organicmaps/libexpat
13
Fork 0
mirror of https://github.com/libexpat/libexpat.git synced 2025-04-05 13:14:59 +00:00
Code Issues 1 Projects Releases Wiki Activity Actions 1

xmlparse.c: Use Curl_load_library

Browse source
This commit is contained in:
Sebastian Pipping 2017-07-26 14:49:18 +02:00
parent 931697b9b8
commit 6ea9606489
2 changed files with 4 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
expat/Changes
View file

@ -5,7 +5,8 @@ NOTE: We are looking for help with a few things:
Release 2.2.? ????????????????
Security fixes:
#81 Pre-10.7/Lion macOS: Support entropy from arc4random
#82 Windows: Fix DLL hijacking vulnerability
#82 Windows: Fix DLL hijacking vulnerability using
Steve Holme's LoadLibrary wrapper for/of cURL
Bug fixes:
#85 Fix a dangling pointer issue related to realloc

9
expat/lib/xmlparse.c
View file

@ -804,6 +804,7 @@ writeRandomBytes_arc4random(void * target, size_t count) {
#ifdef _WIN32
typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
HMODULE Curl_load_library(LPCTSTR filename); /* see loadlibrary.c */
/* Obtain entropy on Windows XP / Windows Server 2003 and later.
* Hint on RtlGenRandom and the following article from libsodium.
@ -814,13 +815,7 @@ typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
static int
writeRandomBytes_RtlGenRandom(void * target, size_t count) {
int success = 0; /* full count bytes written? */
const LPCTSTR file_name = TEXT("ADVAPI32.DLL");
HMODULE advapi32 = LoadLibraryEx(file_name, 0, LOAD_LIBRARY_SEARCH_SYSTEM32);
if (! advapi32) {
/* Try again without LOAD_LIBRARY_SEARCH_SYSTEM32 if unsupported */
advapi32 = LoadLibraryEx(file_name, 0, 0);
}
const HMODULE advapi32 = Curl_load_library(TEXT("ADVAPI32.DLL"));
if (advapi32) {
const RTLGENRANDOM_FUNC RtlGenRandom