From d1751bb60ecb8e7e3301404bf55c54ac8dcf5bf2 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 14:00:57 +0200 Subject: [PATCH 1/6] Add unmodified system_win32.c of cURL as lib/loadlibrary.c Exact revision / source: https://github.com/curl/curl/raw/f7df67cff0a756eefc8daea36e6468df694a43d0/lib/system_win32.c --- expat/lib/loadlibrary.c | 329 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 329 insertions(+) create mode 100644 expat/lib/loadlibrary.c diff --git a/expat/lib/loadlibrary.c b/expat/lib/loadlibrary.c new file mode 100644 index 00000000..cfbbf327 --- /dev/null +++ b/expat/lib/loadlibrary.c @@ -0,0 +1,329 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 2016 - 2017, Steve Holme, . + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "curl_setup.h" + +#if defined(WIN32) + +#include +#include "system_win32.h" + +/* The last #include files should be: */ +#include "curl_memory.h" +#include "memdebug.h" + +#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ + defined(USE_WINSOCK)) + + +#if !defined(LOAD_WITH_ALTERED_SEARCH_PATH) +#define LOAD_WITH_ALTERED_SEARCH_PATH 0x00000008 +#endif + +#if !defined(LOAD_LIBRARY_SEARCH_SYSTEM32) +#define LOAD_LIBRARY_SEARCH_SYSTEM32 0x00000800 +#endif + +/* We use our own typedef here since some headers might lack these */ +typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); + +/* See function definitions in winbase.h */ +#ifdef UNICODE +# ifdef _WIN32_WCE +# define LOADLIBARYEX L"LoadLibraryExW" +# else +# define LOADLIBARYEX "LoadLibraryExW" +# endif +#else +# define LOADLIBARYEX "LoadLibraryExA" +#endif + +#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ + +/* + * Curl_verify_windows_version() + * + * This is used to verify if we are running on a specific windows version. + * + * Parameters: + * + * majorVersion [in] - The major version number. + * minorVersion [in] - The minor version number. + * platform [in] - The optional platform identifier. + * condition [in] - The test condition used to specifier whether we are + * checking a version less then, equal to or greater than + * what is specified in the major and minor version + * numbers. + * + * Returns TRUE if matched; otherwise FALSE. + */ +bool Curl_verify_windows_version(const unsigned int majorVersion, + const unsigned int minorVersion, + const PlatformIdentifier platform, + const VersionCondition condition) +{ + bool matched = FALSE; + +#if defined(CURL_WINDOWS_APP) + /* We have no way to determine the Windows version from Windows apps, + so let's assume we're running on the target Windows version. */ + const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); + const WORD targetVersion = (WORD)_WIN32_WINNT; + + switch(condition) { + case VERSION_LESS_THAN: + matched = targetVersion < fullVersion; + break; + + case VERSION_LESS_THAN_EQUAL: + matched = targetVersion <= fullVersion; + break; + + case VERSION_EQUAL: + matched = targetVersion == fullVersion; + break; + + case VERSION_GREATER_THAN_EQUAL: + matched = targetVersion >= fullVersion; + break; + + case VERSION_GREATER_THAN: + matched = targetVersion > fullVersion; + break; + } + + if(matched && (platform == PLATFORM_WINDOWS)) { + /* we're always running on PLATFORM_WINNT */ + matched = FALSE; + } +#elif !