|
|
@@ -186,6 +186,38 @@ char *get_username(void)
|
|
|
return got_username ? user : NULL;
|
|
|
}
|
|
|
|
|
|
+void dll_hijacking_protection(void)
|
|
|
+{
|
|
|
+ /*
|
|
|
+ * If the OS provides it, call SetDefaultDllDirectories() to
|
|
|
+ * prevent DLLs from being loaded from the directory containing
|
|
|
+ * our own binary, and instead only load from system32.
|
|
|
+ *
|
|
|
+ * This is a protection against hijacking attacks, if someone runs
|
|
|
+ * PuTTY directly from their web browser's download directory
|
|
|
+ * having previously been enticed into clicking on an unwise link
|
|
|
+ * that downloaded a malicious DLL to the same directory under one
|
|
|
+ * of various magic names that seem to be things that standard
|
|
|
+ * Windows DLLs delegate to.
|
|
|
+ *
|
|
|
+ * It shouldn't break deliberate loading of user-provided DLLs
|
|
|
+ * such as GSSAPI providers, because those are specified by their
|
|
|
+ * full pathname by the user-provided configuration.
|
|
|
+ */
|
|
|
+ static HMODULE kernel32_module;
|
|
|
+ DECL_WINDOWS_FUNCTION(static, BOOL, SetDefaultDllDirectories, (DWORD));
|
|
|
+
|
|
|
+ if (!kernel32_module) {
|
|
|
+ kernel32_module = load_system32_dll("kernel32.dll");
|
|
|
+ GET_WINDOWS_FUNCTION(kernel32_module, SetDefaultDllDirectories);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (p_SetDefaultDllDirectories) {
|
|
|
+ /* LOAD_LIBRARY_SEARCH_SYSTEM32 only */
|
|
|
+ p_SetDefaultDllDirectories(0x800);
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
BOOL init_winver(void)
|
|
|
{
|
|
|
ZeroMemory(&osVersion, sizeof(osVersion));
|
Martin Prikryl