VirtualBox

Changeset 30850 in vbox for trunk/src/VBox/Devices


Ignore:
Timestamp:
Jul 14, 2010 5:41:01 PM (14 years ago)
Author:
vboxsync
Message:

VMMDev: Addressed little paranoia issue introduced by r63480. That change made the VMMDev R0/RC capable which means the instance data would be allocated on the hypervisor heap. That heap theorecially be read by privileged guest code, so we shouldn't store any secrets there. Since the information is accessible via VMMDevReq_QueryCredentials this is mostsly academical paranoia.

Location:
trunk/src/VBox/Devices
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/VBox/Devices/VMMDev/VMMDev.cpp

    r30758 r30850  
    16381638                if (credentials->u32Flags & VMMDEV_CREDENTIALS_QUERYPRESENCE)
    16391639                {
    1640                     if (   pThis->credentialsLogon.szUserName[0]
    1641                         || pThis->credentialsLogon.szPassword[0]
    1642                         || pThis->credentialsLogon.szDomain[0])
     1640                    if (   pThis->pCredentials->Logon.szUserName[0]
     1641                        || pThis->pCredentials->Logon.szPassword[0]
     1642                        || pThis->pCredentials->Logon.szDomain[0])
    16431643                    {
    16441644                        credentials->u32Flags |= VMMDEV_CREDENTIALS_PRESENT;
     
    16531653                if (credentials->u32Flags & VMMDEV_CREDENTIALS_READ)
    16541654                {
    1655                     if (pThis->credentialsLogon.szUserName[0])
    1656                         strcpy(credentials->szUserName, pThis->credentialsLogon.szUserName);
    1657                     if (pThis->credentialsLogon.szPassword[0])
    1658                         strcpy(credentials->szPassword, pThis->credentialsLogon.szPassword);
    1659                     if (pThis->credentialsLogon.szDomain[0])
    1660                         strcpy(credentials->szDomain, pThis->credentialsLogon.szDomain);
    1661                     if (!pThis->credentialsLogon.fAllowInteractiveLogon)
     1655                    if (pThis->pCredentials->Logon.szUserName[0])
     1656                        strcpy(credentials->szUserName, pThis->pCredentials->Logon.szUserName);
     1657                    if (pThis->pCredentials->Logon.szPassword[0])
     1658                        strcpy(credentials->szPassword, pThis->pCredentials->Logon.szPassword);
     1659                    if (pThis->pCredentials->Logon.szDomain[0])
     1660                        strcpy(credentials->szDomain, pThis->pCredentials->Logon.szDomain);
     1661                    if (!pThis->pCredentials->Logon.fAllowInteractiveLogon)
    16621662                        credentials->u32Flags |= VMMDEV_CREDENTIALS_NOLOCALLOGON;
    16631663                    else
     
    16701670                    if (credentials->u32Flags & VMMDEV_CREDENTIALS_CLEAR)
    16711671                    {
    1672                         memset(pThis->credentialsLogon.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
    1673                         memset(pThis->credentialsLogon.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
    1674                         memset(pThis->credentialsLogon.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1672                        memset(pThis->pCredentials->Logon.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1673                        memset(pThis->pCredentials->Logon.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1674                        memset(pThis->pCredentials->Logon.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
    16751675                    }
    16761676                }
     
    16791679                if (credentials->u32Flags & VMMDEV_CREDENTIALS_READJUDGE)
    16801680                {
    1681                     if (pThis->credentialsJudge.szUserName[0])
    1682                         strcpy(credentials->szUserName, pThis->credentialsJudge.szUserName);
    1683                     if (pThis->credentialsJudge.szPassword[0])
    1684                         strcpy(credentials->szPassword, pThis->credentialsJudge.szPassword);
    1685                     if (pThis->credentialsJudge.szDomain[0])
    1686                         strcpy(credentials->szDomain, pThis->credentialsJudge.szDomain);
     1681                    if (pThis->pCredentials->Judge.szUserName[0])
     1682                        strcpy(credentials->szUserName, pThis->pCredentials->Judge.szUserName);
     1683                    if (pThis->pCredentials->Judge.szPassword[0])
     1684                        strcpy(credentials->szPassword, pThis->pCredentials->Judge.szPassword);
     1685                    if (pThis->pCredentials->Judge.szDomain[0])
     1686                        strcpy(credentials->szDomain, pThis->pCredentials->Judge.szDomain);
    16871687                }
    16881688
     