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \ + (_WIN32_WINNT < _WIN32_WINNT_WIN2K) + OSVERSIONINFO osver; + + memset(&osver, 0, sizeof(osver)); + osver.dwOSVersionInfoSize = sizeof(osver); + + /* Find out Windows version */ + if(GetVersionEx(&osver)) { + /* Verify the Operating System version number */ + switch(condition) { + case VERSION_LESS_THAN: + if(osver.dwMajorVersion < majorVersion || + (osver.dwMajorVersion == majorVersion && + osver.dwMinorVersion < minorVersion)) + matched = TRUE; + break; + + case VERSION_LESS_THAN_EQUAL: + if(osver.dwMajorVersion <= majorVersion && + osver.dwMinorVersion <= minorVersion) + matched = TRUE; + break; + + case VERSION_EQUAL: + if(osver.dwMajorVersion == majorVersion && + osver.dwMinorVersion == minorVersion) + matched = TRUE; + break; + + case VERSION_GREATER_THAN_EQUAL: + if(osver.dwMajorVersion >= majorVersion && + osver.dwMinorVersion >= minorVersion) + matched = TRUE; + break; + + case VERSION_GREATER_THAN: + if(osver.dwMajorVersion > majorVersion || + (osver.dwMajorVersion == majorVersion && + osver.dwMinorVersion > minorVersion)) + matched = TRUE; + break; + } + + /* Verify the platform identifier (if necessary) */ + if(matched) { + switch(platform) { + case PLATFORM_WINDOWS: + if(osver.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS) + matched = FALSE; + break; + + case PLATFORM_WINNT: + if(osver.dwPlatformId != VER_PLATFORM_WIN32_NT) + matched = FALSE; + + default: /* like platform == PLATFORM_DONT_CARE */ + break; + } + } + } +#else + ULONGLONG cm = 0; + OSVERSIONINFOEX osver; + BYTE majorCondition; + BYTE minorCondition; + BYTE spMajorCondition; + BYTE spMinorCondition; + + switch(condition) { + case VERSION_LESS_THAN: + majorCondition = VER_LESS; + minorCondition = VER_LESS; + spMajorCondition = VER_LESS_EQUAL; + spMinorCondition = VER_LESS_EQUAL; + break; + + case VERSION_LESS_THAN_EQUAL: + majorCondition = VER_LESS_EQUAL; + minorCondition = VER_LESS_EQUAL; + spMajorCondition = VER_LESS_EQUAL; + spMinorCondition = VER_LESS_EQUAL; + break; + + case VERSION_EQUAL: + majorCondition = VER_EQUAL; + minorCondition = VER_EQUAL; + spMajorCondition = VER_GREATER_EQUAL; + spMinorCondition = VER_GREATER_EQUAL; + break; + + case VERSION_GREATER_THAN_EQUAL: + majorCondition = VER_GREATER_EQUAL; + minorCondition = VER_GREATER_EQUAL; + spMajorCondition = VER_GREATER_EQUAL; + spMinorCondition = VER_GREATER_EQUAL; + break; + + case VERSION_GREATER_THAN: + majorCondition = VER_GREATER; + minorCondition = VER_GREATER; + spMajorCondition = VER_GREATER_EQUAL; + spMinorCondition = VER_GREATER_EQUAL; + break; + + default: + return FALSE; + } + + memset(&osver, 0, sizeof(osver)); + osver.dwOSVersionInfoSize = sizeof(osver); + osver.dwMajorVersion = majorVersion; + osver.dwMinorVersion = minorVersion; + if(platform == PLATFORM_WINDOWS) + osver.dwPlatformId = VER_PLATFORM_WIN32_WINDOWS; + else if(platform == PLATFORM_WINNT) + osver.dwPlatformId = VER_PLATFORM_WIN32_NT; + + cm = VerSetConditionMask(cm, VER_MAJORVERSION, majorCondition); + cm = VerSetConditionMask(cm, VER_MINORVERSION, minorCondition); + cm = VerSetConditionMask(cm, VER_SERVICEPACKMAJOR, spMajorCondition); + cm = VerSetConditionMask(cm, VER_SERVICEPACKMINOR, spMinorCondition); + if(platform != PLATFORM_DONT_CARE) + cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL); + + if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION | + VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR), + cm)) + matched = TRUE; +#endif + + return matched; +} + +#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ + defined(USE_WINSOCK)) + +/* + * Curl_load_library() + * + * This is used to dynamically load DLLs using the most secure method available + * for the version of Windows that we are running on. + * + * Parameters: + * + * filename [in] - The filename or full path of the DLL to load. If only the + * filename is passed then the DLL will be loaded from the + * Windows