Changeset 11889 in vbox for trunk/src

Timestamp:

Aug 31, 2008 6:08:32 PM (16 years ago)

Author:

vboxsync

Message:

VMM/SUP: Added SUPR3HardenedVerifyFile and use it to verify files we load.

Location:

trunk/src/VBox

Files:

• HostDrivers/Support/SUPLib.cpp (modified) (1 diff)
• VMM/PDMLdr.cpp (modified) (3 diffs)

trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

@@ -1141 +1141 @@
 
 
+SUPR3DECL(int) SUPR3HardenedVerifyFile(const char *pszFilename, const char *pszMsg, PRTFILE phFile)
+{
+    /*
+     * Quick input validation.
+     */
+    AssertPtr(pszFilename);
+    AssertPtr(pszMsg);
+    AssertReturn(!phFile, VERR_NOT_IMPLEMENTED); /** @todo Implement this. The deal is that we make sure the 
+                                                     file is the same we verified after opening it. */
+
+    /*
+     * Only do the actual check in hardened builds.
+     */
+#ifdef VBOX_WITH_HARDENING
+    int rc = supR3HardenedVerifyFile(pszFilename, false /* fFatal */);
+    if (RT_FAILURE(rc))
+        LogRel(("SUPR3HardenedVerifyFile: %s: Verification of \"%s\" failed, rc=%Rrc\n", pszMsg, rc));
+    return rc;
+#else
+    return VINF_SUCCESS;
+#endif
+}
+
+
 SUPR3DECL(int) SUPLoadModule(const char *pszFilename, const char *pszModule, void **ppvImageBase)
 {
-    /*
-     * Load the module.
-     * If it's VMMR0.r0 we need to install the IDTE.
-     */
-    int rc = supLoadModule(pszFilename, pszModule, ppvImageBase);
+    int rc = VINF_SUCCESS;
+#ifdef VBOX_WITH_HARDENING
+    /*
+     * Check that the module can be trusted.
+     */
+    rc = supR3HardenedVerifyFile(pszFilename, false /* fFatal */);
+#endif
+    if (RT_SUCCESS(rc))
+    {
+        /*
+         * Load the module.
+         * If it's VMMR0.r0 we need to install the IDTE.
+         */
+        rc = supLoadModule(pszFilename, pszModule, ppvImageBase);
 #ifdef VBOX_WITH_IDT_PATCHING
-    if (    RT_SUCCESS(rc)
-        &&  !strcmp(pszModule, "VMMR0.r0"))
-    {
-        rc = supInstallIDTE();
-        if (RT_FAILURE(rc))
-            SUPFreeModule(*ppvImageBase);
-    }
+        if (    RT_SUCCESS(rc)
+            &&  !strcmp(pszModule, "VMMR0.r0"))
+        {
+            rc = supInstallIDTE();
+            if (RT_FAILURE(rc))
+                SUPFreeModule(*ppvImageBase);
+        }
 #endif /* VBOX_WITH_IDT_PATCHING */
-
+    }
+    else
+        LogRel(("SUPLoadModule: Verification of \"%s\" failed, rc=%Rrc\n", rc)); 
     return rc;
 }

trunk/src/VBox/VMM/PDMLdr.cpp

@@ -271 +271 @@
      * Allocate the module list node and initialize it.
      */
-    PPDMMOD     pModule = (PPDMMOD)RTMemAllocZ(sizeof(*pModule) + cchFilename);
+    const char *pszSuff = RTLdrGetSuff();
+    size_t      cchSuff = strlen(pszSuff);
+    PPDMMOD     pModule = (PPDMMOD)RTMemAllocZ(sizeof(*pModule) + cchFilename + cchSuff);
     if (!pModule)
         return VERR_NO_MEMORY;
@@ -278 +280 @@
     memcpy(pModule->szName, pszName, cchName); /* memory is zero'ed, no need to copy terminator :-) */
     memcpy(pModule->szFilename, pszFilename, cchFilename);
+    memcpy(&pModule->szFilename[cchFilename], pszSuff, cchSuff);
 
     /*
      * Load the loader item.
      */
-    int rc = RTLdrLoad(pszFilename, &pModule->hLdrMod);
+    int rc = SUPR3HardenedVerifyFile(pModule->szFilename, "pdmR3LoadR3U", NULL);
+    if (RT_SUCCESS(rc))
+        rc = RTLdrLoad(pModule->szFilename, &pModule->hLdrMod);
     if (VBOX_SUCCESS(rc))
     {
@@ -448 +453 @@
      * Open the loader item.
      */
-    int rc = RTLdrOpen(pszFilename, &pModule->hLdrMod);
+    int rc = SUPR3HardenedVerifyFile(pszFilename, "PDMR3LoadGC", NULL);
+    if (RT_SUCCESS(rc))
+        rc = RTLdrOpen(pszFilename, &pModule->hLdrMod);
     if (VBOX_SUCCESS(rc))
     {