Static Code Analysis : fix non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).

2025-11-11 11:08:02 -06:00 · 2014-07-09 02:20:39 +02:00
parent d6817f941a
commit f67748ae8e
5 changed files with 66 additions and 11 deletions
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -2012,7 +2012,14 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, char *lpszComm
 		}

 		// System Restore
-		SystemRestoreDll = LoadLibrary ("srclient.dll");
+		char dllPath[MAX_PATH];
+		if (GetSystemDirectory (dllPath, MAX_PATH))
+		{
+			strcat(dllPath, "\\srclient.dll");
+		}
+		else
+			strcpy(dllPath, "C:\\Windows\\System32\\srclient.dll");
+		SystemRestoreDll = LoadLibrary (dllPath);

 		if (!bUninstall)
 		{