Static Code Analysis : fix non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).

2025-11-11 19:08:26 -06:00 · 2014-07-09 02:20:39 +02:00
parent d6817f941a
commit f67748ae8e
5 changed files with 66 additions and 11 deletions
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -573,7 +573,15 @@ BOOL SlowPoll (void)
 	{
 		/* Obtain a handle to the module containing the Lan Manager
 		   functions */
-		hNetAPI32 = LoadLibrary ("NETAPI32.DLL");
+		char dllPath[MAX_PATH];
+		if (GetSystemDirectory (dllPath, MAX_PATH))
+		{
+			strcat(dllPath, "\\NETAPI32.DLL");
+		}
+		else
+			strcpy(dllPath, "C:\\Windows\\System32\\NETAPI32.DLL");
+
+		hNetAPI32 = LoadLibrary (dllPath);
 		if (hNetAPI32 != NULL)
 		{
 			/* Now get pointers to the functions */