From 8473e9ef561295fd10dd9526010c1fd1cb1e6701 Mon Sep 17 00:00:00 2001 From: Pete Batard Date: Tue, 9 Feb 2016 12:38:09 +0000 Subject: [PATCH] [misc] disable loading of DLLs from current directory * This is done to prevent potential DLL sideloading attacks --- src/rufus.c | 3 +++ src/rufus.rc | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/src/rufus.c b/src/rufus.c index d7502392..2ecf99be 100644 --- a/src/rufus.c +++ b/src/rufus.c @@ -2828,6 +2828,9 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine {0, 0, NULL, 0} }; + // Disable loading system DLLs from the current directory (sideloading mitigation) + SetDllDirectoryA(""); + uprintf("*** " APPLICATION_NAME " init ***\n"); // Reattach the console, if we were started from commandline diff --git a/src/rufus.rc b/src/rufus.rc index ef9b2a10..1aebff79 100644 --- a/src/rufus.rc +++ b/src/rufus.rc @@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL IDD_DIALOG DIALOGEX 12, 12, 242, 376 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU EXSTYLE WS_EX_ACCEPTFILES -CAPTION "Rufus 2.7.852" +CAPTION "Rufus 2.7.853" FONT 8, "Segoe UI Symbol", 400, 0, 0x0 BEGIN LTEXT "Device",IDS_DEVICE_TXT,9,6,200,8 @@ -320,8 +320,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 2,7,852,0 - PRODUCTVERSION 2,7,852,0 + FILEVERSION 2,7,853,0 + PRODUCTVERSION 2,7,853,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -338,13 +338,13 @@ BEGIN BEGIN VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)" VALUE "FileDescription", "Rufus" - VALUE "FileVersion", "2.7.852" + VALUE "FileVersion", "2.7.853" VALUE "InternalName", "Rufus" VALUE "LegalCopyright", "© 2011-2016 Pete Batard (GPL v3)" VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html" VALUE "OriginalFilename", "rufus.exe" VALUE "ProductName", "Rufus" - VALUE "ProductVersion", "2.7.852" + VALUE "ProductVersion", "2.7.853" END END BLOCK "VarFileInfo"