Driver.cpp: Add some mode checks to OvpnEvtIoDeviceControl

Return an error to a userspace if P2P-only IOCTLs are used in MP mode. Signed-off-by: Lev Stipakov <[email protected]>
lstipakov · Sep 13, 2024 · cfbe20d · cfbe20d
1 parent 41d836e
commit cfbe20d
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/Driver.cpp b/Driver.cpp
@@ -261,6 +261,27 @@ OvpnSetMode(POVPN_DEVICE device, WDFREQUEST request)
     return status;
 }
 
+static BOOLEAN
+OvpnDeviceCheckMode(OVPN_MODE mode, ULONG code)
+{
+    if (mode == OVPN_MODE_MP)
+    {
+        switch (code)
+        {
+        // all those IOCTLs are only for P2P mode
+        case OVPN_IOCTL_NEW_PEER:
+        case OVPN_IOCTL_DEL_PEER:
+        case OVPN_IOCTL_NEW_KEY:
+        case OVPN_IOCTL_NEW_KEY_V2:
+        case OVPN_IOCTL_SWAP_KEYS:
+        case OVPN_IOCTL_SET_PEER:
+            return FALSE;
+        }
+    }
+
+    return TRUE;
+}
+
 static NTSTATUS
 OvpnStopVPN(_In_ POVPN_DEVICE device)
 {
@@ -316,6 +337,12 @@ OvpnEvtIoDeviceControl(WDFQUEUE queue, WDFREQUEST request, size_t outputBufferLe
 
     ULONG_PTR bytesReturned = 0;
 
+    if (!OvpnDeviceCheckMode(device->Mode, ioControlCode))
+    {
+        WdfRequestCompleteWithInformation(request, STATUS_INVALID_DEVICE_STATE, bytesReturned);
+        return;
+    }
+
     KIRQL kirql = 0;
     switch ((long)ioControlCode) {
     case OVPN_IOCTL_GET_STATS: