nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-19 03:51:02 -05:00
Code Issues Projects Releases Wiki Activity

Load comctl32.dll (for drag lists) at run time.

Browse Source 
This too is not in the list of known DLLs on Windows 10. I don't know
of any actual viable hijacking attack based on it, which according to
my reading of MSDN (specifically, a rather vague hint in
https://msdn.microsoft.com/library/ff919712) _may_ be because we
mention the common controls assembly in our application manifest; but
better safe than sorry.

Now the entire list of remaining DLLs that PuTTY links against at load
time is a subset of the Win10 known DLLs list, so that _should_ mean
that everything we load before we've deployed our own defence
(SetDefaultDllDirectories) is defended against for us by Windows
itself.
This commit is contained in:
Simon Tatham
2017-03-13 21:42:44 +00:00
parent 793ac87275
commit f77ee39e8c
5 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/winpgen.c
View File

@ -1529,7 +1529,7 @@ int WINAPI WinMain(HINSTANCE inst, HINSTANCE prev, LPSTR cmdline, int show)
dll_hijacking_protection();
InitCommonControls();
init_common_controls();
hinst = inst;
hwnd = NULL;