ SeUnlockSubjectContext(&subContext);
SeReleaseSubjectContext (&subContext);
if (NT_SUCCESS (ntStatus))