From 2784652ab880dcea82aa212096b64d39695012fc Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 5 Apr 2015 22:21:59 +0200 Subject: Windows vulnerability fix: CryptAcquireContext vulnerability fix. Add checks to random generator to abort in case of error and display a diagnose message to the user. --- src/Common/Password.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'src/Common/Password.c') diff --git a/src/Common/Password.c b/src/Common/Password.c index b1584dbe..8014713c 100644 --- a/src/Common/Password.c +++ b/src/Common/Password.c @@ -230,7 +230,13 @@ int ChangePwd (const char *lpszVolume, Password *oldPassword, int old_pkcs5, BOO } if (Randinit ()) + { + if (CryptoAPILastError == ERROR_SUCCESS) + nStatus = ERR_RAND_INIT_FAILED; + else + nStatus = ERR_CAPI_INIT_FAILED; goto error; + } SetRandomPoolEnrichedByUserStatus (FALSE); /* force the display of the random enriching dialog */ -- cgit v1.2.3