diff options
Diffstat (limited to 'Python/dynload_win.c')
| -rw-r--r-- | Python/dynload_win.c | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/Python/dynload_win.c b/Python/dynload_win.c index 36918c3..457d47f 100644 --- a/Python/dynload_win.c +++ b/Python/dynload_win.c @@ -215,12 +215,14 @@ dl_funcptr _PyImport_FindSharedFuncptrWindows(const char *prefix, #if HAVE_SXS cookie = _Py_ActivateActCtx(); #endif - /* We use LoadLibraryEx so Windows looks for dependent DLLs - in directory of pathname first. */ - /* XXX This call doesn't exist in Windows CE */ + /* bpo-36085: We use LoadLibraryEx with restricted search paths + to avoid DLL preloading attacks and enable use of the + AddDllDirectory function. We add SEARCH_DLL_LOAD_DIR to + ensure DLLs adjacent to the PYD are preferred. */ Py_BEGIN_ALLOW_THREADS hDLL = LoadLibraryExW(wpathname, NULL, - LOAD_WITH_ALTERED_SEARCH_PATH); + LOAD_LIBRARY_SEARCH_DEFAULT_DIRS | + LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR); Py_END_ALLOW_THREADS #if HAVE_SXS _Py_DeactivateActCtx(cookie); |