[gtk+] Avoid potential DLL hijacking in Wintab code

From: Tor Lillqvist <tml src gnome org>
To: commits-list gnome org
Cc:
Subject: [gtk+] Avoid potential DLL hijacking in Wintab code
Date: Thu, 9 Sep 2010 12:46:31 +0000 (UTC)

commit e7483343275e6ac4c402b84d99635d1ef8ed86be
Author: Tor Lillqvist <tml iki fi>
Date:   Thu Sep 9 15:44:12 2010 +0300

    Avoid potential DLL hijacking in Wintab code
    
    Load Wintab32.dll from an absolute path. A proper Wintab32.dll, if
    present, should be in the Windows system directory, so load it from
    there.

 gdk/win32/gdkdevicemanager-win32.c |   25 ++++++++++++++++++++++++-
 1 files changed, 24 insertions(+), 1 deletions(-)
---
diff --git a/gdk/win32/gdkdevicemanager-win32.c b/gdk/win32/gdkdevicemanager-win32.c
index e3696bb..f0fddb1 100644
--- a/gdk/win32/gdkdevicemanager-win32.c
+++ b/gdk/win32/gdkdevicemanager-win32.c
@@ -33,6 +33,8 @@
 #include <windows.h>
 #include <wintab.h>
 
+#define WINTAB32_DLL "Wintab32.dll"
+
 #define PACKETDATA (PK_CONTEXT | PK_CURSOR | PK_BUTTONS | PK_X | PK_Y  | PK_NORMAL_PRESSURE | PK_ORIENTATION)
 /* We want everything in absolute mode */
 #define PACKETMODE (0)
@@ -376,6 +378,9 @@ _gdk_input_wintab_init_check (GdkDeviceManagerWin32 *device_manager)
   gchar *devname_utf8, *csrname_utf8, *device_name;
   BOOL defcontext_done;
   HMODULE wintab32;
+  char *wintab32_dll_path;
+  char dummy;
+  int n, k;
 
   if (wintab_initialized)
     return;
@@ -387,7 +392,25 @@ _gdk_input_wintab_init_check (GdkDeviceManagerWin32 *device_manager)
   if (_gdk_input_ignore_wintab)
     return;
 
-  if ((wintab32 = LoadLibrary ("wintab32.dll")) == NULL)
+  n = GetSystemDirectory (&dummy, 0);
+
+  if (n <= 0)
+    return;
+
+  wintab32_dll_path = g_malloc (n + 1 + strlen (WINTAB32_DLL));
+  k = GetSystemDirectory (wintab32_dll_path, n);
+  
+  if (k == 0 || k > n)
+    {
+      g_free (wintab32_dll_path);
+      return;
+    }
+
+  if (!G_IS_DIR_SEPARATOR (wintab32_dll_path[strlen (wintab32_dll_path) -1]))
+    strcat (wintab32_dll_path, G_DIR_SEPARATOR_S);
+  strcat (wintab32_dll_path, WINTAB32_DLL);
+
+  if ((wintab32 = LoadLibrary (wintab32_dll_path)) == NULL)
     return;
 
   if ((p_WTInfoA = (t_WTInfoA) GetProcAddress (wintab32, "WTInfoA")) == NULL)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]