Sharing function pointers

NTDEV
1

An old post - http://www.osronline.com/article.cfm?id=177 indicates that in addition to function pointers, one can use function pointers for driver-driver communication. However, the function pointers would leave the driver vulnerable to malicious callers. Are there any mitigations to this or is there a better way to achieve this? Using of IRPs would have a performance impact that I want to avoid.

If it has any bearing, I am looking at the XP video stack for this function sharing.

Thanks

Sailesh

2

> An old post - http://www.osronline.com/article.cfm?id=177 indicates that in

addition to function pointers, one can use function pointers for driver-driver communication.

Well, of course - after all, this is what private interfaces are all about…

However, the function pointers would leave the driver vulnerable to malicious callers.

What about IOCTLs??? Don’t they offer the same possibilities to malicious callers if the target driver does not do all necessary checking??? Actually, IOCTLs are potentially even more dangerous than callbacks - the latter can be used only by drivers, i.e. by trusted components, but the former may be used by apps as well. Furthermore, in order to get an address of a callback function, one has to send an IRP to your driver, in the first place, so that you have a chance to do all necessary validation before you provide a caller with the one.Therefore, it is solely your driver’s responsibility to do a proper validation of calls that are made to it.

Are there any mitigations to this

Validation, validation, validation, and, once more, validation…

The most interesting things here is that you don’t seem to worry about the real issues with inter-driver communications. What if driver X gets unloaded and driver Y accesses some address in driver X’s module that it got via the callback, or just calls one of its private functions??? The most simplistic cases can be resolved simply by reference counting, but there may be more complex scenarios that may need rather elaborate solutions. This is what you really have to worry about…

Anton Bassov

3

What part of the video system are you targeting? I believe it was
Skywing who recently pointed out that this may an issue if you want to
cross session space.

mm

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Monday, August 06, 2007 01:28
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Sharing function pointers

An old post - http://www.osronline.com/article.cfm?id=177 indicates
that in
addition to function pointers, one can use function pointers for
driver-driver communication.

Well, of course - after all, this is what private interfaces are all
about…

However, the function pointers would leave the driver vulnerable to
malicious callers.

What about IOCTLs??? Don’t they offer the same possibilities to
malicious callers if the target driver does not do all necessary
checking??? Actually, IOCTLs are potentially even more dangerous than
callbacks - the latter can be used only by drivers, i.e. by trusted
components, but the former may be used by apps as well. Furthermore, in
order to get an address of a callback function, one has to send an IRP
to your driver, in the first place, so that you have a chance to do all
necessary validation before you provide a caller with the one.Therefore,
it is solely your driver’s responsibility to do a proper validation of
calls that are made to it.

Are there any mitigations to this

Validation, validation, validation, and, once more, validation…

The most interesting things here is that you don’t seem to worry about
the real issues with inter-driver communications. What if driver X gets
unloaded and driver Y accesses some address in driver X’s module that it
got via the callback, or just calls one of its private functions??? The
most simplistic cases can be resolved simply by reference counting, but
there may be more complex scenarios that may need rather elaborate
solutions. This is what you really have to worry about…

Anton Bassov

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer