From 8e2c5ca45ee2e7d16dd45e96e403d85a6ccdc7f0 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Sat, 1 Oct 2016 15:36:20 +0200
Subject: Securely erase and protect buffer holding decrypted volume header.

---
 src/Common/Volumes.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c
index 178f47f0..0940941d 100644
--- a/src/Common/Volumes.c
+++ b/src/Common/Volumes.c
@@ -249,6 +249,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int
 #if !defined(DEVICE_DRIVER) 
 	VirtualLock (&keyInfo, sizeof (keyInfo));
 	VirtualLock (&dk, sizeof (dk));
+	VirtualLock (&header, sizeof (header));
 #endif
 #endif //  !defined(_UEFI)
 
@@ -571,10 +572,12 @@ err:
 ret:
 	burn (&keyInfo, sizeof (keyInfo));
 	burn (dk, sizeof(dk));
+	burn (header, sizeof(header));
 
 #if !defined(DEVICE_DRIVER) && !defined(_UEFI)
 	VirtualUnlock (&keyInfo, sizeof (keyInfo));
 	VirtualUnlock (&dk, sizeof (dk));
+	VirtualUnlock (&header, sizeof (header));
 #endif
 
 #if !defined(_UEFI)
-- 
cgit v1.2.3