diff options
| author | Odd Stranne <odd@mullvad.net> | 2019-03-14 12:52:01 +0100 |
|---|---|---|
| committer | Odd Stranne <odd@mullvad.net> | 2019-04-04 20:16:55 +0200 |
| commit | 52d0866ef32089e56f0c4e29509932a697b7092f (patch) | |
| tree | f5bbd925097c061d2ae6f4036e7f45ac2b5ed200 | |
| parent | e46844aa39ba9123f74e8776641deb5e5fbabcc6 (diff) | |
| download | mullvadvpn-52d0866ef32089e56f0c4e29509932a697b7092f.tar.xz mullvadvpn-52d0866ef32089e56f0c4e29509932a697b7092f.zip | |
Enforce validation of objects that are installed in WFP
| -rw-r--r-- | windows/winfw/src/winfw/sessioncontroller.cpp | 19 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/sessioncontroller.h | 1 |
2 files changed, 20 insertions, 0 deletions
diff --git a/windows/winfw/src/winfw/sessioncontroller.cpp b/windows/winfw/src/winfw/sessioncontroller.cpp index 76106fe55d..5105a57e5d 100644 --- a/windows/winfw/src/winfw/sessioncontroller.cpp +++ b/windows/winfw/src/winfw/sessioncontroller.cpp @@ -1,11 +1,13 @@ #include "stdafx.h" #include "sessioncontroller.h" #include "wfpobjecttype.h" +#include "mullvadguids.h" #include "libwfp/objectinstaller.h" #include "libwfp/objectdeleter.h" #include "libwfp/transaction.h" #include "libcommon/memory.h" #include <utility> +#include <stdexcept> namespace { @@ -55,6 +57,17 @@ bool CheckpointKeyToIndex(const std::vector<SessionRecord> &container, uint32_t return false; } +void ValidateObject(const wfp::IIdentifiable &object) +{ + const auto registry = MullvadGuids::Registry(); + + if (registry.end() == registry.find(object.id())) + { + throw std::runtime_error("Attempting to install non-registered WFP object"); + } +} + + } // anonymous namespace SessionController::SessionController(std::unique_ptr<wfp::FilterEngine> &&engine) @@ -90,6 +103,8 @@ bool SessionController::addProvider(wfp::ProviderBuilder &providerBuilder) throw std::runtime_error("Cannot add provider outside transaction"); } + ValidateObject(providerBuilder); + GUID key; auto status = wfp::ObjectInstaller::AddProvider(*m_engine, providerBuilder, &key); @@ -109,6 +124,8 @@ bool SessionController::addSublayer(wfp::SublayerBuilder &sublayerBuilder) throw std::runtime_error("Cannot add sublayer outside transaction"); } + ValidateObject(sublayerBuilder); + GUID key; auto status = wfp::ObjectInstaller::AddSublayer(*m_engine, sublayerBuilder, &key); @@ -128,6 +145,8 @@ bool SessionController::addFilter(wfp::FilterBuilder &filterBuilder, const wfp:: throw std::runtime_error("Cannot add filter outside transaction"); } + ValidateObject(filterBuilder); + UINT64 id; auto status = wfp::ObjectInstaller::AddFilter(*m_engine, filterBuilder, conditionBuilder, &id); diff --git a/windows/winfw/src/winfw/sessioncontroller.h b/windows/winfw/src/winfw/sessioncontroller.h index 61163533c4..690bdbbc63 100644 --- a/windows/winfw/src/winfw/sessioncontroller.h +++ b/windows/winfw/src/winfw/sessioncontroller.h @@ -3,6 +3,7 @@ #include "iobjectinstaller.h" #include "sessionrecord.h" #include "libwfp/filterengine.h" +#include "libwfp/iidentifiable.h" #include <atomic> #include <memory> #include <vector> |