diff options
| author | Steve Dower <steve.dower@microsoft.com> | 2019-03-29 23:37:16 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-03-29 23:37:16 (GMT) |
| commit | 2438cdf0e932a341c7613bf4323d06b91ae9f1f1 (patch) | |
| tree | 231cdf3f22e1d5eb9f88fe7a511ab47e3cf8d225 /Python/dynload_win.c | |
| parent | 32119e10b792ad7ee4e5f951a2d89ddbaf111cc5 (diff) | |
| download | cpython-2438cdf0e932a341c7613bf4323d06b91ae9f1f1.zip cpython-2438cdf0e932a341c7613bf4323d06b91ae9f1f1.tar.gz cpython-2438cdf0e932a341c7613bf4323d06b91ae9f1f1.tar.bz2 | |
bpo-36085: Enable better DLL resolution on Windows (GH-12302)
Diffstat (limited to 'Python/dynload_win.c')
| -rw-r--r-- | Python/dynload_win.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/Python/dynload_win.c b/Python/dynload_win.c index 36918c3..457d47f 100644 --- a/Python/dynload_win.c +++ b/Python/dynload_win.c @@ -215,12 +215,14 @@ dl_funcptr _PyImport_FindSharedFuncptrWindows(const char *prefix, #if HAVE_SXS cookie = _Py_ActivateActCtx(); #endif - /* We use LoadLibraryEx so Windows looks for dependent DLLs - in directory of pathname first. */ - /* XXX This call doesn't exist in Windows CE */ + /* bpo-36085: We use LoadLibraryEx with restricted search paths + to avoid DLL preloading attacks and enable use of the + AddDllDirectory function. We add SEARCH_DLL_LOAD_DIR to + ensure DLLs adjacent to the PYD are preferred. */ Py_BEGIN_ALLOW_THREADS hDLL = LoadLibraryExW(wpathname, NULL, - LOAD_WITH_ALTERED_SEARCH_PATH); + LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | + LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR); Py_END_ALLOW_THREADS #if HAVE_SXS _Py_DeactivateActCtx(cookie); |