diff options
| author | Jan-Arve Sæther <jan-arve.saether@nokia.com> | 2010-08-31 08:23:30 (GMT) |
|---|---|---|
| committer | Jan-Arve Sæther <jan-arve.saether@nokia.com> | 2010-09-03 08:22:25 (GMT) |
| commit | 5738dcd705e7edde816940f9c0ab2c364c81ad20 (patch) | |
| tree | e6be0a4b0f11289a7f0e8f6b4d4cce1de28aee8e /src/gui/kernel/qapplication_win.cpp | |
| parent | dac9e5dd5644d29d6a8dde752e7c594727f16661 (diff) | |
| download | Qt-5738dcd705e7edde816940f9c0ab2c364c81ad20.zip Qt-5738dcd705e7edde816940f9c0ab2c364c81ad20.tar.gz Qt-5738dcd705e7edde816940f9c0ab2c364c81ad20.tar.bz2 | |
Ensure that we load system libraries from the correct location.
This was a security hole that has been there for a while, but the
public awareness have recently rised so the threat is more imminent
now.
The solution is to fix all places where we dynamically load system
libraries. More specifically, we now load all system libraries with
an absolute path that points to a library in the system directory
(usually c:\windows\system32).
We therefore introduce a small class named QSystemLibrary that only loads
libraries located in the system path. This shares some of the API with
QLibrary (in order to make the patch as small as possible).
We don't fix QLibrary due to risk of regressions. In
addition, applications can fix the code that calls QLibrary themselves.
The problem does not apply to Windows CE, since the search order is
documented as not searching in the current directory.
However, it touches some CE-specific code - therefore QSystemLibrary
is sometimes used on WinCE (however, it will just do a normal
LoadLibrary() since its safe anyway).
This change does not affect the testability plugin (it is not clearly
documented where that plugin is located, and the plugin should never
be used in production code anyway)
Loading OpenSSL libraries
The ssl libraries are handled specially, and searched in this order
(we cannot expect them to always be in the system folder):
1. Application path
2. System libraries path
3. Trying all paths inside the PATH environment variable
Task-number: QT-3825
Reviewed-by: Thiago Macieira
Reviewed-by: Peter Hartmann
Diffstat (limited to 'src/gui/kernel/qapplication_win.cpp')
| -rw-r--r-- | src/gui/kernel/qapplication_win.cpp | 38 |
1 files changed, 18 insertions, 20 deletions
diff --git a/src/gui/kernel/qapplication_win.cpp b/src/gui/kernel/qapplication_win.cpp index d6896c0..b6b49cc 100644 --- a/src/gui/kernel/qapplication_win.cpp +++ b/src/gui/kernel/qapplication_win.cpp @@ -66,7 +66,6 @@ extern void qt_wince_hide_taskbar(HWND hwnd); //defined in qguifunctions_wince.c #include "qdatetime.h" #include "qpointer.h" #include "qhash.h" -#include "qlibrary.h" #include "qmetaobject.h" #include "qmime.h" #include "qpainter.h" @@ -91,6 +90,7 @@ extern void qt_wince_hide_taskbar(HWND hwnd); //defined in qguifunctions_wince.c #include "qdebug.h" #include <private/qkeymapper_p.h> #include <private/qlocale_p.h> +#include <private/qsystemlibrary_p.h> #include "qevent_p.h" //#define ALIEN_DEBUG @@ -204,7 +204,7 @@ static void resolveAygLibs() { if (!aygResolved) { aygResolved = true; - QLibrary ayglib(QLatin1String("aygshell")); + QSystemLibrary ayglib(QLatin1String("aygshell")); if (!ayglib.load()) return; ptrRecognizeGesture = (AygRecognizeGesture) ayglib.resolve("SHRecognizeGesture"); @@ -811,10 +811,10 @@ void qt_init(QApplicationPrivate *priv, int) #ifndef Q_OS_WINCE ptrUpdateLayeredWindowIndirect = - (PtrUpdateLayeredWindowIndirect) QLibrary::resolve(QLatin1String("user32"), + (PtrUpdateLayeredWindowIndirect) QSystemLibrary::resolve(QLatin1String("user32"), "UpdateLayeredWindowIndirect"); ptrUpdateLayeredWindow = - (PtrUpdateLayeredWindow) QLibrary::resolve(QLatin1String("user32"), + (PtrUpdateLayeredWindow) QSystemLibrary::resolve(QLatin1String("user32"), "UpdateLayeredWindow"); if (ptrUpdateLayeredWindow && !ptrUpdateLayeredWindowIndirect) @@ -822,7 +822,7 @@ void qt_init(QApplicationPrivate *priv, int) // Notify Vista and Windows 7 that we support highter DPI settings ptrSetProcessDPIAware = (PtrSetProcessDPIAware) - QLibrary::resolve(QLatin1String("user32"), "SetProcessDPIAware"); + QSystemLibrary::resolve(QLatin1String("user32"), "SetProcessDPIAware"); if (ptrSetProcessDPIAware) ptrSetProcessDPIAware(); #endif @@ -842,30 +842,28 @@ void qt_init(QApplicationPrivate *priv, int) #elif !defined(Q_WS_WINCE) #if !defined(QT_NO_NATIVE_GESTURES) priv->GetGestureInfo = - (PtrGetGestureInfo)QLibrary::resolve(QLatin1String("user32"), + (PtrGetGestureInfo)QSystemLibrary::resolve(QLatin1String("user32"), "GetGestureInfo"); priv->GetGestureExtraArgs = - (PtrGetGestureExtraArgs)QLibrary::resolve(QLatin1String("user32"), + (PtrGetGestureExtraArgs)QSystemLibrary::resolve(QLatin1String("user32"), "GetGestureExtraArgs"); priv->CloseGestureInfoHandle = - (PtrCloseGestureInfoHandle)QLibrary::resolve(QLatin1String("user32"), + (PtrCloseGestureInfoHandle)QSystemLibrary::resolve(QLatin1String("user32"), "CloseGestureInfoHandle"); priv->SetGestureConfig = - (PtrSetGestureConfig)QLibrary::resolve(QLatin1String("user32"), + (PtrSetGestureConfig)QSystemLibrary::resolve(QLatin1String("user32"), "SetGestureConfig"); priv->GetGestureConfig = - (PtrGetGestureConfig)QLibrary::resolve(QLatin1String("user32"), + (PtrGetGestureConfig)QSystemLibrary::resolve(QLatin1String("user32"), "GetGestureConfig"); #endif // QT_NO_NATIVE_GESTURES + QSystemLibrary libTheme(QLatin1String("uxtheme")); priv->BeginPanningFeedback = - (PtrBeginPanningFeedback)QLibrary::resolve(QLatin1String("uxtheme"), - "BeginPanningFeedback"); + (PtrBeginPanningFeedback)libTheme.resolve("BeginPanningFeedback"); priv->UpdatePanningFeedback = - (PtrUpdatePanningFeedback)QLibrary::resolve(QLatin1String("uxtheme"), - "UpdatePanningFeedback"); + (PtrUpdatePanningFeedback)libTheme.resolve("UpdatePanningFeedback"); priv->EndPanningFeedback = - (PtrEndPanningFeedback)QLibrary::resolve(QLatin1String("uxtheme"), - "EndPanningFeedback"); + (PtrEndPanningFeedback)libTheme.resolve("EndPanningFeedback"); #endif } @@ -2294,7 +2292,7 @@ LRESULT CALLBACK QtWndProc(HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam if (!oleaccChecked) { oleaccChecked = true; #if !defined(Q_OS_WINCE) - ptrLresultFromObject = (PtrLresultFromObject)QLibrary::resolve(QLatin1String("oleacc.dll"), "LresultFromObject"); + ptrLresultFromObject = (PtrLresultFromObject)QSystemLibrary::resolve(QLatin1String("oleacc"), "LresultFromObject"); #endif } if (ptrLresultFromObject) { @@ -3080,7 +3078,7 @@ bool QETWidget::translateMouseEvent(const MSG &msg) static PtrTrackMouseEvent ptrTrackMouseEvent = 0; if (!trackMouseEventLookup) { trackMouseEventLookup = true; - ptrTrackMouseEvent = (PtrTrackMouseEvent)QLibrary::resolve(QLatin1String("comctl32"), "_TrackMouseEvent"); + ptrTrackMouseEvent = (PtrTrackMouseEvent)QSystemLibrary::resolve(QLatin1String("comctl32"), "_TrackMouseEvent"); } if (ptrTrackMouseEvent && !qApp->d_func()->inPopupMode()) { // We always have to set the tracking, since @@ -3600,7 +3598,7 @@ static void initWinTabFunctions() if (!qt_is_gui_used) return; - QLibrary library(QLatin1String("wintab32")); + QSystemLibrary library(QLatin1String("wintab32")); if (library.load()) { ptrWTInfo = (PtrWTInfo)library.resolve("WTInfoW"); ptrWTGet = (PtrWTGet)library.resolve("WTGetW"); @@ -4044,7 +4042,7 @@ void QApplicationPrivate::initializeMultitouch_sys() iInkTablets->Release(); } - QLibrary library(QLatin1String("user32")); + QSystemLibrary library(QLatin1String("user32")); // MinGW (g++ 3.4.5) accepts only C casts. RegisterTouchWindow = (PtrRegisterTouchWindow)(library.resolve("RegisterTouchWindow")); GetTouchInputInfo = (PtrGetTouchInputInfo)(library.resolve("GetTouchInputInfo")); |