VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Common/Password.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-08-31 23:56:37 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:23:05 +0100
commit4fa4d6d22708231a51bdff93ef3220aa95b6fc80 (patch)
treee4ad7b2f67f98699c4964f1152120e49329ffb0d /src/Common/Password.c
parente0efb36f337be3e57e528addd714e10745da6d1f (diff)
downloadVeraCrypt-4fa4d6d22708231a51bdff93ef3220aa95b6fc80.tar.gz
VeraCrypt-4fa4d6d22708231a51bdff93ef3220aa95b6fc80.zip
Windows vulnerability fix: correct possible BSOD attack targeted towards GetWipePassCount() / WipeBuffer() found by the Open Crypto Audit Project.
Diffstat (limited to 'src/Common/Password.c')
-rw-r--r--src/Common/Password.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/src/Common/Password.c b/src/Common/Password.c
index c23bd4fa..b1fa83ef 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -143,6 +143,13 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, Password *newPassw
if (oldPassword->Length == 0 || newPassword->Length == 0) return -1;
+ if (wipePassCount <= 0)
+ {
+ nStatus = ERR_PARAMETER_INCORRECT;
+ handleError (hwndDlg, nStatus);
+ return nStatus;
+ }
+
if (!lpszVolume)
{
nStatus = ERR_OUTOFMEMORY;