From cde179b7241e2ae8c80b7d3295102804420edf85 Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Tue, 28 Jan 2020 20:54:33 +1100 Subject: [PATCH 1/2] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier --- .../next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst | 1 + PC/getpathp.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst new file mode 100644 index 00000000000000..78274acfcb7438 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst @@ -0,0 +1 @@ +Avoid unsafe DLL load at startup on Windows 7 and earlier. diff --git a/PC/getpathp.c b/PC/getpathp.c index 04f24d986f667c..3747ffb2d89f09 100644 --- a/PC/getpathp.c +++ b/PC/getpathp.c @@ -251,7 +251,8 @@ static void join(wchar_t *buffer, const wchar_t *stuff) { if (_PathCchCombineEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx"); } @@ -287,7 +288,8 @@ canonicalize(wchar_t *buffer, const wchar_t *path) } if (_PathCchCanonicalizeEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx"); } From 0fc3264418ab1912a62777a983f12c7f85e3f5db Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Thu, 30 Jan 2020 16:51:20 +1100 Subject: [PATCH 2/2] Update 2020-01-28-20-54-09.bpo-39401.he7h_A.rst --- .../next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst index 78274acfcb7438..5071e126b70d02 100644 --- a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst +++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst @@ -1 +1 @@ -Avoid unsafe DLL load at startup on Windows 7 and earlier. +Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7. pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy