summaryrefslogtreecommitdiff
path: root/lib/telnet.c
diff options
context:
space:
mode:
authorSteve Holme <steve_holme@hotmail.com>2016-05-29 22:57:40 +0200
committerDaniel Stenberg <daniel@haxx.se>2016-05-30 08:14:27 +0200
commit6df916d751e72fc9a1febc07bb59c4ddd886c043 (patch)
tree4719db7dad6c1a8068988e22f5569a120a602091 /lib/telnet.c
parentddf25f6b28c944702792b9555d47cdeb8217fece (diff)
downloadcurl-6df916d751e72fc9a1febc07bb59c4ddd886c043.tar.gz
loadlibrary: Only load system DLLs from the system directory
Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
Diffstat (limited to 'lib/telnet.c')
-rw-r--r--lib/telnet.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/telnet.c b/lib/telnet.c
index 6b73bc5bd..870a1b825 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -51,6 +51,7 @@
#include "telnet.h"
#include "connect.h"
#include "progress.h"
+#include "system_win32.h"
#define TELOPTS
#define TELCMDS
@@ -1334,7 +1335,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
/* OK, so we have WinSock 2.0. We need to dynamically */
/* load ws2_32.dll and get the function pointers we need. */
- wsock2 = LoadLibrary(TEXT("WS2_32.DLL"));
+ wsock2 = Curl_load_library(TEXT("WS2_32.DLL"));
if(wsock2 == NULL) {
failf(data, "failed to load WS2_32.DLL (%d)", ERRNO);
return CURLE_FAILED_INIT;