Create, and use for all loads of system DLLs, a wrapper function

[u/mdw/putty] / windows / winmisc.c

diff --git a/windows/winmisc.c b/windows/winmisc.c
index c7ac835..d05a07a 100644 (file)
--- a/windows/winmisc.c
+++ b/windows/winmisc.c
@@ -49,7 +49,7 @@ char *get_username(void)
        static int tried_usernameex = FALSE;
        if (!tried_usernameex) {
            /* Not available on Win9x, so load dynamically */
-           HMODULE secur32 = LoadLibrary("SECUR32.DLL");
+           HMODULE secur32 = load_system32_dll("secur32.dll");
            GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
            tried_usernameex = TRUE;
        }
@@ -105,6 +105,33 @@ BOOL init_winver(void)
     return GetVersionEx ( (OSVERSIONINFO *) &osVersion);
 }
 
+HMODULE load_system32_dll(const char *libname)
+{
+    /*
+     * Wrapper function to load a DLL out of c:\windows\system32
+     * without going through the full DLL search path. (Hence no
+     * attack is possible by placing a substitute DLL earlier on that
+     * path.)
+     */
+    static char *sysdir = NULL;
+    char *fullpath;
+    HMODULE ret;
+
+    if (!sysdir) {
+       int size = 0, len;
+       do {
+           size = 3*size/2 + 512;
+           sysdir = sresize(sysdir, size, char);
+           len = GetSystemDirectory(sysdir, size);
+       } while (len >= size);
+    }
+
+    fullpath = dupcat(sysdir, "\\", libname, NULL);
+    ret = LoadLibrary(fullpath);
+    sfree(fullpath);
+    return ret;
+}
+
 #ifdef DEBUG
 static FILE *debug_fp = NULL;
 static HANDLE debug_hdl = INVALID_HANDLE_VALUE;