    16901690                if (credentials->u32Flags & VMMDEV_CREDENTIALS_CLEARJUDGE)
    16911691                {
    1692                     memset(pThis->credentialsJudge.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
    1693                     memset(pThis->credentialsJudge.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
    1694                     memset(pThis->credentialsJudge.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1692                    memset(pThis->pCredentials->Judge.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1693                    memset(pThis->pCredentials->Judge.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
     1694                    memset(pThis->pCredentials->Judge.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
    16951695                }
    16961696
     
    23362336    {
    23372337        /* memorize the data */
    2338         strcpy(pThis->credentialsLogon.szUserName, pszUsername);
    2339         strcpy(pThis->credentialsLogon.szPassword, pszPassword);
    2340         strcpy(pThis->credentialsLogon.szDomain,   pszDomain);
    2341         pThis->credentialsLogon.fAllowInteractiveLogon = !(u32Flags & VMMDEV_SETCREDENTIALS_NOLOCALLOGON);
     2338        strcpy(pThis->pCredentials->Logon.szUserName, pszUsername);
     2339        strcpy(pThis->pCredentials->Logon.szPassword, pszPassword);
     2340        strcpy(pThis->pCredentials->Logon.szDomain,   pszDomain);
     2341        pThis->pCredentials->Logon.fAllowInteractiveLogon = !(u32Flags & VMMDEV_SETCREDENTIALS_NOLOCALLOGON);
    23422342    }
    23432343    /* credentials verification mode? */
     
    23452345    {
    23462346        /* memorize the data */
    2347         strcpy(pThis->credentialsJudge.szUserName, pszUsername);
    2348         strcpy(pThis->credentialsJudge.szPassword, pszPassword);
    2349         strcpy(pThis->credentialsJudge.szDomain,   pszDomain);
     2347        strcpy(pThis->pCredentials->Judge.szUserName, pszUsername);
     2348        strcpy(pThis->pCredentials->Judge.szPassword, pszPassword);
     2349        strcpy(pThis->pCredentials->Judge.szDomain,   pszDomain);
    23502350
    23512351        VMMDevNotifyGuest (pThis, VMMDEV_EVENT_JUDGE_CREDENTIALS);
     
    26822682    if (!pThis->fKeepCredentials)
    26832683    {
    2684         memset(pThis->credentialsLogon.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
    2685         memset(pThis->credentialsLogon.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
    2686         memset(pThis->credentialsLogon.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
    2687     }
    2688     memset(pThis->credentialsJudge.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
    2689     memset(pThis->credentialsJudge.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
    2690     memset(pThis->credentialsJudge.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2684        memset(pThis->pCredentials->Logon.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2685        memset(pThis->pCredentials->Logon.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2686        memset(pThis->pCredentials->Logon.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2687    }
     2688    memset(pThis->pCredentials->Judge.szUserName, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2689    memset(pThis->pCredentials->Judge.szPassword, '\0', VMMDEV_CREDENTIALS_STRLEN);
     2690    memset(pThis->pCredentials->Judge.szDomain, '\0', VMMDEV_CREDENTIALS_STRLEN);
    26912691
    26922692    /* Reset means that additions will report again. */
     
    27612761    NOREF(pDevIns);
    27622762    NOREF(offDelta);
     2763}
     2764
     2765
     2766/**
     2767 * @interface_method_impl{PDMDEVREG,pfnDestruct}
     2768 */
     2769static DECLCALLBACK(int) vmmdevDestroy(PPDMDEVINS pDevIns)
     2770{
     2771    PDMDEV_CHECK_VERSIONS_RETURN(pDevIns);
     2772    VMMDevState *pThis = PDMINS_2_DATA(pDevIns, VMMDevState *);
     2773
     2774    /*
     2775     * Wipe and free the credentials.
     2776     */
     2777    if (pThis->pCredentials)
     2778    {
     2779        RTMemWipeThoroughly(pThis->pCredentials, sizeof(*pThis->pCredentials), 10);
     2780        RTMemFree(pThis->pCredentials);
     2781        pThis->pCredentials = NULL;
     2782    }
     2783
     2784    return VINF_SUCCESS;
    27632785}
    27642786
     
    28262848#endif
    28272849
     2850    pThis->pCredentials = (VMMDEVCREDS *)RTMemAllocZ(sizeof(*pThis->pCredentials));
     2851    if (!pThis->pCredentials)
     2852        return VERR_NO_MEMORY;
     2853
     2854
    28282855    /*
    28292856     * Validate and read the configuration.
     
