From cde179b7241e2ae8c80b7d3295102804420edf85 Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Tue, 28 Jan 2020 20:54:33 +1100 Subject: [PATCH 1/2] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier --- .../next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst | 1 + PC/getpathp.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst new file mode 100644 index 00000000000000..78274acfcb7438 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst @@ -0,0 +1 @@ +Avoid unsafe DLL load at startup on Windows 7 and earlier. diff --git a/PC/getpathp.c b/PC/getpathp.c index 04f24d986f667c..3747ffb2d89f09 100644 --- a/PC/getpathp.c +++ b/PC/getpathp.c @@ -251,7 +251,8 @@ static void join(wchar_t *buffer, const wchar_t *stuff) { if (_PathCchCombineEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx"); } @@ -287,7 +288,8 @@ canonicalize(wchar_t *buffer, const wchar_t *path) } if (_PathCchCanonicalizeEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx"); } From 0fc3264418ab1912a62777a983f12c7f85e3f5db Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Thu, 30 Jan 2020 16:51:20 +1100 Subject: [PATCH 2/2] Update 2020-01-28-20-54-09.bpo-39401.he7h_A.rst --- .../next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst index 78274acfcb7438..5071e126b70d02 100644 --- a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst +++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst @@ -1 +1 @@ -Avoid unsafe DLL load at startup on Windows 7 and earlier. +Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7.