From 8e2c5ca45ee2e7d16dd45e96e403d85a6ccdc7f0 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 1 Oct 2016 15:36:20 +0200 Subject: [PATCH] Securely erase and protect buffer holding decrypted volume header. --- src/Common/Volumes.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/Common/Volumes.c b/src/Common/Volumes.c index 178f47f0..0940941d 100644 --- a/src/Common/Volumes.c +++ b/src/Common/Volumes.c @@ -249,6 +249,7 @@ int ReadVolumeHeader (BOOL bBoot, char *encryptedHeader, Password *password, int #if !defined(DEVICE_DRIVER) VirtualLock (&keyInfo, sizeof (keyInfo)); VirtualLock (&dk, sizeof (dk)); + VirtualLock (&header, sizeof (header)); #endif #endif // !defined(_UEFI) @@ -571,10 +572,12 @@ KeyReady: ; ret: burn (&keyInfo, sizeof (keyInfo)); burn (dk, sizeof(dk)); + burn (header, sizeof(header)); #if !defined(DEVICE_DRIVER) && !defined(_UEFI) VirtualUnlock (&keyInfo, sizeof (keyInfo)); VirtualUnlock (&dk, sizeof (dk)); + VirtualUnlock (&header, sizeof (header)); #endif #if !defined(_UEFI)