From 34f3c055ed6c0031bdc927305eab06ae94f79b99 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sat, 1 Oct 2016 22:54:48 +0200
Subject: Windows: in function CreateVolumeHeaderInMemory, properly unlock and
 erase sensitive stack memory.

---
 src/Common/Volumes.c | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 0940941d..c7f5ce09 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -870,7 +870,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 #endif
 		{
 			crypto_close (cryptoInfo);
-			return ERR_CIPHER_INIT_WEAK_KEY;
+			retVal = ERR_CIPHER_INIT_WEAK_KEY;
+			goto err;
 		}
 	}
 	else
@@ -912,7 +913,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 #endif
 	{
 		crypto_close (cryptoInfo);
-		return ERR_CIPHER_INIT_WEAK_KEY; 
+		retVal = ERR_CIPHER_INIT_WEAK_KEY; 
+		goto err;
 	}
 
 	if (password)
@@ -961,7 +963,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 #endif
 		{
 			crypto_close (cryptoInfo);
-			return ERR_CIPHER_INIT_WEAK_KEY; 
+			retVal = ERR_CIPHER_INIT_WEAK_KEY; 
+			goto err;
 		}
 	}
 
@@ -1045,14 +1048,15 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	if (retVal != ERR_SUCCESS)
 	{
 		crypto_close (cryptoInfo);
-		return retVal;
+		goto err;
 	}
 
 	// Mode of operation
 	if (!EAInitMode (cryptoInfo))
 	{
 		crypto_close (cryptoInfo);
-		return ERR_OUTOFMEMORY;
+		retVal = ERR_OUTOFMEMORY;
+		goto err;
 	}
 
 
@@ -1069,7 +1073,7 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	if (retVal != ERR_SUCCESS)
 	{
 		crypto_close (cryptoInfo);
-		return retVal;
+		goto err;
 	}
 
 	memcpy (cryptoInfo->master_keydata, keyInfo.master_keydata, MASTER_KEYDATA_SIZE);
@@ -1086,7 +1090,8 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	if (!EAInitMode (cryptoInfo))
 	{
 		crypto_close (cryptoInfo);
-		return ERR_OUTOFMEMORY;
+		retVal = ERR_OUTOFMEMORY;
+		goto err;
 	}
 
 
@@ -1132,10 +1137,16 @@ int CreateVolumeHeaderInMemory (HWND hwndDlg, BOOL bBoot, char *header, int ea,
 	}
 #endif	// #ifdef VOLFORMAT
 
+	*retInfo = cryptoInfo;
+
+err:
 	burn (dk, sizeof(dk));
 	burn (&keyInfo, sizeof (keyInfo));
+#if !defined(_UEFI)
+	VirtualUnlock (&keyInfo, sizeof (keyInfo));
+	VirtualUnlock (&dk, sizeof (dk));
+#endif // !defined(_UEFI)
 
-	*retInfo = cryptoInfo;
 	return 0;
 }
 
-- 
cgit v1.2.3