Skip to content

Commit

Permalink
Mitigate .local DLL redirection Windows bug.
Browse files Browse the repository at this point in the history
  • Loading branch information
barnson authored and robmen committed Feb 6, 2024
1 parent 74ef526 commit fec38b6
Show file tree
Hide file tree
Showing 3 changed files with 28 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/burn/stub/precomp.h
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@

#include <dutil.h>
#include <apputil.h>
#include <dirutil.h>
#include <strutil.h>
#include <fileutil.h>
#include <pathutil.h>
Expand Down
26 changes: 26 additions & 0 deletions src/burn/stub/stub.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

#include "precomp.h"

static const HRESULT E_SUSPECTED_TAMPERING = MAKE_HRESULT(SEVERITY_ERROR, 500/*FACILITY_WIX*/, 2001);

static void AvoidLocalDllRedirection(LPCWSTR wzPath);


int WINAPI wWinMain(
__in HINSTANCE hInstance,
Expand Down Expand Up @@ -52,6 +56,8 @@ int WINAPI wWinMain(
AppInitialize(rgsczSafelyLoadSystemDlls, countof(rgsczSafelyLoadSystemDlls));
}

AvoidLocalDllRedirection(sczPath);

// call run
hr = EngineRun(hInstance, hEngineFile, lpCmdLine, nCmdShow, &dwExitCode);
ExitOnFailure(hr, "Failed to run application.");
Expand All @@ -63,3 +69,23 @@ int WINAPI wWinMain(

return FAILED(hr) ? (int)hr : (int)dwExitCode;
}

static void AvoidLocalDllRedirection(LPCWSTR wzPath)
{
LPWSTR sczLocalPath = NULL;
HMODULE hmodComCtl = NULL;

// Bail if there's a <bundle>.exe.local directory, as it's a feature of
// DLL redirection that has no real use for a bundle and is a hole for
// DLL hijacking attacks.

if (FAILED(StrAllocFormatted(&sczLocalPath, L"%ls.local", wzPath))
|| DirExists(sczLocalPath, NULL)
|| FileExistsEx(sczLocalPath, NULL)
|| FAILED(LoadSystemLibrary(L"Comctl32.dll", &hmodComCtl)))
{
::ExitProcess((UINT)E_SUSPECTED_TAMPERING);
}

ReleaseStr(sczLocalPath);
}
1 change: 1 addition & 0 deletions src/burn/stub/stub.vcxproj
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@
<SwapRunFromCD>true</SwapRunFromCD>
<SwapRunFromNET>true</SwapRunFromNET>
<DelayLoadDLLs>cabinet.dll;crypt32.dll;msi.dll;shlwapi.dll;userenv.dll;version.dll;wininet.dll;wintrust.dll</DelayLoadDLLs>
<AdditionalOptions>/DEPENDENTLOADFLAG:0x800 %(AdditionalOptions)</AdditionalOptions>
</Link>
</ItemDefinitionGroup>

Expand Down

0 comments on commit fec38b6

Please sign in to comment.