Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2026-06-18 02:26:07 -05:00
Code Activity

macOS: block partitioned disk alias bypass

Browse Source 
On macOS, the same whole disk can be addressed as both /dev/diskN and /dev/rdiskN. The GUI creation wizard only compared the selected path against the enumerated raw device path, so manually entering the block-device alias could bypass the existing DEVICE_PARTITIONS_ERR guard and allow formatting a disk that still had partitions.

Add a shared macOS device-path comparison helper that normalizes paths to their raw-device form before comparison. Use it in the GUI wizard so /dev/diskN and /dev/rdiskN are treated as the same whole-disk target while partition paths remain distinct.

Apply the same partitioned whole-device guard in the text/CLI creation path as well, including the macOS alias normalization, so command-line creation cannot format a partitioned top-level disk through an alternate device alias.

Fixes #728
This commit is contained in:
Mounir IDRASSI
2026-05-29 18:32:32 +09:00
parent c8f0efde99
commit 610feb4c28
3 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Main/Forms/VolumeCreationWizard.cpp
+6 -1
View File
@@ -1044,7 +1044,12 @@ namespace VeraCrypt
foreach_ref (const HostDevice &drive, Core->GetHostDevices()) foreach_ref (const HostDevice &drive, Core->GetHostDevices())
{ {
if (drive.Path == SelectedVolumePath && !drive.Partitions.empty()) bool selectedWholeDevice = drive.Path == SelectedVolumePath;
#ifdef TC_MACOSX
selectedWholeDevice = selectedWholeDevice
|| IsSameMacOSXDevicePath (string (drive.Path), string (SelectedVolumePath));
#endif
if (selectedWholeDevice && !drive.Partitions.empty())
{ {
foreach_ref (const HostDevice &partition, drive.Partitions) foreach_ref (const HostDevice &partition, drive.Partitions)
{ {
src/Main/MacOSXFormatterDevice.h
+5
View File
@@ -61,6 +61,11 @@ namespace VeraCrypt
return deviceIdentifier; return deviceIdentifier;
} }
inline bool IsSameMacOSXDevicePath (const string &firstDeviceIdentifier, const string &secondDeviceIdentifier)
{
return GetMacOSXRawDevicePath (firstDeviceIdentifier) == GetMacOSXRawDevicePath (secondDeviceIdentifier);
}
inline string GetMacOSXFormatterName (const string &fsFormatter) inline string GetMacOSXFormatterName (const string &fsFormatter)
{ {
size_t namePos = fsFormatter.find_last_of ('/'); size_t namePos = fsFormatter.find_last_of ('/');
src/Main/TextUserInterface.cpp
+22
View File
@@ -684,6 +684,28 @@ namespace VeraCrypt
} while (options->Path.IsEmpty()); } while (options->Path.IsEmpty());
} }
if (options->Path.IsDevice())
{
foreach_ref (const HostDevice &drive, Core->GetHostDevices())
{
bool selectedWholeDevice = drive.Path == options->Path;
#ifdef TC_MACOSX
selectedWholeDevice = selectedWholeDevice
|| IsSameMacOSXDevicePath (string (drive.Path), string (options->Path));
#endif
if (selectedWholeDevice && !drive.Partitions.empty())
{
foreach_ref (const HostDevice &partition, drive.Partitions)
{
if (partition.MountPoint == "/")
throw_err (LangString["LINUX_ERROR_TRY_ENCRYPT_SYSTEM_DRIVE"]);
}
throw_err (LangString["DEVICE_PARTITIONS_ERR"]);
}
}
}
// Sector size // Sector size
if (options->Path.IsDevice()) if (options->Path.IsDevice())
options->SectorSize = Core->GetDeviceSectorSize (options->Path); options->SectorSize = Core->GetDeviceSectorSize (options->Path);