[misc] switch to using LoadLibraryEx everywhere

* This allows us to further mitigate DLL side loading by enforcing LOAD_LIBRARY_SEARCH_SYSTEM32 / LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR.
2024-08-14 23:57:05 +00:00 · 2021-04-09 11:31:52 +01:00 · 2021-04-09 11:31:52 +01:00 · 2a3e82fa96
commit 2a3e82fa96
parent c9e71de898
8 changed files with 25 additions and 12 deletions
--- a/res/appstore/Package.appxmanifest
+++ b/res/appstore/Package.appxmanifest
@ -11,7 +11,7 @@
  <Identity
    Name="19453.net.Rufus"
    Publisher="CN=7AC86D13-3E5A-491A-ADD5-80095C212740"
-    Version="3.14.1768.0" />
+    Version="3.14.1769.0" />

  <Properties>
    <DisplayName>Rufus</DisplayName>
--- a/src/dos.c
+++ b/src/dos.c
@ -311,7 +311,7 @@ static BOOL ExtractMSDOS(const char* path)
 		goto out;
 	}
 	static_strcat(dllname, "\\diskcopy.dll");
-	hDLL = LoadLibraryA(dllname);
+	hDLL = LoadLibraryExA(dllname, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
 	if (hDLL == NULL) {
 		uprintf("Unable to open %s: %s\n", dllname, WindowsErrorString());
 		goto out;
--- a/src/msapi_utf8.h
+++ b/src/msapi_utf8.h
@ -317,6 +317,18 @@ static __inline HMODULE LoadLibraryU(LPCSTR lpFileName)
 	return ret;
 }

+static __inline HMODULE LoadLibraryExU(LPCSTR lpFileName, HANDLE hFile, DWORD dwFlags)
+{
+	HMODULE ret;
+	DWORD err = ERROR_INVALID_DATA;
+	wconvert(lpFileName);
+	ret = LoadLibraryExW(wlpFileName, hFile, dwFlags);
+	err = GetLastError();
+	wfree(lpFileName);
+	SetLastError(err);
+	return ret;
+}
+
 static __inline int DrawTextU(HDC hDC, LPCSTR lpText, int nCount, LPRECT lpRect, UINT uFormat)
 {
 	int ret;
--- a/src/rufus.c
+++ b/src/rufus.c
@ -3148,7 +3148,8 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 	// nail... Also, no, Coverity, we never need to care about freeing kernel32 as a library.
 	// coverity[leaked_storage]
 	pfSetDefaultDllDirectories = (SetDefaultDllDirectories_t)
-		GetProcAddress(LoadLibraryW(kernel32_path), "SetDefaultDllDirectories");
+		GetProcAddress(LoadLibraryExW(kernel32_path, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32),
+			"SetDefaultDllDirectories");
 	if (pfSetDefaultDllDirectories != NULL)
 		pfSetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32);

--- a/src/rufus.h
+++ b/src/rufus.h
@ -658,7 +658,7 @@ static __inline HMODULE GetLibraryHandle(char* szLibraryName) {
 		if (OpenedLibrariesHandleSize >= MAX_LIBRARY_HANDLES) {
 			uprintf("Error: MAX_LIBRARY_HANDLES is too small\n");
 		} else {
-			h = LoadLibraryA(szLibraryName);
+			h = LoadLibraryExA(szLibraryName, NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
 			if (h != NULL)
 				OpenedLibrariesHandle[OpenedLibrariesHandleSize++] = h;
 		}
--- a/src/rufus.rc
+++ b/src/rufus.rc
@ -33,7 +33,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 IDD_DIALOG DIALOGEX 12, 12, 232, 326
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_ACCEPTFILES
-CAPTION "Rufus 3.14.1768"
+CAPTION "Rufus 3.14.1769"
 FONT 9, "Segoe UI Symbol", 400, 0, 0x0
 BEGIN
    LTEXT           "Drive Properties",IDS_DRIVE_PROPERTIES_TXT,8,6,53,12,NOT WS_GROUP
@ -395,8 +395,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 3,14,1768,0
- PRODUCTVERSION 3,14,1768,0
+ FILEVERSION 3,14,1769,0
+ PRODUCTVERSION 3,14,1769,0
 FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -414,13 +414,13 @@ BEGIN
            VALUE "Comments", "https://rufus.ie"
            VALUE "CompanyName", "Akeo Consulting"
            VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "3.14.1768"
+            VALUE "FileVersion", "3.14.1769"
            VALUE "InternalName", "Rufus"
            VALUE "LegalCopyright", "© 2011-2021 Pete Batard (GPL v3)"
            VALUE "LegalTrademarks", "https://www.gnu.org/licenses/gpl-3.0.html"
            VALUE "OriginalFilename", "rufus-3.14.exe"
            VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "3.14.1768"
+            VALUE "ProductVersion", "3.14.1769"
        END
    END
    BLOCK "VarFileInfo"
--- a/src/stdlg.c
+++ b/src/stdlg.c
@ -2047,7 +2047,7 @@ void SetAlertPromptMessages(void)
 	// Fetch the localized strings in the relevant MUI
 	// Must use sysnative_dir rather than system_dir as we may not find the MUI's otherwise
 	static_sprintf(mui_path, "%s\\%s\\shell32.dll.mui", sysnative_dir, GetCurrentMUI());
-	mui_lib = LoadLibraryU(mui_path);
+	mui_lib = LoadLibraryExU(mui_path, NULL, LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR);
 	if (mui_lib != NULL) {
 		// 4097 = "You need to format the disk in drive %c: before you can use it." (dialog text)
 		// 4125 = "Microsoft Windows" (dialog title)
@ -2063,7 +2063,7 @@ void SetAlertPromptMessages(void)
 		FreeLibrary(mui_lib);
 	}
 	static_sprintf(mui_path, "%s\\%s\\urlmon.dll.mui", sysnative_dir, GetCurrentMUI());
-	mui_lib = LoadLibraryU(mui_path);
+	mui_lib = LoadLibraryExU(mui_path, NULL, LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR);
 	if (mui_lib != NULL) {
 		// 2070 = "Windows Security Warning" (yes, that's what MS uses for a stupid cookie!)
 		if (LoadStringU(mui_lib, 2070, title_str[1], sizeof(title_str[1])) <= 0) {
--- a/src/syslinux/win/ntfssect.c
+++ b/src/syslinux/win/ntfssect.c
@ -307,7 +307,7 @@ DWORD M_NTFSSECT_API NtfsSectLoadXpFuncs(S_NTFSSECT_XPFUNCS * XpFuncs) {

    XpFuncs->Size = sizeof *XpFuncs;

-    XpFuncs->Kernel32 = LoadLibraryA("kernel32.dll");
+    XpFuncs->Kernel32 = LoadLibraryExA("kernel32.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
    rc = GetLastError();
    if (!XpFuncs->Kernel32) {
        M_ERR("KERNEL32.DLL not found!");