system directory. + * + * Returns the handle of the module on success; otherwise NULL. + */ +HMODULE Curl_load_library(LPCTSTR filename) +{ + HMODULE hModule = NULL; + LOADLIBRARYEX_FN pLoadLibraryEx = NULL; + + /* Get a handle to kernel32 so we can access it's functions at runtime */ + HMODULE hKernel32 = GetModuleHandle(TEXT("kernel32")); + if(!hKernel32) + return NULL; + + /* Attempt to find LoadLibraryEx() which is only available on Windows 2000 + and above */ + pLoadLibraryEx = (LOADLIBRARYEX_FN) GetProcAddress(hKernel32, LOADLIBARYEX); + + /* Detect if there's already a path in the filename and load the library if + there is. Note: Both back slashes and forward slashes have been supported + since the earlier days of DOS at an API level although they are not + supported by command prompt */ + if(_tcspbrk(filename, TEXT("\\/"))) { + /** !checksrc! disable BANNEDFUNC 1 **/ + hModule = pLoadLibraryEx ? + pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) : + LoadLibrary(filename); + } + /* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only + supported on Windows Vista, Windows Server 2008, Windows 7 and Windows + Server 2008 R2 with this patch or natively on Windows 8 and above */ + else if(pLoadLibraryEx && GetProcAddress(hKernel32, "AddDllDirectory")) { + /* Load the DLL from the Windows system directory */ + hModule = pLoadLibraryEx(filename, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32); + } + else { + /* Attempt to get the Windows system path */ + UINT systemdirlen = GetSystemDirectory(NULL, 0); + if(systemdirlen) { + /* Allocate space for the full DLL path (Room for the null terminator + is included in systemdirlen) */ + size_t filenamelen = _tcslen(filename); + TCHAR *path = malloc(sizeof(TCHAR) * (systemdirlen + 1 + filenamelen)); + if(path && GetSystemDirectory(path, systemdirlen)) { + /* Calculate the full DLL path */ + _tcscpy(path + _tcslen(path), TEXT("\\")); + _tcscpy(path + _tcslen(path), filename); + + /* Load the DLL from the Windows system directory */ + /** !checksrc! disable BANNEDFUNC 1 **/ + hModule = pLoadLibraryEx ? + pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) : + LoadLibrary(path); + + } + free(path); + } + } + + return hModule; +} + +#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ + +#endif /* WIN32 */ From c9951a41cec39667b8a559f6ee5223871c0ea1d4 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 14:16:08 +0200 Subject: [PATCH 2/6] loadlibrary.c: Inline copyright notice using text from https://raw.githubusercontent.com/curl/curl/7fc0e1dfc475930eada0180ee552f7b6deb3f04e/COPYING postprocessed with `par-format 73j | sed 's,^, * ,'`. --- expat/lib/loadlibrary.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/expat/lib/loadlibrary.c b/expat/lib/loadlibrary.c index cfbbf327..70c349e5 100644 --- a/expat/lib/loadlibrary.c +++ b/expat/lib/loadlibrary.c @@ -7,16 +7,24 @@ * * Copyright (C) 2016 - 2017, Steve Holme, . * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. + * All rights reserved. * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF + * THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF + * CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH + * THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + * + * Except as contained in this notice, the name of a copyright holder shall + * not be used in advertising or otherwise to promote the sale, use or other + * dealings in this Software without prior written authorization of the + * copyright holder. * ***************************************************************************/ From 