linuxdcpp-team team mailing list archive

Thread
Date

[Branch ~dcplusplus-team/dcplusplus/trunk] Rev 2223: fix Windows cwd DLL injection window

To: LinuxDC++ Team <linuxdcpp-team@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Sun, 29 Aug 2010 17:25:43 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 2223
committer: cologic <ne5@xxxxxxxxxxx>
branch nick: dcplusplus
timestamp: Sun 2010-08-29 13:23:20 -0400
message:
  fix Windows cwd DLL injection window
modified:
  changelog.txt
  dcpp/stdinc.h
  win32/main.cpp


--
lp:dcplusplus
https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk

Your team Dcplusplus-team is subscribed to branch lp:dcplusplus.
To unsubscribe from this branch go to https://code.launchpad.net/~dcplusplus-team/dcplusplus/trunk/+edit-subscription

=== modified file 'changelog.txt'
--- changelog.txt	2010-08-29 16:00:08 +0000
+++ changelog.txt	2010-08-29 17:23:20 +0000
@@ -13,6 +13,7 @@
 * Use boost's timing functions (arnetheduck)
 * New icons
 * Update the links in the "Help" menu (poy)
+* Prevent current-directory Windows DLL injection (cologic)
 
 -- 0.770 2010-07-05 --
 * [L#550300] Catch more potential file corruptions (thanks bigmuscle)

=== modified file 'dcpp/stdinc.h'
--- dcpp/stdinc.h	2010-07-10 14:36:48 +0000
+++ dcpp/stdinc.h	2010-08-29 17:23:20 +0000
@@ -53,7 +53,7 @@
 #endif // _MSC_VER
 
 #ifdef _WIN32
-# define _WIN32_WINNT 0x0501
+# define _WIN32_WINNT 0x0502
 # define _WIN32_IE	0x0501
 # define WINVER 0x501
 

=== modified file 'win32/main.cpp'
--- win32/main.cpp	2010-07-22 15:31:17 +0000
+++ win32/main.cpp	2010-08-29 17:23:20 +0000
@@ -73,6 +73,10 @@
 	dcdebug("StartWinMain\n");
 
 	WinUtil::enableDEP();
+
+	// http://www.kb.cert.org/vuls/id/707943 part III, "For Developers".
+	::SetDllDirectory(_T(""));
+
 	Util::initialize();
 
 	string configPathHash;