mirror of
https://github.com/moparisthebest/curl
synced 2024-08-13 17:03:50 -04:00
checksrc: Add LoadLibrary to the banned functions list
LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d
.
This commit is contained in:
parent
1aa899ff38
commit
84a48e5732
@ -421,7 +421,13 @@ sub scanfile {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# scan for use of banned functions
|
# scan for use of banned functions
|
||||||
if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|_mbscat|_mbsncat|_tcscat|_tcsncat|wcscat|wcsncat|gets)\s*\(/) {
|
if($l =~ /^(.*\W)
|
||||||
|
(gets|
|
||||||
|
v?sprintf|
|
||||||
|
(str|_mbs|_tcs|_wcs)n?cat|
|
||||||
|
LoadLibrary(Ex)?(A|W)?)
|
||||||
|
\s*\(
|
||||||
|
/x) {
|
||||||
checkwarn("BANNEDFUNC",
|
checkwarn("BANNEDFUNC",
|
||||||
$line, length($1), $file, $ol,
|
$line, length($1), $file, $ol,
|
||||||
"use of $2 is banned");
|
"use of $2 is banned");
|
||||||
|
@ -249,10 +249,12 @@ HMODULE Curl_load_library(LPCTSTR filename)
|
|||||||
there is. Note: Both back slashes and forward slashes have been supported
|
there is. Note: Both back slashes and forward slashes have been supported
|
||||||
since the earlier days of DOS at an API level although they are not
|
since the earlier days of DOS at an API level although they are not
|
||||||
supported by command prompt */
|
supported by command prompt */
|
||||||
if(_tcspbrk(filename, TEXT("\\/")))
|
if(_tcspbrk(filename, TEXT("\\/"))) {
|
||||||
|
/** !checksrc! disable BANNEDFUNC 1 **/
|
||||||
hModule = pLoadLibraryEx ?
|
hModule = pLoadLibraryEx ?
|
||||||
pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
||||||
LoadLibrary(filename);
|
LoadLibrary(filename);
|
||||||
|
}
|
||||||
/* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
|
/* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
|
||||||
supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
|
supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
|
||||||
Server 2008 R2 with this patch or natively on Windows 8 and above */
|
Server 2008 R2 with this patch or natively on Windows 8 and above */
|
||||||
@ -274,6 +276,7 @@ HMODULE Curl_load_library(LPCTSTR filename)
|
|||||||
_tcscpy(path + _tcslen(path), filename);
|
_tcscpy(path + _tcslen(path), filename);
|
||||||
|
|
||||||
/* Load the DLL from the Windows system directory */
|
/* Load the DLL from the Windows system directory */
|
||||||
|
/** !checksrc! disable BANNEDFUNC 1 **/
|
||||||
hModule = pLoadLibraryEx ?
|
hModule = pLoadLibraryEx ?
|
||||||
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
||||||
LoadLibrary(path);
|
LoadLibrary(path);
|
||||||
|
Loading…
Reference in New Issue
Block a user