VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver
diff options
context:
space:
mode:
authorMounir IDRASSI <mounir.idrassi@idrix.fr>2015-09-21 15:12:50 (GMT)
committerMounir IDRASSI <mounir.idrassi@idrix.fr>2015-09-26 15:44:03 (GMT)
commit9b24da3398581da1fa66c6b8f682bbcfa7ded4fd (patch)
tree2bac6d8a51f43dfe559f5283b96c02350b12a1dd /src/Driver
parentb7f9df6e4f09ba342fdbbadc63af5062cc57eaf2 (diff)
downloadVeraCrypt-9b24da3398581da1fa66c6b8f682bbcfa7ded4fd.zip
VeraCrypt-9b24da3398581da1fa66c6b8f682bbcfa7ded4fd.tar.gz
Windows Driver: Fix inherited TrueCrypt local elevation of privilege vulnerability caused by abusing the drive letter symbolic link creation facilities to remap the main system drive. Thanks to James Forshaw (Google) for reporting this issue and for helping implementing the fix.
Diffstat (limited to 'src/Driver')
-rw-r--r--src/Driver/Ntdriver.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index 8c33a89..3e78fab 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -3063,18 +3063,19 @@ BOOL IsDriveLetterAvailable (int nDosDriveNo)
UNICODE_STRING objectName;
WCHAR link[128];
HANDLE handle;
+ NTSTATUS ntStatus;
TCGetDosNameFromNumber (link, sizeof(link),nDosDriveNo);
RtlInitUnicodeString (&objectName, link);
InitializeObjectAttributes (&objectAttributes, &objectName, OBJ_KERNEL_HANDLE | OBJ_CASE_INSENSITIVE, NULL, NULL);
- if (NT_SUCCESS (ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes)))
+ if (NT_SUCCESS (ntStatus = ZwOpenSymbolicLinkObject (&handle, GENERIC_READ, &objectAttributes)))
{
ZwClose (handle);
return FALSE;
}
- return TRUE;
+ return (ntStatus == STATUS_OBJECT_NAME_NOT_FOUND)? TRUE : FALSE;
}