aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBob Arnson <bob@firegiant.com>2024-01-24 17:38:55 -0500
committerRob Mensching <rob@firegiant.com>2024-02-06 07:57:50 -0800
commitfec38b6461d0551339139a2fe52403a61942adc0 (patch)
tree82b983fe11bd88f74ab3418365f5617eab905fa5
parent74ef526a2252f794465b2146c4c32c348284cf91 (diff)
downloadwix-fec38b6461d0551339139a2fe52403a61942adc0.tar.gz
wix-fec38b6461d0551339139a2fe52403a61942adc0.tar.bz2
wix-fec38b6461d0551339139a2fe52403a61942adc0.zip
Mitigate .local DLL redirection Windows bug.
Diffstat
-rw-r--r--src/burn/stub/precomp.h1
-rw-r--r--src/burn/stub/stub.cpp26
-rw-r--r--src/burn/stub/stub.vcxproj1
3 files changed, 28 insertions, 0 deletions
diff --git a/src/burn/stub/precomp.h b/src/burn/stub/precomp.h
index bb7ded9c..46239a6c 100644
--- a/src/burn/stub/precomp.h
+++ b/src/burn/stub/precomp.h
@@ -9,6 +9,7 @@
9 9
10#include <dutil.h> 10#include <dutil.h>
11#include <apputil.h> 11#include <apputil.h>
12#include <dirutil.h>
12#include <strutil.h> 13#include <strutil.h>
13#include <fileutil.h> 14#include <fileutil.h>
14#include <pathutil.h> 15#include <pathutil.h>
diff --git a/src/burn/stub/stub.cpp b/src/burn/stub/stub.cpp
index 339a54da..9c9dfeef 100644
--- a/src/burn/stub/stub.cpp
+++ b/src/burn/stub/stub.cpp
@@ -2,6 +2,10 @@
2 2
3#include "precomp.h" 3#include "precomp.h"
4 4
5static const HRESULT E_SUSPECTED_TAMPERING = MAKE_HRESULT(SEVERITY_ERROR, 500/*FACILITY_WIX*/, 2001);
6
7static void AvoidLocalDllRedirection(LPCWSTR wzPath);
8
5 9
6int WINAPI wWinMain( 10int WINAPI wWinMain(
7 __in HINSTANCE hInstance, 11 __in HINSTANCE hInstance,
@@ -52,6 +56,8 @@ int WINAPI wWinMain(
52 AppInitialize(rgsczSafelyLoadSystemDlls, countof(rgsczSafelyLoadSystemDlls)); 56 AppInitialize(rgsczSafelyLoadSystemDlls, countof(rgsczSafelyLoadSystemDlls));
53 } 57 }
54 58
59 AvoidLocalDllRedirection(sczPath);
60
55 // call run 61 // call run
56 hr = EngineRun(hInstance, hEngineFile, lpCmdLine, nCmdShow, &dwExitCode); 62 hr = EngineRun(hInstance, hEngineFile, lpCmdLine, nCmdShow, &dwExitCode);
57 ExitOnFailure(hr, "Failed to run application."); 63 ExitOnFailure(hr, "Failed to run application.");
@@ -63,3 +69,23 @@ LExit:
63 69
64 return FAILED(hr) ? (int)hr : (int)dwExitCode; 70 return FAILED(hr) ? (int)hr : (int)dwExitCode;
65} 71}
72
73static void AvoidLocalDllRedirection(LPCWSTR wzPath)
74{
75 LPWSTR sczLocalPath = NULL;
76 HMODULE hmodComCtl = NULL;
77
78 // Bail if there's a <bundle>.exe.local directory, as it's a feature of
79 // DLL redirection that has no real use for a bundle and is a hole for
80 // DLL hijacking attacks.
81
82 if (FAILED(StrAllocFormatted(&sczLocalPath, L"%ls.local", wzPath))
83 || DirExists(sczLocalPath, NULL)
84 || FileExistsEx(sczLocalPath, NULL)
85 || FAILED(LoadSystemLibrary(L"Comctl32.dll", &hmodComCtl)))
86 {
87 ::ExitProcess((UINT)E_SUSPECTED_TAMPERING);
88 }
89
90 ReleaseStr(sczLocalPath);
91}
diff --git a/src/burn/stub/stub.vcxproj b/src/burn/stub/stub.vcxproj
index 29da8d05..03f49209 100644
--- a/src/burn/stub/stub.vcxproj
+++ b/src/burn/stub/stub.vcxproj
@@ -63,6 +63,7 @@
63 <SwapRunFromCD>true</SwapRunFromCD> 63 <SwapRunFromCD>true</SwapRunFromCD>
64 <SwapRunFromNET>true</SwapRunFromNET> 64 <SwapRunFromNET>true</SwapRunFromNET>
65 <DelayLoadDLLs>cabinet.dll;crypt32.dll;msi.dll;shlwapi.dll;userenv.dll;version.dll;wininet.dll;wintrust.dll</DelayLoadDLLs> 65 <DelayLoadDLLs>cabinet.dll;crypt32.dll;msi.dll;shlwapi.dll;userenv.dll;version.dll;wininet.dll;wintrust.dll</DelayLoadDLLs>
66 <AdditionalOptions>/DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
66 </Link> 67 </Link>
67 </ItemDefinitionGroup> 68 </ItemDefinitionGroup>
68 69
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-15 21:17:08 +0000