3c6c0b7ba99ab766684014ccd0d2481236928a12 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 14:23:11 +0200 Subject: [PATCH 3/6] loadlibrary.c: Strip down, make ready to use --- expat/lib/loadlibrary.c | 212 +--------------------------------------- 1 file changed, 5 insertions(+), 207 deletions(-) diff --git a/expat/lib/loadlibrary.c b/expat/lib/loadlibrary.c index 70c349e5..4a87ccf4 100644 --- a/expat/lib/loadlibrary.c +++ b/expat/lib/loadlibrary.c @@ -28,19 +28,13 @@ * ***************************************************************************/ -#include "curl_setup.h" +#if defined(_WIN32) -#if defined(WIN32) +#include +#include -#include -#include "system_win32.h" -/* The last #include files should be: */ -#include "curl_memory.h" -#include "memdebug.h" - -#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ - defined(USE_WINSOCK)) +HMODULE Curl_load_library(LPCTSTR filename); #if !defined(LOAD_WITH_ALTERED_SEARCH_PATH) @@ -65,200 +59,6 @@ typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); # define LOADLIBARYEX "LoadLibraryExA" #endif -#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ - -/* - * Curl_verify_windows_version() - * - * This is used to verify if we are running on a specific windows version. - * - * Parameters: - * - * majorVersion [in] - The major version number. - * minorVersion [in] - The minor version number. - * platform [in] - The optional platform identifier. - * condition [in] - The test condition used to specifier whether we are - * checking a version less then, equal to or greater than - * what is specified in the major and minor version - * numbers. - * - * Returns TRUE if matched; otherwise FALSE. - */ -bool Curl_verify_windows_version(const unsigned int majorVersion, - const unsigned int minorVersion, - const PlatformIdentifier platform, - const VersionCondition condition) -{ - bool matched = FALSE; - -#if defined(CURL_WINDOWS_APP) - /* We have no way to determine the Windows version from Windows apps, - so let's assume we're running on the target Windows version. */ - const WORD fullVersion = MAKEWORD(minorVersion, majorVersion); - const WORD targetVersion = (WORD)_WIN32_WINNT; - - switch(condition) { - case VERSION_LESS_THAN: - matched = targetVersion < fullVersion; - break; - - case VERSION_LESS_THAN_EQUAL: - matched = targetVersion <= fullVersion; - break; - - case VERSION_EQUAL: - matched = targetVersion == fullVersion; - break; - - case VERSION_GREATER_THAN_EQUAL: - matched = targetVersion >= fullVersion; - break; - - case VERSION_GREATER_THAN: - matched = targetVersion > fullVersion; - break; - } - - if(matched && (platform == PLATFORM_WINDOWS)) { - /* we're always running on PLATFORM_WINNT */ - matched = FALSE; - } -#elif !defined(_WIN32_WINNT) || !defined(_WIN32_WINNT_WIN2K) || \ - (_WIN32_WINNT < _WIN32_WINNT_WIN2K) - OSVERSIONINFO osver; - - memset(&osver, 0, sizeof(osver)); - osver.dwOSVersionInfoSize = sizeof(osver); - - /* Find out Windows version */ - if(GetVersionEx(&osver)) { - /* Verify the Operating System version number */ - switch(condition) { - case VERSION_LESS_THAN: - if(osver.dwMajorVersion < majorVersion || - (osver.dwMajorVersion == majorVersion && - osver.dwMinorVersion < minorVersion)) - matched = TRUE; - break; - - case VERSION_LESS_THAN_EQUAL: - if(osver.dwMajorVersion <= majorVersion && - osver.dwMinorVersion <= minorVersion) - matched = TRUE; - break; - - case VERSION_EQUAL: - if(osver.dwMajorVersion == majorVersion && - osver.dwMinorVersion == minorVersion) - matched = TRUE; - break; - - case VERSION_GREATER_THAN_EQUAL: - if(osver.dwMajorVersion >= majorVersion && - osver.dwMinorVersion >= minorVersion) - matched = TRUE; - break; - - case VERSION_GREATER_THAN: - if(osver.dwMajorVersion > majorVersion || - (osver.dwMajorVersion == majorVersion && - osver.dwMinorVersion > minorVersion)) - matched = TRUE; - break; - } - - /* Verify the platform identifier (if necessary) */ - if(matched) { - switch(platform) { - case PLATFORM_WINDOWS: - if(osver.dwPlatformId != VER_PLATFORM_WIN32_WINDOWS) - matched = FALSE; - break; - - case PLATFORM_WINNT: - if(osver.dwPlatformId != VER_PLATFORM_WIN32_NT) - matched = FALSE; - - default: /* like platform == PLATFORM_DONT_CARE */ - break; - } - } - } -#else - ULONGLONG cm = 0; - OSVERSIONINFOEX osver; - BYTE majorCondition; - BYTE minorCondition; - BYTE spMajorCondition; - BYTE spMinorCondition; - - switch(condition) { - case VERSION_LESS_THAN: - majorCondition = VER_LESS; - minorCondition = VER_LESS; - spMajorCondition = VER_LESS_EQUAL; - spMinorCondition = VER_LESS_EQUAL; - break; - - case VERSION_LESS_THAN_EQUAL: - majorCondition = VER_LESS_EQUAL; - minorCondition = VER_LESS_EQUAL; - spMajorCondition = VER_LESS_EQUAL; - spMinorCondition = VER_LESS_EQUAL; - break; - - case VERSION_EQUAL: - majorCondition = VER_EQUAL; - minorCondition = VER_EQUAL; - spMajorCondition = VER_GREATER_EQUAL; - spMinorCondition = VER_GREATER_EQUAL; - break; - - case VERSION_GREATER_THAN_EQUAL: - majorCondition = VER_GREATER_EQUAL; - minorCondition = VER_GREATER_EQUAL; - spMajorCondition = VER_GREATER_EQUAL; - spMinorCondition = VER_GREATER_EQUAL; - break; - - case VERSION_GREATER_THAN: - majorCondition = VER_GREATER; - minorCondition = VER_GREATER; - spMajorCondition = VER_GREATER_EQUAL; - spMinorCondition = VER_GREATER_EQUAL; - break; - - default: - return FALSE; - } - - memset(&osver, 0, sizeof(osver)); - osver.dwOSVersionInfoSize = sizeof(osver); - osver.dwMajorVersion = majorVersion; - osver.dwMinorVersion = minorVersion; - if(platform == PLATFORM_WINDOWS) - osver.dwPlatformId = VER_PLATFORM_WIN32_WINDOWS; - else if(platform == PLATFORM_WINNT) - osver.dwPlatformId = VER_PLATFORM_WIN32_NT; - - cm = VerSetConditionMask(cm, VER_MAJORVERSION, majorCondition); - cm = VerSetConditionMask(cm, VER_MINORVERSION, minorCondition); - cm = VerSetConditionMask(cm, VER_SERVICEPACKMAJOR, spMajorCondition); - cm = VerSetConditionMask(cm, VER_SERVICEPACKMINOR, spMinorCondition); - if(platform != PLATFORM_DONT_CARE) - cm = VerSetConditionMask(cm, VER_PLATFORMID, VER_EQUAL); - - if(VerifyVersionInfo(&osver, (VER_MAJORVERSION | VER_MINORVERSION | - VER_SERVICEPACKMAJOR | VER_SERVICEPACKMINOR), - cm)) - matched = TRUE; -#endif - - return matched; -} - -#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ - defined(USE_WINSOCK)) /* * Curl_load_library() @@ -332,6 +132,4 @@ HMODULE Curl_load_library(LPCTSTR filename) return hModule; } -#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ - -#endif /* WIN32 */ +#endif /* defined(_WIN32) */ From 931697b9b8e162b7f4e079a92a3a57c0b4f2db97 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 14:47:37 +0200 Subject: [PATCH 4/6] Integrate loadlibrary.c into build systems --- expat/CMakeLists.txt | 1 + expat/MANIFEST | 1 + expat/Makefile.in | 4 +++- expat/lib/expat.vcxproj | 1 + expat/lib/expat.vcxproj.filters | 3 +++ expat/lib/expat_static.vcxproj | 1 + expat/lib/expat_static.vcxproj.filters | 3 +++ expat/lib/expatw.vcxproj | 1 + expat/lib/expatw.vcxproj.filters | 3 +++ expat/lib/expatw_static.vcxproj | 1 + expat/lib/expatw_static.vcxproj.filters | 3 +++ 11 files changed, 21 insertions(+), 1 deletion(-) diff --git a/expat/CMakeLists.txt b/expat/CMakeLists.txt