nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-17 19:11:00 -05:00
Code Issues Projects Releases Wiki Activity

Load comctl32.dll (for drag lists) at run time.

Browse Source 
This too is not in the list of known DLLs on Windows 10. I don't know
of any actual viable hijacking attack based on it, which according to
my reading of MSDN (specifically, a rather vague hint in
https://msdn.microsoft.com/library/ff919712) _may_ be because we
mention the common controls assembly in our application manifest; but
better safe than sorry.

Now the entire list of remaining DLLs that PuTTY links against at load
time is a subset of the Win10 known DLLs list, so that _should_ mean
that everything we load before we've deployed our own defence
(SetDefaultDllDirectories) is defended against for us by Windows
itself.
This commit is contained in:
Simon Tatham
2017-03-13 21:42:44 +00:00
parent 793ac87275
commit f77ee39e8c
5 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/winstuff.h
View File

@ -329,6 +329,7 @@ struct ctlpos {
int boxystart, boxid;
char *boxtext;
};
void init_common_controls(void); /* also does some DLL-loading */
/*
* Exports from winutils.c.