    28742901        return PDMDEV_SET_ERROR(pDevIns, rc,
    28752902                                N_("Configuration error: Failed querying \"TestingEnabled\" as a boolean"));
    2876 # ifdef DEBUG_bird /* lazy bird */
     2903# if 1 //def DEBUG_bird /* lazy bird */ - do not commit this!!!!
    28772904    pThis->fTestingEnabled = true;
    28782905# endif

  • trunk/src/VBox/Devices/VMMDev/VMMDevState.h

    r30775 r30850  
    5252    DISPLAYCHANGEREQUEST aRequests[64]; // @todo maxMonitors
    5353} DISPLAYCHANGEDATA;
     54
     55
     56/**
     57 * Credentials for automatic guest logon and host configured logon (?).
     58 *
     59 * This is not stored in the same block as the instance data in order to make it
     60 * harder to access.
     61 */
     62typedef struct VMMDEVCREDS
     63{
     64    /** credentials for guest logon purposes */
     65    struct
     66    {
     67        char szUserName[VMMDEV_CREDENTIALS_STRLEN];
     68        char szPassword[VMMDEV_CREDENTIALS_STRLEN];
     69        char szDomain[VMMDEV_CREDENTIALS_STRLEN];
     70        bool fAllowInteractiveLogon;
     71    } Logon;
     72
     73    /** credentials for verification by guest */
     74    struct
     75    {
     76        char szUserName[VMMDEV_CREDENTIALS_STRLEN];
     77        char szPassword[VMMDEV_CREDENTIALS_STRLEN];
     78        char szDomain[VMMDEV_CREDENTIALS_STRLEN];
     79    } Judge;
     80} VMMDEVCREDS;
    5481
    5582
     
    152179    DISPLAYCHANGEDATA displayChangeData;
    153180
    154     /** credentials for guest logon purposes */
    155     struct
    156     {
    157         char szUserName[VMMDEV_CREDENTIALS_STRLEN];
    158         char szPassword[VMMDEV_CREDENTIALS_STRLEN];
    159         char szDomain[VMMDEV_CREDENTIALS_STRLEN];
    160         bool fAllowInteractiveLogon;
    161     } credentialsLogon;
    162 
    163     /** credentials for verification by guest */
    164     struct
    165     {
    166         char szUserName[VMMDEV_CREDENTIALS_STRLEN];
    167         char szPassword[VMMDEV_CREDENTIALS_STRLEN];
    168         char szDomain[VMMDEV_CREDENTIALS_STRLEN];
    169     } credentialsJudge;
    170 
    171     bool afAlignment4[HC_ARCH_BITS == 32 ? 7 : 7];
     181    /** Pointer to the credentials. */
     182    R3PTRTYPE(VMMDEVCREDS *) pCredentials;
     183
     184    bool afAlignment4[HC_ARCH_BITS == 32 ? 3 : 7];
    172185
    173186    /* memory balloon change request */

  • trunk/src/VBox/Devices/testcase/tstDeviceStructSizeRC.cpp

    r30772 r30850  
    11/* $Id$ */
    22/** @file
    3  * tstDeviceStructSizeGC - Generate structure member and size checks from the GC perspective.
     3 * tstDeviceStructSizeGC - Generate structure member and size checks from the RC perspective.
    44 *
    55 * This is built using the VBoxRc template but linked into a host
     
    88
    99/*
    10  * Copyright (C) 2006-2008 Oracle Corporation
     10 * Copyright (C) 2006-2010 Oracle Corporation
    1111 *
    1212 * This file is part of VirtualBox Open Source Edition (OSE), as
     
    14511451    GEN_CHECK_OFF(VMMDevState, u32VideoAccelEnabled);
    14521452    GEN_CHECK_OFF(VMMDevState, displayChangeData);
    1453     GEN_CHECK_OFF(VMMDevState, credentialsLogon);
    1454     GEN_CHECK_OFF(VMMDevState, credentialsLogon.szUserName);
    1455     GEN_CHECK_OFF(VMMDevState, credentialsLogon.szPassword);
    1456     GEN_CHECK_OFF(VMMDevState, credentialsLogon.szDomain);
    1457     GEN_CHECK_OFF(VMMDevState, credentialsLogon.fAllowInteractiveLogon);
    1458     GEN_CHECK_OFF(VMMDevState, credentialsJudge);
    1459     GEN_CHECK_OFF(VMMDevState, credentialsJudge.szUserName);
    1460     GEN_CHECK_OFF(VMMDevState, credentialsJudge.szPassword);
    1461     GEN_CHECK_OFF(VMMDevState, credentialsJudge.szDomain);
     1453    GEN_CHECK_OFF(VMMDevState, pCredentials);
    14621454    GEN_CHECK_OFF(VMMDevState, u32MemoryBalloonSize);
    14631455    GEN_CHECK_OFF(VMMDevState, u32LastMemoryBalloonSize);
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette