From e95c075f0cce01afa3b0367b2345b81a6a16cc5c Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Thu, 14 May 2015 23:10:38 +0200 Subject: Windows driver: avoid race condition by using IoAttachDeviceToDeviceStackSafe instead IoAttachDeviceToDeviceStack. Set BootArgs.CryptoInfoLength to 0 after clearing boot memory. --- src/Driver/DriveFilter.c | 16 ++++++++++------ src/Driver/VolumeFilter.c | 7 ++++++- 2 files changed, 16 insertions(+), 7 deletions(-) (limited to 'src/Driver') diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 73a1a535..8bf953a7 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -155,7 +155,12 @@ NTSTATUS DriveFilterAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo) Extension = (DriveFilterExtension *) filterDeviceObject->DeviceExtension; memset (Extension, 0, sizeof (DriveFilterExtension)); - Extension->LowerDeviceObject = IoAttachDeviceToDeviceStack (filterDeviceObject, pdo); // IoAttachDeviceToDeviceStackSafe() is not required in AddDevice routine and is also unavailable on Windows 2000 SP4 + status = IoAttachDeviceToDeviceStackSafe (filterDeviceObject, pdo, &(Extension->LowerDeviceObject)); + if (!NT_SUCCESS (status)) + { + goto err; + } + if (!Extension->LowerDeviceObject) { status = STATUS_DEVICE_REMOVED; @@ -276,6 +281,9 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, PHYSICAL_ADDRESS cryptoInfoAddress; cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset; +#ifdef DEBUG + Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength); +#endif mappedCryptoInfo = MmMapIoSpace (cryptoInfoAddress, BootArgs.CryptoInfoLength, MmCached); if (mappedCryptoInfo) { @@ -336,13 +344,9 @@ static NTSTATUS MountDrive (DriveFilterExtension *Extension, Password *password, // Erase boot loader scheduled keys if (mappedCryptoInfo) { -#ifdef DEBUG - PHYSICAL_ADDRESS cryptoInfoAddress; - cryptoInfoAddress.QuadPart = (BootLoaderSegment << 4) + BootArgs.CryptoInfoOffset; - Dump ("Wiping memory %x %d\n", cryptoInfoAddress.LowPart, BootArgs.CryptoInfoLength); -#endif burn (mappedCryptoInfo, BootArgs.CryptoInfoLength); MmUnmapIoSpace (mappedCryptoInfo, BootArgs.CryptoInfoLength); + BootArgs.CryptoInfoLength = 0; } BootDriveFilterExtension = Extension; diff --git a/src/Driver/VolumeFilter.c b/src/Driver/VolumeFilter.c index 9789fe0f..ee4b02e7 100644 --- a/src/Driver/VolumeFilter.c +++ b/src/Driver/VolumeFilter.c @@ -42,7 +42,12 @@ NTSTATUS VolumeFilterAddDevice (PDRIVER_OBJECT driverObject, PDEVICE_OBJECT pdo) Extension = (VolumeFilterExtension *) filterDeviceObject->DeviceExtension; memset (Extension, 0, sizeof (VolumeFilterExtension)); - Extension->LowerDeviceObject = IoAttachDeviceToDeviceStack (filterDeviceObject, pdo); // IoAttachDeviceToDeviceStackSafe() is not required in AddDevice routine and is also unavailable on Windows 2000 SP4 + status = IoAttachDeviceToDeviceStackSafe (filterDeviceObject, pdo, &(Extension->LowerDeviceObject)); + if (status != STATUS_SUCCESS) + { + goto err; + } + if (!Extension->LowerDeviceObject) { status = STATUS_DEVICE_REMOVED; -- cgit v1.2.3