AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-06 07:44:57 +03:00
Code Releases Activity

Preventing the Win32 API LoadLibrary() current directory DLL injection issue.

Browse Source 
When loading the DLL file by the LoadLibrary() function in Windows VPN programs, we changed the behavior not to search the current directory. Based on this improvement, even if there are untrusted DLL files in the calendar directory, it is now safe to avoid the problem of unexpected security problem caused by the default loading behavior of Windows. Acknowledgments: This is based on a report by Herman Groeneveld, aka Sh4d0wman.
This commit is contained in:
Daiyuu Nobori
2018-04-22 18:21:19 +09:00
parent b1f74268b1
commit 241813e827
13 changed files with 72 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/vpnclient/vpncsvc.c
View File

@ -143,6 +143,8 @@ void StopProcess()
// WinMain function
int main(int argc, char *argv[])
{
InitProcessCallOnce();
#ifdef OS_WIN32
return MsService(GC_SVC_NAME_VPNCLIENT, StartProcess, StopProcess, ICO_MACHINE, argv[0]);