aboutsummaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorFridrich Štrba <fridrich.strba@bluewin.ch>2010-09-14 04:54:19 +0800
committerFridrich Štrba <fridrich.strba@bluewin.ch>2010-09-14 04:58:24 +0800
commit23cbe11a5b11b301b17bcce23c199e9879fe2db8 (patch)
treeb9f138f6ca5c1cd30971fdfe9753513521ce3205 /modules
parent75d1c75617ccd515ca1ebee44dd47204e76f36e1 (diff)
downloadgsoc2013-evolution-23cbe11a5b11b301b17bcce23c199e9879fe2db8.tar.gz
gsoc2013-evolution-23cbe11a5b11b301b17bcce23c199e9879fe2db8.tar.zst
gsoc2013-evolution-23cbe11a5b11b301b17bcce23c199e9879fe2db8.zip
Avoid dll hijacking
Load sensapi.dll only from system directory where it should normally be and not from any random place.
Diffstat (limited to 'modules')
-rw-r--r--modules/windows-sens/evolution-windows-sens.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/modules/windows-sens/evolution-windows-sens.c b/modules/windows-sens/evolution-windows-sens.c
index 469087ba3e..536ff06ff4 100644
--- a/modules/windows-sens/evolution-windows-sens.c
+++ b/modules/windows-sens/evolution-windows-sens.c
@@ -457,6 +457,8 @@ static const gchar * add_curly_braces_to_uuid (const gchar * string_uuid)
return curly_braced_uuid_string;
}
+#define SENSAPI_DLL "sensapi.dll"
+
static void
windows_sens_constructed (GObject *object)
{
@@ -549,7 +551,27 @@ windows_sens_constructed (GObject *object)
IsNetworkAlive_t pIsNetworkAlive = NULL;
- HMODULE hDLL=LoadLibrary ("sensapi.dll");
+ char *buf = NULL;
+ char dummy;
+ int n, k;
+ HMODULE hDLL = NULL;
+
+ n = GetSystemDirectory (&dummy, 0);
+
+ if (n <= 0)
+ goto cleanup;
+
+ buf = g_malloc (n + 1 + strlen (SENSAPI_DLL));
+ k = GetSystemDirectory (buf, n);
+
+ if (k == 0 || k > n)
+ goto cleanup;
+
+ if (!G_IS_DIR_SEPARATOR (buf[strlen (buf) -1]))
+ strcat (buf, G_DIR_SEPARATOR_S);
+ strcat (buf, SENSAPI_DLL);
+
+ hDLL=LoadLibrary (buf);
if ((pIsNetworkAlive=(IsNetworkAlive_t) GetProcAddress (hDLL, "IsNetworkAlive"))) {
DWORD Network;
@@ -559,6 +581,9 @@ windows_sens_constructed (GObject *object)
FreeLibrary (hDLL);
e_shell_set_network_available (shell, alive);
+
+cleanup:
+ g_free (buf);
}
}