Security Issues for Network Drivers

For a general discussion on writing secure drivers, see Creating Reliable Kernel-Mode Drivers.

In particular, network drivers should do the following to enhance security:

  • All drivers should validate values that they read from the registry. Specifically, the caller of NdisReadConfiguration or NdisReadNetworkAddress must not make any assumptions about values read from the registry and must validate each registry value that it reads. If the caller of NdisReadConfiguration determines that a value is out of bounds, it should use a default value instead. If the caller of NdisReadNetworkAddress determines that a value is out of bounds, it should use the permanent medium access control (MAC) address or a default address instead.

  • A miniport driver, in its MiniportOidRequest or MiniportCoOidRequest functions, should validate any object identifier (OID) value that the driver is requested to set. If the driver determines that the value to be set is out of bounds, it should fail the set request. For more information about object identifiers, see Obtaining and Setting Miniport Driver Information and NDIS Support for WMI.

  • If an intermediate driver's MiniportOidRequest function does not pass a set operation to an underlying miniport driver, the function should validate the OID value. For more information, see Intermediate Driver Query and Set Operations.

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft