Preventing the Win32 API LoadLibrary() current directory DLL injection issue.

When loading the DLL file by the LoadLibrary() function in Windows VPN programs, we changed the behavior not to search the current directory. Based on this improvement, even if there are untrusted DLL files in the calendar directory, it is now safe to avoid the problem of unexpected security problem caused by the default loading behavior of Windows. Acknowledgments: This is based on a report by Herman Groeneveld, aka Sh4d0wman.
2025-12-04 17:21:31 +03:00 · 2018-04-22 18:21:19 +09:00
parent b1f74268b1
commit 241813e827
13 changed files with 72 additions and 0 deletions
--- a/src/Mayaqua/Mayaqua.c
+++ b/src/Mayaqua/Mayaqua.c
@ -154,7 +154,19 @@ static UINT64 probe_start = 0;
 static UINT64 probe_last = 0;
 static bool probe_enabled = false;

+// The function which should be called once as soon as possible after the process is started
+static bool init_proc_once_flag = false;
+void InitProcessCallOnce()
+{
+	if (init_proc_once_flag == false)
+	{
+		init_proc_once_flag = true;

+#ifdef	OS_WIN32
+		MsInitProcessCallOnce();
+#endif	// OS_WIN32
+	}
+}

 // Calculate the checksum
 USHORT CalcChecksum16(void *buf, UINT size)
@ -490,6 +502,8 @@ void InitMayaqua(bool memcheck, bool debug, int argc, char **argv)
 		return;
 	}

+	InitProcessCallOnce();
+
 	g_memcheck = memcheck;
 	g_debug = debug;
 	cmdline = NULL;