index 398b5550..568e4bd4 100644 --- a/expat/CMakeLists.txt +++ b/expat/CMakeLists.txt @@ -54,6 +54,7 @@ if(WIN32) endif(WIN32) set(expat_SRCS + lib/loadlibrary.c lib/xmlparse.c lib/xmlrole.c lib/xmltok.c diff --git a/expat/MANIFEST b/expat/MANIFEST index c8479ed0..c90dadc0 100644 --- a/expat/MANIFEST +++ b/expat/MANIFEST @@ -45,6 +45,7 @@ lib/internal.h lib/latin1tab.h lib/libexpat.def lib/libexpatw.def +lib/loadlibrary.c lib/nametab.h lib/siphash.h lib/utf8tab.h diff --git a/expat/Makefile.in b/expat/Makefile.in index 76f77b17..3e98d242 100644 --- a/expat/Makefile.in +++ b/expat/Makefile.in @@ -128,7 +128,7 @@ LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG) LINK_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) $(LDFLAGS) -o $@ LINK_CXX_EXE = $(LIBTOOL) $(LTFLAGS) --mode=link $(CXXCOMPILE) $(LDFLAGS) -o $@ -LIB_OBJS = lib/xmlparse.lo lib/xmltok.lo lib/xmlrole.lo +LIB_OBJS = lib/loadlibrary.lo lib/xmlparse.lo lib/xmltok.lo lib/xmlrole.lo $(LIBRARY): $(LIB_OBJS) $(LINK_LIB) $(LIB_OBJS) @@ -138,6 +138,8 @@ expat.pc: $(top_builddir)/config.status lib/xmlparse.lo: lib/xmlparse.c lib/expat.h lib/siphash.h lib/xmlrole.h lib/xmltok.h \ $(top_builddir)/expat_config.h lib/expat_external.h lib/internal.h +lib/loadlibrary.lo: lib/loadlibrary.c + lib/xmlrole.lo: lib/xmlrole.c lib/ascii.h lib/xmlrole.h \ $(top_builddir)/expat_config.h lib/expat_external.h lib/internal.h diff --git a/expat/lib/expat.vcxproj b/expat/lib/expat.vcxproj index 1673e676..7270b874 100644 --- a/expat/lib/expat.vcxproj +++ b/expat/lib/expat.vcxproj @@ -147,6 +147,7 @@ + diff --git a/expat/lib/expat.vcxproj.filters b/expat/lib/expat.vcxproj.filters index 34aea26d..61c52b58 100644 --- a/expat/lib/expat.vcxproj.filters +++ b/expat/lib/expat.vcxproj.filters @@ -15,6 +15,9 @@ + + Source Files + Source Files diff --git a/expat/lib/expat_static.vcxproj b/expat/lib/expat_static.vcxproj index 77c0ece9..512e4c98 100644 --- a/expat/lib/expat_static.vcxproj +++ b/expat/lib/expat_static.vcxproj @@ -120,6 +120,7 @@ + diff --git a/expat/lib/expat_static.vcxproj.filters b/expat/lib/expat_static.vcxproj.filters index e6d9d80f..a2fe03e6 100644 --- a/expat/lib/expat_static.vcxproj.filters +++ b/expat/lib/expat_static.vcxproj.filters @@ -11,6 +11,9 @@ + + Source Files + Source Files diff --git a/expat/lib/expatw.vcxproj b/expat/lib/expatw.vcxproj index cf54fd2a..d42944db 100644 --- a/expat/lib/expatw.vcxproj +++ b/expat/lib/expatw.vcxproj @@ -147,6 +147,7 @@ + diff --git a/expat/lib/expatw.vcxproj.filters b/expat/lib/expatw.vcxproj.filters index dc6e9685..fb3909c9 100644 --- a/expat/lib/expatw.vcxproj.filters +++ b/expat/lib/expatw.vcxproj.filters @@ -15,6 +15,9 @@ + + Source Files + Source Files diff --git a/expat/lib/expatw_static.vcxproj b/expat/lib/expatw_static.vcxproj index 99a45e47..e7a21161 100644 --- a/expat/lib/expatw_static.vcxproj +++ b/expat/lib/expatw_static.vcxproj @@ -120,6 +120,7 @@ + diff --git a/expat/lib/expatw_static.vcxproj.filters b/expat/lib/expatw_static.vcxproj.filters index 83a7c08c..724d9f8c 100644 --- a/expat/lib/expatw_static.vcxproj.filters +++ b/expat/lib/expatw_static.vcxproj.filters @@ -11,6 +11,9 @@ + + Source Files + Source Files From 6ea9606489e91abd006ee4b5d2f4c73b767993a5 Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 14:49:18 +0200 Subject: [PATCH 5/6] xmlparse.c: Use Curl_load_library --- expat/Changes | 3 ++- expat/lib/xmlparse.c | 9 ++------- 2 files changed, 4 insertions(+), 8 deletions(-) diff --git a/expat/Changes b/expat/Changes index d1693b73..418905f4 100644 --- a/expat/Changes +++ b/expat/Changes @@ -5,7 +5,8 @@ NOTE: We are