mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
checksrc: Add LoadLibrary to the banned functions list
LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d
.
This commit is contained in:
parent
1aa899ff38
commit
84a48e5732
@ -421,7 +421,13 @@ sub scanfile {
|
||||
}
|
||||
|
||||
# scan for use of banned functions
|
||||
if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|_mbscat|_mbsncat|_tcscat|_tcsncat|wcscat|wcsncat|gets)\s*\(/) {
|
||||
if($l =~ /^(.*\W)
|
||||
(gets|
|
||||
v?sprintf|
|
||||
(str|_mbs|_tcs|_wcs)n?cat|
|
||||
LoadLibrary(Ex)?(A|W)?)
|
||||
\s*\(
|
||||
/x) {
|
||||
checkwarn("BANNEDFUNC",
|
||||
$line, length($1), $file, $ol,
|
||||
"use of $2 is banned");
|
||||
|
@ -249,10 +249,12 @@ HMODULE Curl_load_library(LPCTSTR filename)
|
||||
there is. Note: Both back slashes and forward slashes have been supported
|
||||
since the earlier days of DOS at an API level although they are not
|
||||
supported by command prompt */
|
||||
if(_tcspbrk(filename, TEXT("\\/")))
|
||||
if(_tcspbrk(filename, TEXT("\\/"))) {
|
||||
/** !checksrc! disable BANNEDFUNC 1 **/
|
||||
hModule = pLoadLibraryEx ?
|
||||
pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
||||
LoadLibrary(filename);
|
||||
}
|
||||
/* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
|
||||
supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
|
||||
Server 2008 R2 with this patch or natively on Windows 8 and above */
|
||||
@ -274,6 +276,7 @@ HMODULE Curl_load_library(LPCTSTR filename)
|
||||
_tcscpy(path + _tcslen(path), filename);
|
||||
|
||||
/* Load the DLL from the Windows system directory */
|
||||
/** !checksrc! disable BANNEDFUNC 1 **/
|
||||
hModule = pLoadLibraryEx ?
|
||||
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
|
||||
LoadLibrary(path);
|
||||
|
Loading…
Reference in New Issue
Block a user