Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows Driver: make UpdateBuffer function more robust by adding security region size parameter

Browse Source
This commit is contained in:
Mounir IDRASSI
2024-12-25 16:09:10 +01:00
parent 650984c958
commit 283059523d
1 changed files with 60 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
src/Driver/EncryptedIoQueue.c
View File

@@ -229,35 +229,75 @@ BOOL
UpdateBuffer( UpdateBuffer(
uint8* buffer, uint8* buffer,
uint8* secRegion, uint8* secRegion,
SIZE_T secRegionSize,
uint64 bufferDiskOffset, uint64 bufferDiskOffset,
uint32 bufferLength, uint32 bufferLength,
BOOL doUpadte BOOL doUpadte
) )
{ {
uint64 intersectStart; uint64 intersectStart;
uint32 intersectLength; uint32 intersectLength;
uint32 i; uint32 i;
DCS_DISK_ENTRY_LIST *DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512); DCS_DISK_ENTRY_LIST *DeList = NULL;
BOOL updated = FALSE; BOOL updated = FALSE;
if (secRegion == NULL) return FALSE; if (secRegion == NULL)
return FALSE;
// Check if secRegion is large enough to hold the DCS_DISK_ENTRY_LIST structure
// starting at offset 512
if (secRegionSize < (512 + sizeof(DCS_DISK_ENTRY_LIST)))
return FALSE;
DeList = (DCS_DISK_ENTRY_LIST*)(secRegion + 512);
// Ensure Count doesn't exceed the fixed array size
if (DeList->Count > 15)
return FALSE;
for (i = 0; i < DeList->Count; ++i) { for (i = 0; i < DeList->Count; ++i) {
if (DeList->DE[i].Type == DE_Sectors) { if (DeList->DE[i].Type == DE_Sectors) {
uint64 sectorStart = DeList->DE[i].Sectors.Start;
uint64 sectorLength = DeList->DE[i].Sectors.Length;
uint64 sectorOffset = DeList->DE[i].Sectors.Offset;
// Check that sectorOffset and sectorLength are valid within secRegion
if (sectorOffset > secRegionSize ||
sectorLength == 0 ||
(sectorOffset + sectorLength) > secRegionSize)
{
// Invalid entry - skip
continue;
}
GetIntersection( GetIntersection(
bufferDiskOffset, bufferLength, bufferDiskOffset, bufferLength,
DeList->DE[i].Sectors.Start, DeList->DE[i].Sectors.Start + DeList->DE[i].Sectors.Length - 1, sectorStart, sectorStart + sectorLength - 1,
&intersectStart, &intersectLength &intersectStart, &intersectLength
); );
if (intersectLength != 0) { if (intersectLength != 0) {
uint64 bufferPos = intersectStart - bufferDiskOffset;
uint64 regionPos = sectorOffset + (intersectStart - sectorStart);
// Check buffer boundaries
if (bufferPos + intersectLength > bufferLength)
continue; // Intersection out of buffer range
// Check secRegion boundaries
if (regionPos + intersectLength > secRegionSize)
continue; // Intersection out of secRegion range
updated = TRUE; updated = TRUE;
if(doUpadte && buffer != NULL) { if (doUpadte && buffer != NULL) {
// Dump("Subst data\n");
memcpy( memcpy(
buffer + (intersectStart - bufferDiskOffset), buffer + bufferPos,
secRegion + DeList->DE[i].Sectors.Offset + (intersectStart - DeList->DE[i].Sectors.Start), secRegion + regionPos,
intersectLength intersectLength
); );
} else { }
else {
// If no update is needed but intersection found
return TRUE; return TRUE;
} }
} }
@@ -378,7 +418,7 @@ static VOID CompletionThreadProc(PVOID threadArg)
// Dump("Read sector %lld count %d\n", request->Offset.QuadPart >> 9, request->Length >> 9); // Dump("Read sector %lld count %d\n", request->Offset.QuadPart >> 9, request->Length >> 9);
// Update subst sectors // Update subst sectors
if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) { if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) {
UpdateBuffer(request->Data, queue->SecRegionData, request->Offset.QuadPart, request->Length, TRUE); UpdateBuffer(request->Data, queue->SecRegionData, queue->SecRegionSize, request->Offset.QuadPart, request->Length, TRUE);
} }
if (request->CompleteOriginalIrp) if (request->CompleteOriginalIrp)
@@ -731,7 +771,7 @@ static VOID MainThreadProc (PVOID threadArg)
} }
// Update subst sectors // Update subst sectors
if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) { if((queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)) {
UpdateBuffer(buffer, queue->SecRegionData, alignedOffset.QuadPart, alignedLength, TRUE); UpdateBuffer(buffer, queue->SecRegionData, queue->SecRegionSize, alignedOffset.QuadPart, alignedLength, TRUE);
} }
memcpy (dataBuffer, buffer + (item->OriginalOffset.LowPart & (ENCRYPTION_DATA_UNIT_SIZE - 1)), item->OriginalLength); memcpy (dataBuffer, buffer + (item->OriginalOffset.LowPart & (ENCRYPTION_DATA_UNIT_SIZE - 1)), item->OriginalLength);
@@ -824,7 +864,7 @@ static VOID MainThreadProc (PVOID threadArg)
} }
else if (item->Write else if (item->Write
&& (queue->SecRegionData != NULL) && (queue->SecRegionSize > 512) && (queue->SecRegionData != NULL) && (queue->SecRegionSize > 512)
&& UpdateBuffer (NULL, queue->SecRegionData, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE)) && UpdateBuffer (NULL, queue->SecRegionData, queue->SecRegionSize, item->OriginalOffset.QuadPart, (uint32)(item->OriginalOffset.QuadPart + item->OriginalLength - 1), FALSE))
{ {
// Prevent inappropriately designed software from damaging important data // Prevent inappropriately designed software from damaging important data
Dump ("Preventing write to the system GPT area\n"); Dump ("Preventing write to the system GPT area\n");