Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-11 11:08:02 -06:00
Code Activity

Windows vulnerability fix: correct some integer overflow issues using the IntSafe library. Detected by the Open Crypto Audit project

Browse Source
This commit is contained in:
Mounir IDRASSI
2014-09-01 00:03:26 +02:00
parent f82e16f0a1
commit 7c501359b3
2 changed files with 40 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Driver/Ntdriver.c
View File

@@ -34,6 +34,7 @@
#include <ntddvol.h>
#include <Ntstrsafe.h>
#include <Intsafe.h>
/* Init section, which is thrown away as soon as DriverEntry returns */
#pragma alloc_text(INIT,DriverEntry)
@@ -704,10 +705,20 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
case IOCTL_DISK_VERIFY:
if (ValidateIOBufferSize (Irp, sizeof (VERIFY_INFORMATION), ValidateInput))
{
HRESULT hResult;
ULONGLONG ullStartingOffset, ullNewOffset, ullEndOffset;
PVERIFY_INFORMATION pVerifyInformation;
pVerifyInformation = (PVERIFY_INFORMATION) Irp->AssociatedIrp.SystemBuffer;
if (pVerifyInformation->StartingOffset.QuadPart + pVerifyInformation->Length > Extension->DiskLength)
ullStartingOffset = (ULONGLONG) pVerifyInformation->StartingOffset.QuadPart;
hResult = ULongLongAdd(ullStartingOffset,
(ULONGLONG) Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset,
&ullNewOffset);
if (hResult != S_OK)
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
else if (S_OK != ULongLongAdd(ullNewOffset, (ULONGLONG) pVerifyInformation->Length, &ullEndOffset))
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
else if (ullEndOffset > (ULONGLONG) Extension->DiskLength)
Irp->IoStatus.Status = STATUS_INVALID_PARAMETER;
else
{
@@ -721,7 +732,7 @@ NTSTATUS ProcessVolumeDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION
else
{
LARGE_INTEGER offset = pVerifyInformation->StartingOffset;
offset.QuadPart += Extension->cryptoInfo->hiddenVolume ? Extension->cryptoInfo->hiddenVolumeOffset : Extension->cryptoInfo->volDataAreaOffset;
offset.QuadPart = ullNewOffset;
Irp->IoStatus.Status = ZwReadFile (Extension->hDeviceFile, NULL, NULL, NULL, &ioStatus, buffer, pVerifyInformation->Length, &offset, NULL);
TCfree (buffer);