Merge pull request #510 from dnobori/b3_loadlibrary

Preventing the Win32 API LoadLibrary() current directory DLL injection issue.

src/Mayaqua/Mayaqua.c

@@ -154,7 +154,19 @@ static UINT64 probe_start = 0;
 static UINT64 probe_last = 0;
 static bool probe_enabled = false;
 
+// The function which should be called once as soon as possible after the process is started
+static bool init_proc_once_flag = false;
+void InitProcessCallOnce()
+{
+	if (init_proc_once_flag == false)
+	{
+		init_proc_once_flag = true;
 
+#ifdef	OS_WIN32
+		MsInitProcessCallOnce();
+#endif	// OS_WIN32
+	}
+}
 
 // Calculate the checksum
 USHORT CalcChecksum16(void *buf, UINT size)
@@ -490,6 +502,8 @@ void InitMayaqua(bool memcheck, bool debug, int argc, char **argv)
 		return;
 	}
 
+	InitProcessCallOnce();
+
 	g_memcheck = memcheck;
 	g_debug = debug;
 	cmdline = NULL;

src/Mayaqua/Mayaqua.h

@@ -133,6 +133,8 @@
 
 #endif	// VPN_SPEED
 
+void InitProcessCallOnce();
+
 #ifdef	VPN_EXE
 // To build the executable file
 #ifdef	WIN32
@@ -142,6 +144,7 @@ int main(int argc, char *argv[]);
 int PASCAL WinMain(HINSTANCE hInst, HINSTANCE hPrev, char *CmdLine, int CmdShow)
 {
 	char *argv[] = { CmdLine, };
+	InitProcessCallOnce();
 	return main(1, argv);
 }
 #endif	// WIN32

src/Mayaqua/Microsoft.c

@@ -273,6 +273,43 @@ typedef struct MS_MSCHAPV2_PARAMS
 	UCHAR ResponseBuffer[MAX_SIZE];
 } MS_MSCHAPV2_PARAMS;
 
+// The function which should be called once as soon as possible after the process is started
+void MsInitProcessCallOnce()
+{
+	// Mitigate the DLL injection attack
+	char system_dir[MAX_PATH];
+	char kernel32_path[MAX_PATH];
+	UINT len;
+	HINSTANCE hKernel32;
+
+	// Get the full path of kernel32.dll
+	memset(system_dir, 0, sizeof(system_dir));
+	GetSystemDirectory(system_dir, sizeof(system_dir));
+	len = lstrlenA(system_dir);
+	if (system_dir[len] == '\\')
+	{
+		system_dir[len] = 0;
+	}
+	wsprintfA(kernel32_path, "%s\\kernel32.dll", system_dir);
+
+	// Load kernel32.dll
+	hKernel32 = LoadLibraryA(kernel32_path);
+	if (hKernel32 != NULL)
+	{
+		BOOL (WINAPI *_SetDllDirectoryA)(LPCTSTR);
+
+		_SetDllDirectoryA = (BOOL (WINAPI *)(LPCTSTR))
+			GetProcAddress(hKernel32, "SetDllDirectoryA");
+
+		if (_SetDllDirectoryA != NULL)
+		{
+			_SetDllDirectoryA("");
+		}
+
+		FreeLibrary(hKernel32);
+	}
+}
+
 // Collect the information of the VPN software
 bool MsCollectVpnInfo(BUF *bat, char *tmpdir, char *svc_name, wchar_t *config_name, wchar_t *logdir_name)
 {

src/Mayaqua/Microsoft.h

@@ -1160,6 +1160,7 @@ void MsTest();
 
 bool MsSaveSystemInfo(wchar_t *dst_filename);
 bool MsCollectVpnInfo(BUF *bat, char *tmpdir, char *svc_name, wchar_t *config_name, wchar_t *logdir_name);
+void MsInitProcessCallOnce();
 
 MS_SUSPEND_HANDLER *MsNewSuspendHandler();
 void MsFreeSuspendHandler(MS_SUSPEND_HANDLER *h);