looking for help with a few things: Release 2.2.? ???????????????? Security fixes: #81 Pre-10.7/Lion macOS: Support entropy from arc4random - #82 Windows: Fix DLL hijacking vulnerability + #82 Windows: Fix DLL hijacking vulnerability using + Steve Holme's LoadLibrary wrapper for/of cURL Bug fixes: #85 Fix a dangling pointer issue related to realloc diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 3201b2a8..4c470d4e 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -804,6 +804,7 @@ writeRandomBytes_arc4random(void * target, size_t count) { #ifdef _WIN32 typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); +HMODULE Curl_load_library(LPCTSTR filename); /* see loadlibrary.c */ /* Obtain entropy on Windows XP / Windows Server 2003 and later. * Hint on RtlGenRandom and the following article from libsodium. @@ -814,13 +815,7 @@ typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); static int writeRandomBytes_RtlGenRandom(void * target, size_t count) { int success = 0; /* full count bytes written? */ - const LPCTSTR file_name = TEXT("ADVAPI32.DLL"); - HMODULE advapi32 = LoadLibraryEx(file_name, 0, LOAD_LIBRARY_SEARCH_SYSTEM32); - - if (! advapi32) { - /* Try again without LOAD_LIBRARY_SEARCH_SYSTEM32 if unsupported */ - advapi32 = LoadLibraryEx(file_name, 0, 0); - } + const HMODULE advapi32 = Curl_load_library(TEXT("ADVAPI32.DLL")); if (advapi32) { const RTLGENRANDOM_FUNC RtlGenRandom From 3e63f6c438d6e5faba69881c102aba2cd1cc03fd Mon Sep 17 00:00:00 2001 From: Sebastian Pipping Date: Wed, 26 Jul 2017 15:19:45 +0200 Subject: [PATCH 6/6] Rename Curl_load_library to _Expat_LoadLibrary .. to avoid symbol collisions --- expat/lib/loadlibrary.c | 6 +++--- expat/lib/xmlparse.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/expat/lib/loadlibrary.c b/expat/lib/loadlibrary.c index 4a87ccf4..31b7f312 100644 --- a/expat/lib/loadlibrary.c +++ b/expat/lib/loadlibrary.c @@ -34,7 +34,7 @@ #include -HMODULE Curl_load_library(LPCTSTR filename); +HMODULE _Expat_LoadLibrary(LPCTSTR filename); #if !defined(LOAD_WITH_ALTERED_SEARCH_PATH) @@ -61,7 +61,7 @@ typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); /* - * Curl_load_library() + * _Expat_LoadLibrary() * * This is used to dynamically load DLLs using the most secure method available * for the version of Windows that we are running on. @@ -74,7 +74,7 @@ typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); * * Returns the handle of the module on success; otherwise NULL. */ -HMODULE Curl_load_library(LPCTSTR filename) +HMODULE _Expat_LoadLibrary(LPCTSTR filename) { HMODULE hModule = NULL; LOADLIBRARYEX_FN pLoadLibraryEx = NULL; diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c index 4c470d4e..814f734d 100644 --- a/expat/lib/xmlparse.c +++ b/expat/lib/xmlparse.c @@ -804,7 +804,7 @@ writeRandomBytes_arc4random(void * target, size_t count) { #ifdef _WIN32 typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG); -HMODULE Curl_load_library(LPCTSTR filename); /* see loadlibrary.c */ +HMODULE _Expat_LoadLibrary(LPCTSTR filename); /* see loadlibrary.c */ /* Obtain entropy on Windows XP / Windows Server 2003 and later. * Hint on RtlGenRandom and the following article from libsodium. @@ -815,7 +815,7 @@ HMODULE Curl_load_library(LPCTSTR filename); /* see loadlibrary.c */ static int writeRandomBytes_RtlGenRandom(void * target, size_t count) { int success = 0; /* full count bytes written? */ - const HMODULE advapi32 = Curl_load_library(TEXT("ADVAPI32.DLL")); + const HMODULE advapi32 = _Expat_LoadLibrary(TEXT("ADVAPI32.DLL")); if (advapi32) { const RTLGENRANDOM_FUNC RtlGenRandom