From 4fa4d6d22708231a51bdff93ef3220aa95b6fc80 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sun, 31 Aug 2014 23:56:37 +0200 Subject: Windows vulnerability fix: correct possible BSOD attack targeted towards GetWipePassCount() / WipeBuffer() found by the Open Crypto Audit Project. --- src/Format/InPlace.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'src/Format/InPlace.c') diff --git a/src/Format/InPlace.c b/src/Format/InPlace.c index b1bfac98..5c8cb3b4 100644 --- a/src/Format/InPlace.c +++ b/src/Format/InPlace.c @@ -861,10 +861,18 @@ inplace_enc_read: if (wipeAlgorithm != TC_WIPE_NONE) { byte wipePass; + int wipePassCount = GetWipePassCount (wipeAlgorithm); + + if (wipePassCount <= 0) + { + SetLastError (ERROR_INVALID_PARAMETER); + nStatus = ERR_PARAMETER_INCORRECT; + goto closing_seq; + } offset.QuadPart = masterCryptoInfo->EncryptedAreaStart.Value - workChunkSize; - for (wipePass = 1; wipePass <= GetWipePassCount (wipeAlgorithm); ++wipePass) + for (wipePass = 1; wipePass <= wipePassCount; ++wipePass) { if (!WipeBuffer (wipeAlgorithm, wipeRandChars, wipePass, wipeBuffer, workChunkSize)) { -- cgit v1.2.3