2011-05-09 13:32 UTC+0200 Viktor Szakats (harbour.01 syenar.hu)

* contrib/hbwin/hbwapi.h
  * contrib/hbwin/wapi_misc.c
    * hbwapi_FileNameAtSystemDir() made static
    + hbwapi_LoadLibrarySystem() public function added
      this is safe version of LoadLibrary() when loading Windows
      system dlls. it will avoid dll hijacking vulnerability.
    ! deleted HB_EXPORT from hbwapi_t*() functions, they are
      public to this lib due to UNICODE setting dependance
    ; TODO: make hbwapi_LoadLibrarySystem() effective also for WinCE, 
            for now it will not add any system path under this platform.

  * contrib/hbwin/axcore.c
  * contrib/hbwin/mapi.c
  * contrib/hbwin/win_prn2.c
  * contrib/hbwin/win_prn3.c
  * contrib/hbwin/wapi_shellapi.c
    ! LoadLibrary() -> hbwapi_LoadLibrarySystem()
      thus fixing dll hijack vulnerability

harbour/ChangeLog

@@ -16,6 +16,26 @@
    The license applies to all entries newer than 2009-04-28.
 */
 
+2011-05-09 13:32 UTC+0200 Viktor Szakats (harbour.01 syenar.hu)
+  * contrib/hbwin/hbwapi.h
+  * contrib/hbwin/wapi_misc.c
+    * hbwapi_FileNameAtSystemDir() made static
+    + hbwapi_LoadLibrarySystem() public function added
+      this is safe version of LoadLibrary() when loading Windows
+      system dlls. it will avoid dll hijacking vulnerability.
+    ! deleted HB_EXPORT from hbwapi_t*() functions, they are
+      public to this lib due to UNICODE setting dependance
+    ; TODO: make hbwapi_LoadLibrarySystem() effective also for WinCE,
+            for now it will not add any system path under this platform.
+
+  * contrib/hbwin/axcore.c
+  * contrib/hbwin/mapi.c
+  * contrib/hbwin/win_prn2.c
+  * contrib/hbwin/win_prn3.c
+  * contrib/hbwin/wapi_shellapi.c
+    ! LoadLibrary() -> hbwapi_LoadLibrarySystem()
+      thus fixing dll hijack vulnerability
+
 2011-05-09 13:13 UTC+0200 Viktor Szakats (harbour.01 syenar.hu)
   + contrib/hbwin/wapi_misc.c
   * contrib/hbwin/hbwin.hbp

harbour/contrib/hbwin/axcore.c

@@ -50,6 +50,7 @@
  *
  */
 
+#include "hbwapi.h"
 #include "hbwinole.h"
 #include <olectl.h>
 
@@ -105,7 +106,7 @@ HB_BOOL hb_oleAxInit( void )
    {
       PHB_AX_WININIT pAtlAxWinInit;
 
-      s_hLib = LoadLibrary( TEXT( "atl.dll" ) );
+      s_hLib = hbwapi_LoadLibrarySystem( TEXT( "atl.dll" ) );
       if( ( unsigned long ) ( HB_PTRDIFF ) s_hLib <= 32 )
       {
          s_hLib = NULL;

harbour/contrib/hbwin/hbwapi.h

@@ -126,10 +126,12 @@
 
 HB_EXTERN_BEGIN
 
-extern HB_EXPORT TCHAR *   hbwapi_tstrdup( const TCHAR * pszText );
-extern HB_EXPORT TCHAR *   hbwapi_tstrncat( TCHAR * pDest, const TCHAR * pSource, HB_SIZE nLen );
-extern HB_EXPORT HB_SIZE   hbwapi_tstrlen( const TCHAR * pText );
-extern HB_EXPORT TCHAR *   hbwapi_FileNameAtSystemDir( const TCHAR * pFileName );
+/* Intentionally not used HB_EXPORT. These are UNICODE setting dependent functions,
+   meant to use only by the library itself. [vszakats] */
+extern TCHAR *   hbwapi_tstrdup( const TCHAR * pszText );
+extern TCHAR *   hbwapi_tstrncat( TCHAR * pDest, const TCHAR * pSource, HB_SIZE nLen );
+extern HB_SIZE   hbwapi_tstrlen( const TCHAR * pText );
+extern HMODULE   hbwapi_LoadLibrarySystem( LPCTSTR pFileName );
 
