VeraCrypt
aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2019-01-28 12:23:10 +0100
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2019-01-28 17:16:23 +0100
commit54e46c260cf04861c99d8b2590999c1eb33f0cb1 (patch)
tree9e9efbe796269893d59b1c928b5ff7467adfe7fc
parenta20b3083b058901572953364dccbdd4cad8f3c5a (diff)
downloadVeraCrypt-54e46c260cf04861c99d8b2590999c1eb33f0cb1.tar.gz
VeraCrypt-54e46c260cf04861c99d8b2590999c1eb33f0cb1.zip
Windows Driver: force the input size for some IOCTLs to have a fixed value
-rw-r--r--src/Driver/Ntdriver.c30
1 files changed, 28 insertions, 2 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index c76263b0..83c050a8 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1793,12 +1793,20 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
IO_STATUS_BLOCK IoStatus;
LARGE_INTEGER offset;
ACCESS_MASK access = FILE_READ_ATTRIBUTES;
+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
if (!ValidateIOBufferSize (Irp, sizeof (OPEN_TEST_STRUCT), ValidateInputOutput))
break;
+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (OPEN_TEST_STRUCT))
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ Irp->IoStatus.Information = 0;
+ break;
+ }
+
// check that opentest->wszFileName is a device path that starts with "\\Device\\Harddisk"
- // 16 is the length of "\\Device\\Harddisk" which is the mi
+ // 16 is the length of "\\Device\\Harddisk" which is the minimum
if ( !CheckStringLength (opentest->wszFileName, TC_MAX_PATH, 16, (size_t) -1, NULL)
|| (!StringNoCaseCompare (opentest->wszFileName, L"\\Device\\Harddisk", 16))
)
@@ -2445,8 +2453,10 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
if (ValidateIOBufferSize (Irp, sizeof (MOUNT_STRUCT), ValidateInputOutput))
{
MOUNT_STRUCT *mount = (MOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
- if (mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
+ if ((irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (MOUNT_STRUCT))
+ || mount->VolumePassword.Length > MAX_PASSWORD || mount->ProtectedHidVolPassword.Length > MAX_PASSWORD
|| mount->pkcs5_prf < 0 || mount->pkcs5_prf > LAST_PRF_ID
|| mount->VolumePim < -1 || mount->VolumePim == INT_MAX
|| mount->ProtectedHidVolPkcs5Prf < 0 || mount->ProtectedHidVolPkcs5Prf > LAST_PRF_ID
@@ -2479,6 +2489,14 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
{
UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
PDEVICE_OBJECT ListDevice = GetVirtualVolumeDeviceObject (unmount->nDosDriveNo);
+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
+
+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ Irp->IoStatus.Information = 0;
+ break;
+ }
unmount->nReturnCode = ERR_DRIVE_NOT_FOUND;
@@ -2499,6 +2517,14 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
if (ValidateIOBufferSize (Irp, sizeof (UNMOUNT_STRUCT), ValidateInputOutput))
{
UNMOUNT_STRUCT *unmount = (UNMOUNT_STRUCT *) Irp->AssociatedIrp.SystemBuffer;
+ PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
+
+ if (irpSp->Parameters.DeviceIoControl.InputBufferLength != sizeof (UNMOUNT_STRUCT))
+ {
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ Irp->IoStatus.Information = 0;
+ break;
+ }
unmount->nReturnCode = UnmountAllDevices (unmount, unmount->ignoreOpenFiles);