diff options
author | Steve Dower <steve.dower@python.org> | 2020-01-30 17:18:25 +1100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-01-29 22:18:25 -0800 |
commit | ad4a20b87d79a619ffbdea3f26848780899494e5 (patch) | |
tree | f85a50746f1c1209db64f26299f5b842ee4b32a9 | |
parent | 58076df0c59677111dc77b72852cb2a313a2ef91 (diff) | |
download | cpython-git-ad4a20b87d79a619ffbdea3f26848780899494e5.tar.gz |
[3.8] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231) (GH-18234)
https://bugs.python.org/issue39401
Automerge-Triggered-By: @zooba
-rw-r--r-- | Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst | 1 | ||||
-rw-r--r-- | PC/getpathp.c | 6 |
2 files changed, 5 insertions, 2 deletions
diff --git a/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst new file mode 100644 index 0000000000..5071e126b7 --- /dev/null +++ b/Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst @@ -0,0 +1 @@ +Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7. diff --git a/PC/getpathp.c b/PC/getpathp.c index 04f24d986f..3747ffb2d8 100644 --- a/PC/getpathp.c +++ b/PC/getpathp.c @@ -251,7 +251,8 @@ static void join(wchar_t *buffer, const wchar_t *stuff) { if (_PathCchCombineEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx"); } @@ -287,7 +288,8 @@ canonicalize(wchar_t *buffer, const wchar_t *path) } if (_PathCchCanonicalizeEx_Initialized == 0) { - HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); + HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL, + LOAD_LIBRARY_SEARCH_SYSTEM32); if (pathapi) { _PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx"); } |