Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible memory safety issue #5

Closed
zeon256 opened this issue Apr 7, 2022 · 0 comments
Closed

Possible memory safety issue #5

zeon256 opened this issue Apr 7, 2022 · 0 comments
Assignees
@zeon256
Labels
bug Something isn't working

Comments

@zeon256
Copy link
Owner

zeon256 commented Apr 7, 2022
edited
Loading

Problem 1

The use of Vec::from_raw_parts usage, in this case, is not safe the as the data is not allocated by the same allocator. Dropping this Vec may corrupt the internal data structures of the allocator.

Proposed solution

/// Wrapper around DPAPI `CryptUnprotectData`
pub fn crypt_unprotect_data(data_buf: &mut [u8]) -> Result<Vec<u8>, DumperError> {
    let buf_ptr = data_buf.as_mut_ptr();
    let buf_len = data_buf.len();
    let mut data_in = DATA_BLOB {
        cbData: buf_len as u32,
        pbData: buf_ptr,
    };

    let mut data_out = unsafe { std::mem::zeroed() };

    let unprotect_result = unsafe {
        CryptUnprotectData(
            &mut data_in,
            ptr::null_mut(),
            ptr::null_mut(),
            ptr::null_mut(),
            ptr::null_mut(),
            0,
            &mut data_out,
        )
    };

    if unprotect_result == 0 {
        let error = unsafe { GetLastError() };
        return Err(DumperError::DpapiFailedToDecrypt(error));
    }

    let size = data_out.cbData as usize;
    let v = unsafe { slice::from_raw_parts(data_out.pbData, size).to_vec() };
    Ok(v)
}
@zeon256 zeon256 added the bug Something isn't working label Apr 7, 2022
@zeon256 zeon256 self-assigned this Apr 7, 2022
@zeon256 zeon256 closed this as completed in 06a030b Apr 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zeon256 zeon256

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zeon256