VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver/Ntdriver.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-09-01 00:03:26 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:23:10 +0100
commit7c501359b3c6c5c09a60abc6f3831254e592afb1 (patch)
treeb03a3299439f50ea9be731c0541c32e2667ed07f /src/Driver/Ntdriver.c
parentf82e16f0a1b2be294b8fcd7e45f8b0d940e53e82 (diff)
downloadVeraCrypt-7c501359b3c6c5c09a60abc6f3831254e592afb1.tar.gz
VeraCrypt-7c501359b3c6c5c09a60abc6f3831254e592afb1.zip
Windows vulnerability fix: correct some integer overflow issues using the IntSafe library. Detected by the Open Crypto Audit project
Diffstat (limited to 'src/Driver/Ntdriver.c')
-rw-r--r--src/Driver/Ntdriver.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 72f35c67..556badbf 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -34,6 +34,7 @@
#include <ntddvol.h>
#include <Ntstrsafe.h>
+#include <Intsafe.h>
/* Init section, which is thrown away as soon as DriverEntry returns */
#pragma alloc_text(INIT,DriverEntry)
@@ -704,10 +705,20 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
case IOCTL_DISK_VERIFY:
if (ValidateIOBufferSize (Irp, sizeof (VERIFY_INFORMATION), ValidateInput))
{
+ HRESULT hResult;
+ ULONGLONG ullStartingOffset, ullNewOffset, ullEndOffset;
PVERIFY_INFORMATION pVerifyInformation;
pVerifyInformation = (PVERIFY_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
- if (pVerifyInformation->StartingOffset.QuadPart + pVerifyInformation->Length > Extension->DiskLength)
+ ullStartingOffset = (ULONGLONG) pVerifyInformation->StartingOffset.QuadPart;
+ hResult = ULongLongAdd(ullStartingOffset,
+ (ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset,
+ &ullNewOffset);
+ if (hResult != S_OK)
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ else if (S_OK != ULongLongAdd(ullNewOffset, (ULONGLONG) pVerifyInformation->Length, &ullEndOffset))
+ Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
+ else if (ullEndOffset > (ULONGLONG) Extension->DiskLength)
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
else
{
@@ -721,7 +732,7 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
- offset.QuadPart += Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset;
+ offset.QuadPart = ullNewOffset;
Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
TCfree (buffer);