diff options
author | Brad Fitzpatrick <bradfitz@golang.org> | 2016-03-25 06:40:58 +0000 |
---|---|---|
committer | Brad Fitzpatrick <bradfitz@golang.org> | 2016-04-01 22:55:36 +0000 |
commit | 683448a304a3871039ab44fc01e839f05ac36f05 (patch) | |
tree | 7e97c203c9b5cbbbbe9da7b0ff730590488fa1ac /src/runtime/syscall_windows.go | |
parent | 59fc42b230671d083feb68925d9cadc1da1d2616 (diff) | |
download | go-683448a304a3871039ab44fc01e839f05ac36f05.tar.gz go-683448a304a3871039ab44fc01e839f05ac36f05.zip |
runtime, syscall: only search for Windows DLLs in the System32 directory
Make sure that for any DLL that Go uses itself, we only look for the
DLL in the Windows System32 directory, guarding against DLL preloading
attacks.
(Unless the Windows version is ancient and LoadLibraryEx is
unavailable, in which case the user probably has bigger security
problems anyway.)
This does not change the behavior of syscall.LoadLibrary or NewLazyDLL
if the DLL name is something unused by Go itself.
This change also intentionally does not add any new API surface. Instead,
x/sys is updated with a LoadLibraryEx function and LazyDLL.Flags in:
https://golang.org/cl/21388
Updates #14959
Change-Id: I8d29200559cc19edf8dcf41dbdd39a389cd6aeb9
Reviewed-on: https://go-review.googlesource.com/21140
Reviewed-by: Russ Cox <rsc@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Diffstat (limited to 'src/runtime/syscall_windows.go')
-rw-r--r-- | src/runtime/syscall_windows.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/src/runtime/syscall_windows.go b/src/runtime/syscall_windows.go index ebfa32ff8c..cd23b8da6b 100644 --- a/src/runtime/syscall_windows.go +++ b/src/runtime/syscall_windows.go @@ -88,6 +88,41 @@ func compileCallback(fn eface, cleanstack bool) (code uintptr) { return callbackasmAddr(n) } +const _LOAD_LIBRARY_SEARCH_SYSTEM32 = 0x00000800 + +//go:linkname syscall_loadsystemlibrary syscall.loadsystemlibrary +//go:nosplit +func syscall_loadsystemlibrary(filename *uint16) (handle, err uintptr) { + c := &getg().m.syscall + + if useLoadLibraryEx { + c.fn = getLoadLibraryEx() + c.n = 3 + args := struct { + lpFileName *uint16 + hFile uintptr // always 0 + flags uint32 + }{filename, 0, _LOAD_LIBRARY_SEARCH_SYSTEM32} + c.args = uintptr(noescape(unsafe.Pointer(&args))) + } else { + // User is on Windows XP or something ancient. + // The caller wanted to only load the filename DLL + // from the System32 directory but that facility + // doesn't exist, so just load it the normal way. This + // is a potential security risk, but so is Windows XP. + c.fn = getLoadLibrary() + c.n = 1 + c.args = uintptr(noescape(unsafe.Pointer(&filename))) + } + + cgocall(asmstdcallAddr, unsafe.Pointer(c)) + handle = c.r1 + if handle == 0 { + err = c.err + } + return +} + //go:linkname syscall_loadlibrary syscall.loadlibrary //go:nosplit func syscall_loadlibrary(filename *uint16) (handle, err uintptr) { |