nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Fix loading of SSPICLI.DLL by SECUR32.DLL.

Browse Source 
If MIT Kerberos is installed, then using GetProcAddress to extract
GetUserNameExA() from secur32.dll causes Windows to implicitly load
sspicli.dll in turn - and it does it in a search-path-unclean way.

If we load it in our own way before that happens, then Windows doesn't
need to load it again and won't do so wrongly.

[SGT: tidied up commit message from original patch]
This commit is contained in:
Christopher Odenbach 2017-04-11 14:04:00 +02:00 committed by Simon Tatham
parent 802b4edf4d
commit 3ff3be3882
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/winmisc.c
View File

@ -101,6 +101,11 @@ char *get_username(void)
if (!tried_usernameex) {
/* Not available on Win9x, so load dynamically */
HMODULE secur32 = load_system32_dll("secur32.dll");
/* If MIT Kerberos is installed, the following call to
GET_WINDOWS_FUNCTION makes Windows implicitly load
sspicli.dll WITHOUT proper path sanitizing, so better
load it properly before */
HMODULE sspicli = load_system32_dll("sspicli.dll");
GET_WINDOWS_FUNCTION(secur32, GetUserNameExA);
tried_usernameex = TRUE;
}