diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt
index 398b5550..568e4bd4 100644
--- a/expat/CMakeLists.txt
+++ b/expat/CMakeLists.txt
@@ -54,6 +54,7 @@ if(WIN32)
endif(WIN32)
set(expat_SRCS
+ lib/loadlibrary.c
lib/xmlparse.c
lib/xmlrole.c
lib/xmltok.c
diff --git a/expat/Changes b/expat/Changes
index 1715e780..24ce1530 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -5,7 +5,8 @@ NOTE: We are looking for help with a few things:
Release 2.2.? ????????????????
Security fixes:
#81 Pre-10.7/Lion macOS: Support entropy from arc4random
- #82 Windows: Fix DLL hijacking vulnerability
+ #82 Windows: Fix DLL hijacking vulnerability using
+ Steve Holme's LoadLibrary wrapper for/of cURL
Bug fixes:
#85 Fix a dangling pointer issue related to realloc
diff --git a/expat/MANIFEST b/expat/MANIFEST
index c8479ed0..c90dadc0 100644
--- a/expat/MANIFEST
+++ b/expat/MANIFEST
@@ -45,6 +45,7 @@ lib/internal.h
lib/latin1tab.h
lib/libexpat.def
lib/libexpatw.def
+lib/loadlibrary.c
lib/nametab.h
lib/siphash.h
lib/utf8tab.h
diff --git a/expat/Makefile.in b/expat/Makefile.in
index 76f77b17..3e98d242 100644
--- a/expat/Makefile.in
+++ b/expat/Makefile.in
@@ -128,7 +128,7 @@ LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG)
LINK_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) $(LDFLAGS) -o $@
LINK_CXX_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(CXXCOMPILE) $(LDFLAGS) -o $@
-LIB_OBJS = lib/xmlparse.lo lib/xmltok.lo lib/xmlrole.lo
+LIB_OBJS = lib/loadlibrary.lo lib/xmlparse.lo lib/xmltok.lo lib/xmlrole.lo
$(LIBRARY): $(LIB_OBJS)
$(LINK_LIB) $(LIB_OBJS)
@@ -138,6 +138,8 @@ expat.pc: $(top_builddir)/config.status
lib/xmlparse.lo: lib/xmlparse.c lib/expat.h lib/siphash.h lib/xmlrole.h lib/xmltok.h \
$(top_builddir)/expat_config.h lib/expat_external.h lib/internal.h
+lib/loadlibrary.lo: lib/loadlibrary.c
+
lib/xmlrole.lo: lib/xmlrole.c lib/ascii.h lib/xmlrole.h \
$(top_builddir)/expat_config.h lib/expat_external.h lib/internal.h
diff --git a/expat/lib/expat.vcxproj b/expat/lib/expat.vcxproj
index 1673e676..7270b874 100644
--- a/expat/lib/expat.vcxproj
+++ b/expat/lib/expat.vcxproj
@@ -147,6 +147,7 @@
+
diff --git a/expat/lib/expat.vcxproj.filters b/expat/lib/expat.vcxproj.filters
index 34aea26d..61c52b58 100644
--- a/expat/lib/expat.vcxproj.filters
+++ b/expat/lib/expat.vcxproj.filters
@@ -15,6 +15,9 @@
+
+ Source Files
+
Source Files
diff --git a/expat/lib/expat_static.vcxproj b/expat/lib/expat_static.vcxproj
index 77c0ece9..512e4c98 100644
--- a/expat/lib/expat_static.vcxproj
+++ b/expat/lib/expat_static.vcxproj
@@ -120,6 +120,7 @@
+
diff --git a/expat/lib/expat_static.vcxproj.filters b/expat/lib/expat_static.vcxproj.filters
index e6d9d80f..a2fe03e6 100644
--- a/expat/lib/expat_static.vcxproj.filters
+++ b/expat/lib/expat_static.vcxproj.filters
@@ -11,6 +11,9 @@
+
+ Source Files
+
Source Files
diff --git a/expat/lib/expatw.vcxproj b/expat/lib/expatw.vcxproj
index cf54fd2a..d42944db 100644
--- a/expat/lib/expatw.vcxproj
+++ b/expat/lib/expatw.vcxproj
@@ -147,6 +147,7 @@
+
diff --git a/expat/lib/expatw.vcxproj.filters b/expat/lib/expatw.vcxproj.filters
index dc6e9685..fb3909c9 100644
--- a/expat/lib/expatw.vcxproj.filters
+++ b/expat/lib/expatw.vcxproj.filters
@@ -15,6 +15,9 @@
+
+ Source Files
+
Source Files
diff --git a/expat/lib/expatw_static.vcxproj b/expat/lib/expatw_static.vcxproj
index 99a45e47..e7a21161 100644
--- a/expat/lib/expatw_static.vcxproj
+++ b/expat/lib/expatw_static.vcxproj
@@ -120,6 +120,7 @@
+
diff --git a/expat/lib/expatw_static.vcxproj.filters b/expat/lib/expatw_static.vcxproj.filters
index 83a7c08c..724d9f8c 100644
--- a/expat/lib/expatw_static.vcxproj.filters
+++ b/expat/lib/expatw_static.vcxproj.filters
@@ -11,6 +11,9 @@
+
+ Source Files
+
Source Files
diff --git a/expat/lib/loadlibrary.c b/expat/lib/loadlibrary.c
new file mode 100644
index 00000000..31b7f312
--- /dev/null
+++ b/expat/lib/loadlibrary.c
@@ -0,0 +1,135 @@
+/***************************************************************************
+ * _ _ ____ _
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+ * Copyright (C) 2016 - 2017, Steve Holme, .
