diff options
| author | Tor Lillqvist <tml@iki.fi> | 2010-09-02 21:56:02 +0300 |
|---|---|---|
| committer | Tor Lillqvist <tml@iki.fi> | 2010-09-02 22:36:47 +0300 |
| commit | 6ddef375c8eb41da3160ac6984f707a19f1da63b (patch) | |
| tree | 379ed3ed6728927532169e300eb886b52eb3805c /gmodule | |
| parent | 54c51c73c60008868f6718a23b4b00a5db61c167 (diff) | |
Recuce DLL hijack risk on Windows
Don't call LoadLibrary() on shell32.dll or kernel32.dll. kernel32.dll
is always loaded. Shell32.dll is also already loaded as glib links to
functions in it. So just call GetModuleHandle() on them.
For mlang.dll in win_iconv.c and winhttp.dll in gwinhttpvfs.c, always
try loading them from a complete path, from the Windows system
directory.
Use the "tool help" API to enumerate modules in gmodule-win32.c. It is
present in all Windows versions since Windows 2000, which is all we
support anyway. Thus no need to look that API up dynamically. Just
link to it normally. We can bin the fallback code that attempts to use
the psapi API.
Diffstat (limited to 'gmodule')
| -rw-r--r-- | gmodule/gmodule-win32.c | 82 |
1 files changed, 4 insertions, 78 deletions
diff --git a/gmodule/gmodule-win32.c b/gmodule/gmodule-win32.c index 98d3fb9c6..439fb5d0f 100644 --- a/gmodule/gmodule-win32.c +++ b/gmodule/gmodule-win32.c @@ -110,45 +110,22 @@ _g_module_close (gpointer handle, static gpointer find_in_any_module_using_toolhelp (const gchar *symbol_name) { - typedef HANDLE (WINAPI *PFNCREATETOOLHELP32SNAPSHOT)(DWORD, DWORD); - static PFNCREATETOOLHELP32SNAPSHOT pfnCreateToolhelp32Snapshot = NULL; - - typedef BOOL (WINAPI *PFNMODULE32FIRST)(HANDLE, MODULEENTRY32*); - static PFNMODULE32FIRST pfnModule32First= NULL; - - typedef BOOL (WINAPI *PFNMODULE32NEXT)(HANDLE, MODULEENTRY32*); - static PFNMODULE32NEXT pfnModule32Next = NULL; - - static HMODULE kernel32; - HANDLE snapshot; MODULEENTRY32 me32; gpointer p; - if (!pfnCreateToolhelp32Snapshot || !pfnModule32First || !pfnModule32Next) - { - if (!kernel32) - if (!(kernel32 = GetModuleHandle ("kernel32.dll"))) - return NULL; - - if (!(pfnCreateToolhelp32Snapshot = (PFNCREATETOOLHELP32SNAPSHOT) GetProcAddress (kernel32, "CreateToolhelp32Snapshot")) - || !(pfnModule32First = (PFNMODULE32FIRST) GetProcAddress (kernel32, "Module32First")) - || !(pfnModule32Next = (PFNMODULE32NEXT) GetProcAddress (kernel32, "Module32Next"))) - return NULL; - } - - if ((snapshot = (*pfnCreateToolhelp32Snapshot) (TH32CS_SNAPMODULE, 0)) == (HANDLE) -1) + if ((snapshot = CreateToolhelp32Snapshot (TH32CS_SNAPMODULE, 0)) == (HANDLE) -1) return NULL; me32.dwSize = sizeof (me32); p = NULL; - if ((*pfnModule32First) (snapshot, &me32)) + if (Module32First (snapshot, &me32)) { do { if ((p = GetProcAddress (me32.hModule, symbol_name)) != NULL) break; - } while ((*pfnModule32Next) (snapshot, &me32)); + } while (Module32Next (snapshot, &me32)); } CloseHandle (snapshot); @@ -157,62 +134,11 @@ find_in_any_module_using_toolhelp (const gchar *symbol_name) } static gpointer -find_in_any_module_using_psapi (const gchar *symbol_name) -{ - static HMODULE psapi = NULL; - - typedef BOOL (WINAPI *PFNENUMPROCESSMODULES) (HANDLE, HMODULE *, DWORD, LPDWORD) ; - static PFNENUMPROCESSMODULES pfnEnumProcessModules = NULL; - - HMODULE *modules; - HMODULE dummy; - gint i, size; - DWORD needed; - - gpointer p; - - if (!pfnEnumProcessModules) - { - if (!psapi) - if ((psapi = LoadLibrary ("psapi.dll")) == NULL) - return NULL; - - if (!(pfnEnumProcessModules = (PFNENUMPROCESSMODULES) GetProcAddress (psapi, "EnumProcessModules"))) - return NULL; - } - - if (!(*pfnEnumProcessModules) (GetCurrentProcess (), &dummy, - sizeof (HMODULE), &needed)) - return NULL; - - size = needed + 10 * sizeof (HMODULE); - modules = g_malloc (size); - - if (!(*pfnEnumProcessModules) (GetCurrentProcess (), modules, - size, &needed) - || needed > size) - { - g_free (modules); - return NULL; - } - - p = NULL; - for (i = 0; i < needed / sizeof (HMODULE); i++) - if ((p = GetProcAddress (modules[i], symbol_name)) != NULL) - break; - - g_free (modules); - - return p; -} - -static gpointer find_in_any_module (const gchar *symbol_name) { gpointer result; - if ((result = find_in_any_module_using_toolhelp (symbol_name)) == NULL - && (result = find_in_any_module_using_psapi (symbol_name)) == NULL) + if ((result = find_in_any_module_using_toolhelp (symbol_name)) == NULL) return NULL; else return result; |