Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 19:08:26 -06:00
Code Activity

Windows: fix issue with fastCreate by requesting SE_MANAGE_VOLUME_NAME privilege before calling CreateFile

Browse Source 
This ensures that the returned handle inherits the privilege
This commit is contained in:
Mounir IDRASSI
2023-07-16 11:08:24 +02:00
parent c759c2230b
commit 6267b91931
1 changed files with 28 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
src/Common/Format.c
View File

@@ -344,6 +344,26 @@ begin_format:
else else
{ {
/* File-hosted volume */ /* File-hosted volume */
BOOL speedupFileCreation = FALSE;
// speedup for file creation only makes sens when using quick format for non hidden volumes
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys && volParams->quickFormat && volParams->fastCreateFile)
{
// we set required privileges to speedup file creation before we create the file so that the file handle inherits the privileges
if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE))
{
DWORD dwLastError = GetLastError();
if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO))
{
SetLastError(dwLastError);
nStatus = ERR_OS_ERROR;
goto error;
}
}
else
{
speedupFileCreation = TRUE;
}
}
dev = CreateFile (volParams->volumePath, GENERIC_READ | GENERIC_WRITE, dev = CreateFile (volParams->volumePath, GENERIC_READ | GENERIC_WRITE,
(volParams->hiddenVol || bInstantRetryOtherFilesys) ? (FILE_SHARE_READ | FILE_SHARE_WRITE) : 0, (volParams->hiddenVol || bInstantRetryOtherFilesys) ? (FILE_SHARE_READ | FILE_SHARE_WRITE) : 0,
@@ -373,13 +393,8 @@ begin_format:
if (!volParams->hiddenVol && !bInstantRetryOtherFilesys) if (!volParams->hiddenVol && !bInstantRetryOtherFilesys)
{ {
LARGE_INTEGER volumeSize; LARGE_INTEGER volumeSize;
BOOL speedupFileCreation = FALSE;
volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE; volumeSize.QuadPart = dataAreaSize + TC_VOLUME_HEADER_GROUP_SIZE;
// speedup for file creation only makes sens when using quick format
if (volParams->quickFormat && volParams->fastCreateFile)
speedupFileCreation = TRUE;
if (volParams->sparseFileSwitch && volParams->quickFormat) if (volParams->sparseFileSwitch && volParams->quickFormat)
{ {
// Create as sparse file container // Create as sparse file container
@@ -401,28 +416,15 @@ begin_format:
if (speedupFileCreation) if (speedupFileCreation)
{ {
if (!SetPrivilege(SE_MANAGE_VOLUME_NAME, TRUE)) // accelerate file creation by telling Windows not to fill all file content with zeros
// this has security issues since it will put existing disk content into file container
// We use this mechanism only when switch /fastCreateFile specific and when quick format
// also specified and which is documented to have security issues.
// we don't check returned status because failure is not issue for us
if (!SetFileValidData (dev, volumeSize.QuadPart))
{ {
DWORD dwLastError = GetLastError(); nStatus = ERR_OS_ERROR;
if (Silent || (MessageBoxW(hwndDlg, GetString ("ADMIN_PRIVILEGES_WARN_MANAGE_VOLUME"), lpszTitle, MB_YESNO | MB_ICONWARNING | MB_DEFBUTTON2) == IDNO)) goto error;
{
SetLastError(dwLastError);
nStatus = ERR_OS_ERROR;
goto error;
}
}
else
{
// accelerate file creation by telling Windows not to fill all file content with zeros
// this has security issues since it will put existing disk content into file container
// We use this mechanism only when switch /fastCreateFile specific and when quick format
// also specified and which is documented to have security issues.
// we don't check returned status because failure is not issue for us
if (!SetFileValidData (dev, volumeSize.QuadPart))
{
nStatus = ERR_OS_ERROR;
goto error;
}
} }
} }