Vulnerability to Security Attacks in NDIS Drivers

If an NDIS driver parses and interprets packet data, the driver and the operating system might be vulnerable to security attacks. Some of these attacks could be started remotely and cause serious problems, including crashing the computer.

For example, consider a network interface card (NIC) that can support IPv4 checksum offload but cannot support IPv6 checksum offload. However, the miniport driver advertises that the NIC can provide IPv6 checksum offload. When the NIC receives IPv4 packets, the NIC hardware computes and verifies the checksum and puts the results in the NET_BUFFER_LIST structure out-of-band (OOB) information. If the NIC receives an IPv6 packet with IPv6 extension, the miniport driver computes and verifies the checksum in the receive interrupt handler. In the IPv6 case, it appears to the operating system that the NIC is performing IPv6 offload. However, the interrupt handler would have to parse the received packet and would have to check for error conditions and guard against bad information in the IP header fields in a manner at least as good as the hardware. Such a software implementation must be very robust or it could crash the computer.