From cfbe20db828e29d527405c53de8bdafd59dc528c Mon Sep 17 00:00:00 2001
From: Lev Stipakov <lev@openvpn.net>
Date: Thu, 12 Sep 2024 13:01:19 +0300
Subject: [PATCH] Driver.cpp: Add some mode checks to OvpnEvtIoDeviceControl

Return an error to a userspace if P2P-only IOCTLs
are used in MP mode.

Signed-off-by: Lev Stipakov <lev@openvpn.net>
---
 Driver.cpp | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/Driver.cpp b/Driver.cpp
index 16ef036..ae5d930 100644
--- a/Driver.cpp
+++ b/Driver.cpp
@@ -261,6 +261,27 @@ OvpnSetMode(POVPN_DEVICE device, WDFREQUEST request)
     return status;
 }
 
+static BOOLEAN
+OvpnDeviceCheckMode(OVPN_MODE mode, ULONG code)
+{
+    if (mode == OVPN_MODE_MP)
+    {
+        switch (code)
+        {
+        // all those IOCTLs are only for P2P mode
+        case OVPN_IOCTL_NEW_PEER:
+        case OVPN_IOCTL_DEL_PEER:
+        case OVPN_IOCTL_NEW_KEY:
+        case OVPN_IOCTL_NEW_KEY_V2:
+        case OVPN_IOCTL_SWAP_KEYS:
+        case OVPN_IOCTL_SET_PEER:
+            return FALSE;
+        }
+    }
+
+    return TRUE;
+}
+
 static NTSTATUS
 OvpnStopVPN(_In_ POVPN_DEVICE device)
 {
@@ -316,6 +337,12 @@ OvpnEvtIoDeviceControl(WDFQUEUE queue, WDFREQUEST request, size_t outputBufferLe
 
     ULONG_PTR bytesReturned = 0;
 
+    if (!OvpnDeviceCheckMode(device->Mode, ioControlCode))
+    {
+        WdfRequestCompleteWithInformation(request, STATUS_INVALID_DEVICE_STATE, bytesReturned);
+        return;
+    }
+
     KIRQL kirql = 0;
     switch ((long)ioControlCode) {
     case OVPN_IOCTL_GET_STATS: