From 2a3e82fa96dc69ef43cabd4e9efd75379ef0f7bd Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Fri, 9 Apr 2021 11:31:52 +0100 Subject: [PATCH] [misc] switch to using LoadLibraryEx everywhere * This allows us to further mitigate DLL side loading by enforcing LOAD_LIBRARY_SEARCH_SYSTEM32 / LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR. --- res/appstore/Package.appxmanifest | 2 +- src/dos.c | 2 +- src/msapi_utf8.h | 12 ++++++++++++ src/rufus.c | 3 ++- src/rufus.h | 2 +- src/rufus.rc | 10 +++++----- src/stdlg.c | 4 ++-- src/syslinux/win/ntfssect.c | 2 +- 8 files changed, 25 insertions(+), 12 deletions(-) diff --git a/res/appstore/Package.appxmanifest b/res/appstore/Package.appxmanifest index 3f66dc9d..87af06ee 100644 --- a/res/appstore/Package.appxmanifest +++ b/res/appstore/Package.appxmanifest @@ -11,7 +11,7 @@ + Version="3.14.1769.0" /> Rufus diff --git a/src/dos.c b/src/dos.c index afa47877..55042cde 100644 --- a/src/dos.c +++ b/src/dos.c @@ -311,7 +311,7 @@ static BOOL ExtractMSDOS(const char* path) goto out; } static_strcat(dllname, "\\diskcopy.dll"); - hDLL = LoadLibraryA(dllname); + hDLL = LoadLibraryExA(dllname, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); if (hDLL == NULL) { uprintf("Unable to open %s: %s\n", dllname, WindowsErrorString()); goto out; diff --git a/src/msapi_utf8.h b/src/msapi_utf8.h index 7f508833..e766d914 100644 --- a/src/msapi_utf8.h +++ b/src/msapi_utf8.h @@ -317,6 +317,18 @@ static __inline HMODULE LoadLibraryU(LPCSTR lpFileName) return ret; } +static __inline HMODULE LoadLibraryExU(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags) +{ + HMODULE ret; + DWORD err = ERROR_INVALID_DATA; + wconvert(lpFileName); + ret = LoadLibraryExW(wlpFileName, hFile, dwFlags); + err = GetLastError(); + wfree(lpFileName); + SetLastError(err); + return ret; +} + static __inline int DrawTextU(HDC hDC, LPCSTR lpText, int nCount, LPRECT lpRect, UINT uFormat) { int ret; diff --git a/src/rufus.c b/src/rufus.c index 707be8f3..3fcf87fe 100755 --- a/src/rufus.c +++ b/src/rufus.c @@ -3148,7 +3148,8 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine // nail... Also, no, Coverity, we never need to care about freeing kernel32 as a library. // coverity[leaked_storage] pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t) - GetProcAddress(LoadLibraryW(kernel32_path), "SetDefaultDllDirectories"); + GetProcAddress(LoadLibraryExW(kernel32_path, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32), + "SetDefaultDllDirectories"); if (pfSetDefaultDllDirectories != NULL) pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32); diff --git a/src/rufus.h b/src/rufus.h index 7b242744..becf8c96 100644 --- a/src/rufus.h +++ b/src/rufus.h @@ -658,7 +658,7 @@ static __inline HMODULE GetLibraryHandle(char* szLibraryName) { if (OpenedLibrariesHandleSize >= MAX_LIBRARY_HANDLES) { uprintf("Error: MAX_LIBRARY_HANDLES is too small\n"); } else { - h = LoadLibraryA(szLibraryName); + h = LoadLibraryExA(szLibraryName, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); if (h != NULL) OpenedLibrariesHandle[OpenedLibrariesHandleSize++] = h; } diff --git a/src/rufus.rc b/src/rufus.rc index 64ac7174..28002ebb 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 232, 326 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 3.14.1768" +CAPTION "Rufus 3.14.1769" FONT 9, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP @@ -395,8 +395,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 3,14,1768,0 - PRODUCTVERSION 3,14,1768,0 + FILEVERSION 3,14,1769,0 + PRODUCTVERSION 3,14,1769,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -414,13 +414,13 @@ BEGIN VALUE "Comments", "https://rufus.ie" VALUE "CompanyName", "Akeo Consulting" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "3.14.1768" + VALUE "FileVersion", "3.14.1769" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2021 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html" VALUE "OriginalFilename", "rufus-3.14.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "3.14.1768" + VALUE "ProductVersion", "3.14.1769" END END BLOCK "VarFileInfo" diff --git a/src/stdlg.c b/src/stdlg.c index 0a589154..5fe5c4fc 100644 --- a/src/stdlg.c +++ b/src/stdlg.c @@ -2047,7 +2047,7 @@ void SetAlertPromptMessages(void) // Fetch the localized strings in the relevant MUI // Must use sysnative_dir rather than system_dir as we may not find the MUI's otherwise static_sprintf(mui_path, "%s\\%s\\shell32.dll.mui", sysnative_dir, GetCurrentMUI()); - mui_lib = LoadLibraryU(mui_path); + mui_lib = LoadLibraryExU(mui_path, NULL, LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR); if (mui_lib != NULL) { // 4097 = "You need to format the disk in drive %c: before you can use it." (dialog text) // 4125 = "Microsoft Windows" (dialog title) @@ -2063,7 +2063,7 @@ void SetAlertPromptMessages(void) FreeLibrary(mui_lib); } static_sprintf(mui_path, "%s\\%s\\urlmon.dll.mui", sysnative_dir, GetCurrentMUI()); - mui_lib = LoadLibraryU(mui_path); + mui_lib = LoadLibraryExU(mui_path, NULL, LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR); if (mui_lib != NULL) { // 2070 = "Windows Security Warning" (yes, that's what MS uses for a stupid cookie!) if (LoadStringU(mui_lib, 2070, title_str[1], sizeof(title_str[1])) <= 0) { diff --git a/src/syslinux/win/ntfssect.c b/src/syslinux/win/ntfssect.c index d0e1954b..15d2709c 100644 --- a/src/syslinux/win/ntfssect.c +++ b/src/syslinux/win/ntfssect.c @@ -307,7 +307,7 @@ DWORD M_NTFSSECT_API NtfsSectLoadXpFuncs(S_NTFSSECT_XPFUNCS * XpFuncs) { XpFuncs->Size = sizeof *XpFuncs; - XpFuncs->Kernel32 = LoadLibraryA("kernel32.dll"); + XpFuncs->Kernel32 = LoadLibraryExA("kernel32.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); rc = GetLastError(); if (!XpFuncs->Kernel32) { M_ERR("KERNEL32.DLL not found!");