 extern HB_EXPORT void      hbwapi_SetLastError( DWORD dwLastError );
 extern HB_EXPORT DWORD     hbwapi_GetLastError( void );

harbour/contrib/hbwin/mapi.c

@@ -59,7 +59,7 @@
 #  endif
 #endif
 
-#include "hbwin.h"
+#include "hbwapi.h"
 #if defined( HB_OS_WIN_CE )
 #  include "hbwince.h"
 #endif
@@ -85,7 +85,7 @@ HB_FUNC( WIN_MAPISENDMAIL )
    /* Set default return value */
    hb_retnl( -1 );
 
-   if( ( hMapiDll = LoadLibrary( TEXT( "mapi32.dll" ) ) ) >= ( HINSTANCE ) 32 )
+   if( ( hMapiDll = hbwapi_LoadLibrarySystem( TEXT( "mapi32.dll" ) ) ) >= ( HINSTANCE ) 32 )
    {
       LPMAPISENDMAIL MAPISendMail = ( LPMAPISENDMAIL ) GetProcAddress( hMapiDll, "MAPISendMail" );
 

harbour/contrib/hbwin/wapi_misc.c

@@ -101,7 +101,7 @@ HB_SIZE hbwapi_tstrlen( const TCHAR * pText )
    return nLen;
 }
 
-TCHAR * hbwapi_FileNameAtSystemDir( const TCHAR * pFileName )
+static TCHAR * hbwapi_FileNameAtSystemDir( const TCHAR * pFileName )
 {
 #if defined( HB_OS_WIN_CE )
    return hbwapi_tstrdup( pFileName );
@@ -131,3 +131,14 @@ TCHAR * hbwapi_FileNameAtSystemDir( const TCHAR * pFileName )
       return hbwapi_tstrdup( pFileName );
 #endif
 }
+
+HMODULE hbwapi_LoadLibrarySystem( LPCTSTR pFileName )
+{
+   TCHAR * pLibPath = hbwapi_FileNameAtSystemDir( pFileName );
+
+   HMODULE h = LoadLibrary( pLibPath );
+
+   hb_xfree( pLibPath );
+
+   return h;
+}

harbour/contrib/hbwin/wapi_shellapi.c

@@ -85,7 +85,7 @@ HB_FUNC( WAPI_ISUSERANADMIN )
 {
    BOOL bResult = FALSE;
 
-   HMODULE hLib = LoadLibrary( TEXT( "shell32.dll" ) );
+   HMODULE hLib = hbwapi_LoadLibrarySystem( TEXT( "shell32.dll" ) );
 
    if( hLib )
    {

harbour/contrib/hbwin/win_prn2.c

@@ -132,7 +132,7 @@ static void hb_GetDefaultPrinter( PHB_ITEM pPrinterName )
    {
       typedef BOOL( WINAPI * DEFPRINTER ) ( LPTSTR, LPDWORD );
       DEFPRINTER fnGetDefaultPrinter;
-      HMODULE hWinSpool = LoadLibrary( TEXT( "winspool.drv" ) );
+      HMODULE hWinSpool = hbwapi_LoadLibrarySystem( TEXT( "winspool.drv" ) );
 
       if( hWinSpool )
       {

harbour/contrib/hbwin/win_prn3.c

@@ -125,7 +125,7 @@ static HB_BOOL hb_SetDefaultPrinter( LPCTSTR lpPrinterName )
          typedef BOOL ( WINAPI * DEFPRINTER )( LPCTSTR ); /* stops warnings */
          DEFPRINTER fnSetDefaultPrinter;
 
-         hWinSpool = LoadLibrary( TEXT( "winspool.drv" ) );
+         hWinSpool = hbwapi_LoadLibrarySystem( TEXT( "winspool.drv" ) );
          if( ! hWinSpool )
             return HB_FALSE;
          fnSetDefaultPrinter = ( DEFPRINTER ) GetProcAddress( hWinSpool,