diff options
author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-07-26 00:49:19 +0200 |
---|---|---|
committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2016-07-26 00:53:18 +0200 |
commit | a7f1ba05b4917cd22319cba1b5fd0adc3bd69c31 (patch) | |
tree | b0704651b258e1fec6c2ae294650845d9e15186c /src/Common/Dlgcode.c | |
parent | 3aaf5c70453d2bc4b2f1efe224e0adf0ff8a0ec2 (diff) | |
download | VeraCrypt-a7f1ba05b4917cd22319cba1b5fd0adc3bd69c31.tar.gz VeraCrypt-a7f1ba05b4917cd22319cba1b5fd0adc3bd69c31.zip |
Windows: Enhance protection against dll hijacking attacks following new report by Stefan Kanthak.
Diffstat (limited to 'src/Common/Dlgcode.c')
-rw-r--r-- | src/Common/Dlgcode.c | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/src/Common/Dlgcode.c b/src/Common/Dlgcode.c index d13a2eff..76e71ac8 100644 --- a/src/Common/Dlgcode.c +++ b/src/Common/Dlgcode.c @@ -239,6 +239,18 @@ HMODULE hwinscarddll = NULL; #define FREE_DLL(h) if (h) { FreeLibrary (h); h = NULL;} +#ifndef BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE +#define BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE 0x00000001 +#endif + +#ifndef BASE_SEARCH_PATH_PERMANENT +#define BASE_SEARCH_PATH_PERMANENT 0x00008000 +#endif + +typedef BOOL (WINAPI *SetDllDirectoryPtr)(LPCWSTR lpPathName); +typedef BOOL (WINAPI *SetSearchPathModePtr)(DWORD Flags); + + typedef void (WINAPI *InitCommonControlsPtr)(void); typedef HIMAGELIST (WINAPI *ImageList_CreatePtr)(int cx, int cy, UINT flags, int cInitial, int cGrow); typedef int (WINAPI *ImageList_AddPtr)(HIMAGELIST himl, HBITMAP hbmImage, HBITMAP hbmMask); @@ -255,6 +267,9 @@ typedef HRESULT (STDAPICALLTYPE *SHStrDupWPtr)(LPCWSTR psz, LPWSTR *ppwsz); // ChangeWindowMessageFilter typedef BOOL (WINAPI *ChangeWindowMessageFilterPtr) (UINT, DWORD); +SetDllDirectoryPtr SetDllDirectoryFn = NULL; +SetSearchPathModePtr SetSearchPathModeFn = NULL; + ImageList_CreatePtr ImageList_CreateFn = NULL; ImageList_AddPtr ImageList_AddFn = NULL; @@ -2547,6 +2562,15 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) char langId[6]; InitCommonControlsPtr InitCommonControlsFn = NULL; + /* remove current directory from dll search path */ + SetDllDirectoryFn = (SetDllDirectoryPtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetDllDirectoryW"); + SetSearchPathModeFn = (SetSearchPathModePtr) GetProcAddress (GetModuleHandle(L"kernel32.dll"), "SetSearchPathMode"); + + if (SetDllDirectoryFn) + SetDllDirectoryFn (L""); + if (SetSearchPathModeFn) + SetSearchPathModeFn (BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE | BASE_SEARCH_PATH_PERMANENT); + InitOSVersionInfo(); VirtualLock (&CmdTokenPin, sizeof (CmdTokenPin)); @@ -2597,9 +2621,10 @@ void InitApp (HINSTANCE hInstance, wchar_t *lpszCommandLine) if (IsOSAtLeast (WIN_VISTA)) { - LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS); - LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS); + LoadSystemDll (L"atl.dll", &hsppdll, TRUE, SRC_POS); LoadSystemDll (L"vsstrace.dll", &hvsstracedll, TRUE, SRC_POS); + LoadSystemDll (L"vssapi.dll", &vssapidll, TRUE, SRC_POS); + LoadSystemDll (L"spp.dll", &hsppdll, TRUE, SRC_POS); if (IsOSAtLeast (WIN_7)) { |