called load_system32_dll() which constructs a full pathname for the
DLL using GetSystemDirectory.
The only DLL load not covered by this change is the one for
gssapi32.dll, because that one's not in the system32 directory.
git-svn-id: svn://svn.tartarus.org/sgt/putty@8993
cda61777-01e9-0310-a592-
d414129be87e
static void init_flashwindow(void)
{
- HMODULE user32_module = LoadLibrary("USER32.DLL");
+ HMODULE user32_module = load_system32_dll("user32.dll");
GET_WINDOWS_FUNCTION(user32_module, FlashWindowEx);
}
}
/* Microsoft SSPI Implementation */
- module = LoadLibrary("secur32.dll");
+ module = load_system32_dll("secur32.dll");
if (module) {
struct ssh_gss_library *lib =
&ssh_gss_libraries[n_ssh_gss_libraries++];
} else
chm_path = NULL;
if (chm_path) {
- HINSTANCE dllHH = LoadLibrary("hhctrl.ocx");
+ HINSTANCE dllHH = load_system32_dll("hhctrl.ocx");
GET_WINDOWS_FUNCTION(dllHH, HtmlHelpA);
if (!p_HtmlHelpA) {
chm_path = NULL;
static int tried_usernameex = FALSE;
if (!tried_usernameex) {
/* Not available on Win9x, so load dynamically */
- HMODULE secur32 = LoadLibrary("SECUR32.DLL");
+ HMODULE secur32 = load_system32_dll("secur32.dll");
GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
tried_usernameex = TRUE;
}
return GetVersionEx ( (OSVERSIONINFO *) &osVersion);
}
+HMODULE load_system32_dll(const char *libname)
+{
+ /*
+ * Wrapper function to load a DLL out of c:\windows\system32
+ * without going through the full DLL search path. (Hence no
+ * attack is possible by placing a substitute DLL earlier on that
+ * path.)
+ */
+ static char *sysdir = NULL;
+ char *fullpath;
+ HMODULE ret;
+
+ if (!sysdir) {
+ int size = 0, len;
+ do {
+ size = 3*size/2 + 512;
+ sysdir = sresize(sysdir, size, char);
+ len = GetSystemDirectory(sysdir, size);
+ } while (len >= size);
+ }
+
+ fullpath = dupcat(sysdir, "\\", libname, NULL);
+ ret = LoadLibrary(fullpath);
+ sfree(fullpath);
+ return ret;
+}
+
#ifdef DEBUG
static FILE *debug_fp = NULL;
static HANDLE debug_hdl = INVALID_HANDLE_VALUE;
#ifndef NO_IPV6
winsock2_module =
#endif
- winsock_module = LoadLibrary("WS2_32.DLL");
+ winsock_module = load_system32_dll("ws2_32.dll");
if (!winsock_module) {
- winsock_module = LoadLibrary("WSOCK32.DLL");
+ winsock_module = load_system32_dll("wsock32.dll");
}
if (!winsock_module)
fatalbox("Unable to load any WinSock library");
GET_WINDOWS_FUNCTION(winsock_module, gai_strerror);
} else {
/* Fall back to wship6.dll for Windows 2000 */
- wship6_module = LoadLibrary("wship6.dll");
+ wship6_module = load_system32_dll("wship6.dll");
if (wship6_module) {
#ifdef NET_SETUP_DIAGNOSTICS
logevent(NULL, "WSH IPv6 support detected");
/*
* Attempt to get the security API we need.
*/
- advapi = LoadLibrary("ADVAPI32.DLL");
+ advapi = load_system32_dll("advapi32.dll");
GET_WINDOWS_FUNCTION(advapi, GetSecurityInfo);
if (!p_GetSecurityInfo) {
MessageBox(NULL,
* on older versions of Windows if we cared enough.
* However, the invocation below requires IE5+ anyway,
* so stuff that. */
- shell32_module = LoadLibrary("SHELL32.DLL");
+ shell32_module = load_system32_dll("shell32.dll");
GET_WINDOWS_FUNCTION(shell32_module, SHGetFolderPathA);
tried_shgetfolderpath = TRUE;
}
*/
extern OSVERSIONINFO osVersion;
BOOL init_winver(void);
+HMODULE load_system32_dll(const char *libname);
/*
* Exports from sizetip.c.