VirtualBox

Ignore:
Timestamp:
Aug 31, 2008 6:08:32 PM (16 years ago)
Author:
vboxsync
Message:

VMM/SUP: Added SUPR3HardenedVerifyFile and use it to verify files we load.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/HostDrivers/Support/SUPLib.cpp

    r11794 r11889  
    11411141
    11421142
     1143SUPR3DECL(int) SUPR3HardenedVerifyFile(const char *pszFilename, const char *pszMsg, PRTFILE phFile)
     1144{
     1145    /*
     1146     * Quick input validation.
     1147     */
     1148    AssertPtr(pszFilename);
     1149    AssertPtr(pszMsg);
     1150    AssertReturn(!phFile, VERR_NOT_IMPLEMENTED); /** @todo Implement this. The deal is that we make sure the
     1151                                                     file is the same we verified after opening it. */
     1152
     1153    /*
     1154     * Only do the actual check in hardened builds.
     1155     */
     1156#ifdef VBOX_WITH_HARDENING
     1157    int rc = supR3HardenedVerifyFile(pszFilename, false /* fFatal */);
     1158    if (RT_FAILURE(rc))
     1159        LogRel(("SUPR3HardenedVerifyFile: %s: Verification of \"%s\" failed, rc=%Rrc\n", pszMsg, rc));
     1160    return rc;
     1161#else
     1162    return VINF_SUCCESS;
     1163#endif
     1164}
     1165
     1166
    11431167SUPR3DECL(int) SUPLoadModule(const char *pszFilename, const char *pszModule, void **ppvImageBase)
    11441168{
    1145     /*
    1146      * Load the module.
    1147      * If it's VMMR0.r0 we need to install the IDTE.
    1148      */
    1149     int rc = supLoadModule(pszFilename, pszModule, ppvImageBase);
     1169    int rc = VINF_SUCCESS;
     1170#ifdef VBOX_WITH_HARDENING
     1171    /*
     1172     * Check that the module can be trusted.
     1173     */
     1174    rc = supR3HardenedVerifyFile(pszFilename, false /* fFatal */);
     1175#endif
     1176    if (RT_SUCCESS(rc))
     1177    {
     1178        /*
     1179         * Load the module.
     1180         * If it's VMMR0.r0 we need to install the IDTE.
     1181         */
     1182        rc = supLoadModule(pszFilename, pszModule, ppvImageBase);
    11501183#ifdef VBOX_WITH_IDT_PATCHING
    1151     if (    RT_SUCCESS(rc)
    1152         &&  !strcmp(pszModule, "VMMR0.r0"))
    1153     {
    1154         rc = supInstallIDTE();
    1155         if (RT_FAILURE(rc))
    1156             SUPFreeModule(*ppvImageBase);
    1157     }
     1184        if (    RT_SUCCESS(rc)
     1185            &&  !strcmp(pszModule, "VMMR0.r0"))
     1186        {
     1187            rc = supInstallIDTE();
     1188            if (RT_FAILURE(rc))
     1189                SUPFreeModule(*ppvImageBase);
     1190        }
    11581191#endif /* VBOX_WITH_IDT_PATCHING */
    1159 
     1192    }
     1193    else
     1194        LogRel(("SUPLoadModule: Verification of \"%s\" failed, rc=%Rrc\n", rc));
    11601195    return rc;
    11611196}
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette