VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver/Ntdriver.c
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2014-08-25 22:53:08 +0200
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2014-11-08 23:22:54 +0100
commitd6aa6536482efa719a44a757ea2622cad86f1e23 (patch)
treee41deac2e42f5d1c0d62394a1b57c4c718e5e046 /src/Driver/Ntdriver.c
parent6de2c143b95841224b7d93aae5ce00f0ffc62074 (diff)
downloadVeraCrypt-d6aa6536482efa719a44a757ea2622cad86f1e23.tar.gz
VeraCrypt-d6aa6536482efa719a44a757ea2622cad86f1e23.zip
Windows vulnerability fix : avoid kernel pointer disclosure through a call to TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG but restricting this call to Kernel Mode.
Diffstat (limited to 'src/Driver/Ntdriver.c')
-rw-r--r--src/Driver/Ntdriver.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 9574483b..ce4ebf51 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -1504,7 +1504,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
break;
case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG:
- if (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
+ if ( (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput))
+ && (Irp->RequestorMode == KernelMode)
+ )
{
GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer;