Changeset 52207 in vbox

Timestamp:

Jul 27, 2014 7:33:11 PM (11 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

95268

Message:

SUP: Fixed handle leak in the driver. Adjusted NtQueryInformationProcess/ProcessImageInformation for XP. Shut up an DEBUG assertion caused by certificate(s) with malformed ASN.1 UTC TIME objects (not zulu time).

Location:

trunk/src/VBox/HostDrivers/Support/win

Files:

• SUPHardenedVerifyImage-win.cpp (modified) (2 diffs)
• SUPHardenedVerifyProcess-win.cpp (modified) (7 diffs)

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp

@@ -1456 +1456 @@
             if (pCurCtx->dwCertEncodingType & X509_ASN_ENCODING)
             {
+                RTERRINFOSTATIC StaticErrInfo;
                 RTASN1CURSORPRIMARY PrimaryCursor;
-                RTAsn1CursorInitPrimary(&PrimaryCursor, pCurCtx->pbCertEncoded, pCurCtx->cbCertEncoded, NULL /*pErrInfo*/,
+                RTAsn1CursorInitPrimary(&PrimaryCursor, pCurCtx->pbCertEncoded, pCurCtx->cbCertEncoded,
+                                        RTErrInfoInitStatic(&StaticErrInfo),
                                         &g_RTAsn1DefaultAllocator, RTASN1CURSOR_FLAGS_DER, "CurCtx");
                 RTCRX509CERTIFICATE MyCert;
                 int rc = RTCrX509Certificate_DecodeAsn1(&PrimaryCursor.Cursor, 0, &MyCert, "Cert");
-                AssertRC(rc);
                 if (RT_SUCCESS(rc))
                 {
@@ -1478 +1479 @@
                     RTCrX509Certificate_Delete(&MyCert);
                 }
+                /* XP root certificate "C&W HKT SecureNet CA SGC Root" has non-standard validity
+                   timestamps, the UTC formatting isn't Zulu time but specifies timezone offsets.
+                   Ignore these failures and certificates. */
+                else if (rc != VERR_ASN1_INVALID_UTC_TIME_ENCODING)
+                    AssertMsgFailed(("RTCrX509Certificate_DecodeAsn1 failed: rc=%#x: %s\n", rc, StaticErrInfo.szMsg));
             }
         }

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp

@@ -114 +114 @@
     /** The file reader. */
     PSUPHNTVIRDR    pNtViRdr;
+    /** The module file handle, if we've opened it.
+     * (pNtviRdr does not close the file handle on destruction.)  */
+    HANDLE          hFile;
     /** Image bits for lazy cleanup. */
     uint8_t        *pbBits;
@@ -650 +653 @@
         return supHardNtVpSetInfo2(pThis, rc, "%s: RTLdrGetBits failed: %Rrc", pImage->pszName, rc);
 
-    /** @todo figure out if all windows versions do this... */
-    if (fIs32Bit)
-        ((PIMAGE_NT_HEADERS32)&pImage->pbBits[offNtHdrs])->OptionalHeader.ImageBase = (uint32_t)pImage->uImageBase;
-    else
-        ((PIMAGE_NT_HEADERS)&pImage->pbBits[offNtHdrs])->OptionalHeader.ImageBase   = pImage->uImageBase;
+    /* XP SP3 does not set ImageBase to load address. It fixes up the image on load time though. */
+    if (g_uNtVerCombined >= SUP_NT_VER_VISTA)
+    {
+        if (fIs32Bit)
+            ((PIMAGE_NT_HEADERS32)&pImage->pbBits[offNtHdrs])->OptionalHeader.ImageBase = (uint32_t)pImage->uImageBase;
+        else
+            ((PIMAGE_NT_HEADERS)&pImage->pbBits[offNtHdrs])->OptionalHeader.ImageBase   = pImage->uImageBase;
+    }
 
     /*
@@ -1060 +1066 @@
     pImage->uImageBase = (uintptr_t)pMemInfo->AllocationBase;
     pImage->cbImage    = pMemInfo->RegionSize;
+    pImage->hFile      = NULL;
     pImage->hLdrMod    = NIL_RTLDRMOD;
     pImage->pNtViRdr   = NULL;
@@ -1332 +1339 @@
 
 /**
- * Opens all the images with the IPRT loader, setting both pNtViRdr and hLdrMod
- * for each image.
+ * Opens all the images with the IPRT loader, setting both, hFile, pNtViRdr and
+ * hLdrMod for each image.
  *
  * @returns VBox status code.
@@ -1389 +1396 @@
             return rc;
         }
+        pImage->hFile    = hFile;
         pImage->pNtViRdr = pNtViRdr;
 
@@ -1482 +1490 @@
     /*
      * Check linking requirements.
+     * This query is only available using the current process pseudo handle on
+     * older windows versions.  The cut-off seems to be Vista.
      */
     SECTION_IMAGE_INFORMATION ImageInfo;
     rcNt = NtQueryInformationProcess(hProcess, ProcessImageInformation, &ImageInfo, sizeof(ImageInfo), NULL);
     if (!NT_SUCCESS(rcNt))
+    {
+        if (   rcNt == STATUS_INVALID_PARAMETER
+            && g_uNtVerCombined < SUP_NT_VER_VISTA
+            && hProcess != NtCurrentProcess() )
+            return VINF_SUCCESS;
         return supHardNtVpSetInfo2(pThis, VERR_SUP_VP_NT_QI_PROCESS_IMG_INFO_ERROR,
-                                   "NtQueryInformationProcess/ProcessImageInformation failed: %#x", rcNt);
+                                   "NtQueryInformationProcess/ProcessImageInformation failed: %#x hProcess=%#x", rcNt, hProcess);
+    }
     if ( !(ImageInfo.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY))
         return supHardNtVpSetInfo2(pThis, VERR_SUP_VP_EXE_MISSING_FORCE_INTEGRITY,
@@ -1641 +1657 @@
                 else if (pThis->aImages[i].pNtViRdr)
                     pThis->aImages[i].pNtViRdr->Core.pfnDestroy(&pThis->aImages[i].pNtViRdr->Core);
+                if (pThis->aImages[i].hFile)
+                    NtClose(pThis->aImages[i].hFile);
             }
             suplibHardenedFree(pThis);