diff options
Diffstat (limited to 'windows/utils/dll_hijacking_protection.c')
-rw-r--r-- | windows/utils/dll_hijacking_protection.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/windows/utils/dll_hijacking_protection.c b/windows/utils/dll_hijacking_protection.c new file mode 100644 index 00000000..fe9ae59c --- /dev/null +++ b/windows/utils/dll_hijacking_protection.c @@ -0,0 +1,43 @@ +/* + * If the OS provides it, call SetDefaultDllDirectories() to prevent + * DLLs from being loaded from the directory containing our own + * binary, and instead only load from system32. + * + * This is a protection against hijacking attacks, if someone runs + * PuTTY directly from their web browser's download directory having + * previously been enticed into clicking on an unwise link that + * downloaded a malicious DLL to the same directory under one of + * various magic names that seem to be things that standard Windows + * DLLs delegate to. + * + * It shouldn't break deliberate loading of user-provided DLLs such as + * GSSAPI providers, because those are specified by their full + * pathname by the user-provided configuration. + */ + +#include "putty.h" + +void dll_hijacking_protection(void) +{ + static HMODULE kernel32_module; + DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD)); + + if (!kernel32_module) { + kernel32_module = load_system32_dll("kernel32.dll"); +#if !HAVE_SETDEFAULTDLLDIRECTORIES + /* For older Visual Studio, this function isn't available in + * the header files to type-check */ + GET_WINDOWS_FUNCTION_NO_TYPECHECK( + kernel32_module, SetDefaultDllDirectories); +#else + GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories); +#endif + } + + if (p_SetDefaultDllDirectories) { + /* LOAD_LIBRARY_SEARCH_SYSTEM32 and explicitly specified + * directories only */ + p_SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32 | + LOAD_LIBRARY_SEARCH_USER_DIRS); + } +} |