return got_username ? user : NULL;
}
+void dll_hijacking_protection(void)
+{
+ /*
+ * If the OS provides it, call SetDefaultDllDirectories() to
+ * prevent DLLs from being loaded from the directory containing
+ * our own binary, and instead only load from system32.
+ *
+ * This is a protection against hijacking attacks, if someone runs
+ * PuTTY directly from their web browser's download directory
+ * having previously been enticed into clicking on an unwise link
+ * that downloaded a malicious DLL to the same directory under one
+ * of various magic names that seem to be things that standard
+ * Windows DLLs delegate to.
+ *
+ * It shouldn't break deliberate loading of user-provided DLLs
+ * such as GSSAPI providers, because those are specified by their
+ * full pathname by the user-provided configuration.
+ */
+ static HMODULE kernel32_module;
+ DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD));
+
+ if (!kernel32_module) {
+ kernel32_module = load_system32_dll("kernel32.dll");
+ GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories);
+ }
+
+ if (p_SetDefaultDllDirectories) {
+ /* LOAD_LIBRARY_SEARCH_SYSTEM32 | LOAD_LIBRARY_SEARCH_USER_DIRS only */
+ p_SetDefaultDllDirectories(0x800|0x400);
+ }
+}
+
+void dll_hijacking_protection_add_path(const wchar_t *path)
+{
+ static HMODULE kernel32_module;
+ DECL_WINDOWS_FUNCTION(static, BOOL, AddDllDirectory, (PCWSTR));
+
+ if (!kernel32_module) {
+ kernel32_module = load_system32_dll("kernel32.dll");
+ GET_WINDOWS_FUNCTION(kernel32_module, AddDllDirectory);
+ }
+
+ if (p_AddDllDirectory) {
+ p_AddDllDirectory(path);
+ }
+}
BOOL init_winver(void)
{
ZeroMemory(&osVersion, sizeof(osVersion));
projects / PuTTY.git / blobdiff