+ *
+ * All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF
+ * THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
+ * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH
+ * THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * Except as contained in this notice, the name of a copyright holder shall
+ * not be used in advertising or otherwise to promote the sale, use or other
+ * dealings in this Software without prior written authorization of the
+ * copyright holder.
+ *
+ ***************************************************************************/
+
+#if defined(_WIN32)
+
+#include
+#include
+
+
+HMODULE _Expat_LoadLibrary(LPCTSTR filename);
+
+
+#if !defined(LOAD_WITH_ALTERED_SEARCH_PATH)
+#define LOAD_WITH_ALTERED_SEARCH_PATH 0x00000008
+#endif
+
+#if !defined(LOAD_LIBRARY_SEARCH_SYSTEM32)
+#define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800
+#endif
+
+/* We use our own typedef here since some headers might lack these */
+typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD);
+
+/* See function definitions in winbase.h */
+#ifdef UNICODE
+# ifdef _WIN32_WCE
+# define LOADLIBARYEX L"LoadLibraryExW"
+# else
+# define LOADLIBARYEX "LoadLibraryExW"
+# endif
+#else
+# define LOADLIBARYEX "LoadLibraryExA"
+#endif
+
+
+/*
+ * _Expat_LoadLibrary()
+ *
+ * This is used to dynamically load DLLs using the most secure method available
+ * for the version of Windows that we are running on.
+ *
+ * Parameters:
+ *
+ * filename [in] - The filename or full path of the DLL to load. If only the
+ * filename is passed then the DLL will be loaded from the
+ * Windows system directory.
+ *
+ * Returns the handle of the module on success; otherwise NULL.
+ */
+HMODULE _Expat_LoadLibrary(LPCTSTR filename)
+{
+ HMODULE hModule = NULL;
+ LOADLIBRARYEX_FN pLoadLibraryEx = NULL;
+
+ /* Get a handle to kernel32 so we can access it's functions at runtime */
+ HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32"));
+ if(!hKernel32)
+ return NULL;
+
+ /* Attempt to find LoadLibraryEx() which is only available on Windows 2000
+ and above */
+ pLoadLibraryEx = (LOADLIBRARYEX_FN) GetProcAddress(hKernel32, LOADLIBARYEX);
+
+ /* Detect if there's already a path in the filename and load the library if
+ there is. Note: Both back slashes and forward slashes have been supported
+ since the earlier days of DOS at an API level although they are not
+ supported by command prompt */
+ if(_tcspbrk(filename, TEXT("\\/"))) {
+ /** !checksrc! disable BANNEDFUNC 1 **/
+ hModule = pLoadLibraryEx ?
+ pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
+ LoadLibrary(filename);
+ }
+ /* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
+ supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
+ Server 2008 R2 with this patch or natively on Windows 8 and above */
+ else if(pLoadLibraryEx && GetProcAddress(hKernel32, "AddDllDirectory")) {
+ /* Load the DLL from the Windows system directory */
+ hModule = pLoadLibraryEx(filename, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
+ }
+ else {
+ /* Attempt to get the Windows system path */
+ UINT systemdirlen = GetSystemDirectory(NULL, 0);
+ if(systemdirlen) {
+ /* Allocate space for the full DLL path (Room for the null terminator
+ is included in systemdirlen) */
+ size_t filenamelen = _tcslen(filename);
+ TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen));
+ if(path && GetSystemDirectory(path, systemdirlen)) {
+ /* Calculate the full DLL path */
+ _tcscpy(path + _tcslen(path), TEXT("\\"));
+ _tcscpy(path + _tcslen(path), filename);
+
+ /* Load the DLL from the Windows system directory */
+ /** !checksrc! disable BANNEDFUNC 1 **/
+ hModule = pLoadLibraryEx ?
+ pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
+ LoadLibrary(path);
+
+ }
+ free(path);
+ }
+ }
+
+ return hModule;
+}
+
+#endif /* defined(_WIN32) */
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 076a0bf7..e948cbdf 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -841,6 +841,7 @@ writeRandomBytes_arc4random(void * target, size_t count) {
#ifdef _WIN32
typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
+HMODULE _Expat_LoadLibrary(LPCTSTR filename); /* see loadlibrary.c */
/* Obtain entropy on Windows XP / Windows Server 2003 and later.
* Hint on RtlGenRandom and the following article from libsodium.
@@ -851,13 +852,7 @@ typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
static int
writeRandomBytes_RtlGenRandom(void * target, size_t count) {
int success = 0; /* full count bytes written? */
- const LPCTSTR file_name = TEXT("ADVAPI32.DLL");
- HMODULE advapi32 = LoadLibraryEx(file_name, 0, LOAD_LIBRARY_SEARCH_SYSTEM32);
-
- if (! advapi32) {
- /* Try again without LOAD_LIBRARY_SEARCH_SYSTEM32 if unsupported */
- advapi32 = LoadLibraryEx(file_name, 0, 0);
- }
+ const HMODULE advapi32 = _Expat_LoadLibrary(TEXT("ADVAPI32.DLL"));
if (advapi32) {
const RTLGENRANDOM_FUNC RtlGenRandom