From d6aa6536482efa719a44a757ea2622cad86f1e23 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 25 Aug 2014 22:53:08 +0200 Subject: Windows vulnerability fix : avoid kernel pointer disclosure through a call to TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG but restricting this call to Kernel Mode. --- src/Driver/Ntdriver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index 9574483b..ce4ebf51 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -1504,7 +1504,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex break; case TC_IOCTL_GET_SYSTEM_DRIVE_DUMP_CONFIG: - if (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput)) + if ( (ValidateIOBufferSize (Irp, sizeof (GetSystemDriveDumpConfigRequest), ValidateOutput)) + && (Irp->RequestorMode == KernelMode) + ) { GetSystemDriveDumpConfigRequest *request = (GetSystemDriveDumpConfigRequest *) Irp->AssociatedIrp.SystemBuffer; -- cgit v1.2.3