diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-10-06 16:32:03 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:23:42 +0100 |
commit | effb5c7c1e3df5e709e0fa95d7dadb0969855cf8 (patch) | |
tree | 5b8356dd0eb8943b82887aaa525053dba2c56b11 /src/Boot/Windows/BootSector.asm | |
parent | 50ca9fe46f457a773ab15f4569205c51bf9f96ea (diff) | |
download | VeraCrypt-effb5c7c1e3df5e709e0fa95d7dadb0969855cf8.tar.gz VeraCrypt-effb5c7c1e3df5e709e0fa95d7dadb0969855cf8.zip |
Windows vulnerability fix : finally make bootloader decompressor more robust and secure by adding multiple checks and validation code. This solves the issue found by the Open Crypt Audit project. Note that we had to switch to the slow implementation of the function decode in order to keep the size of the decompressor code under 2K.
Diffstat (limited to 'src/Boot/Windows/BootSector.asm')
-rw-r--r-- | src/Boot/Windows/BootSector.asm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Boot/Windows/BootSector.asm b/src/Boot/Windows/BootSector.asm index 74e8381b..1daaadac 100644 --- a/src/Boot/Windows/BootSector.asm +++ b/src/Boot/Windows/BootSector.asm @@ -134,6 +134,8 @@ checksum_ok: push dx
; Decompress boot loader
+ mov cx, word ptr [start + TC_BOOT_SECTOR_LOADER_LENGTH_OFFSET]
+ push cx ; Compressed data size
push TC_BOOT_LOADER_COMPRESSED_BUFFER_OFFSET + TC_GZIP_HEADER_SIZE ; Compressed data
push TC_MAX_BOOT_LOADER_DECOMPRESSED_SIZE ; Output buffer size
push TC_BOOT_LOADER_DECOMPRESSOR_MEMORY_SIZE + TC_COM_EXECUTABLE_OFFSET ; Output buffer
@@ -145,7 +147,7 @@ checksum_ok: retf
decompressor_ret:
- add sp, 6
+ add sp, 8
pop dx
; Restore boot sector segment
|