From 274a74ebef7d36dc857902a5bdc93034468c6fc9 Mon Sep 17 00:00:00 2001 From: anders_k Date: Wed, 23 Mar 2016 13:42:16 +0000 Subject: [PATCH] MakeNSISW should not load libraries from the current directory because we don't control that directory when started from the shell (file associations). git-svn-id: https://svn.code.sf.net/p/nsis/code/NSIS/trunk@6725 212acab6-be3b-0410-9dea-997c60f758d6 --- Contrib/Makensisw/makensisw.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/Contrib/Makensisw/makensisw.cpp b/Contrib/Makensisw/makensisw.cpp index 1a2d6bda..2c00f96a 100644 --- a/Contrib/Makensisw/makensisw.cpp +++ b/Contrib/Makensisw/makensisw.cpp @@ -48,9 +48,12 @@ int g_symbol_set_mode; NSIS_ENTRYPOINT_SIMPLEGUI int WINAPI _tWinMain(HINSTANCE hInst,HINSTANCE hOldInst,LPTSTR CmdLineParams,int ShowCmd) { - MSG msg; - int status; - HACCEL haccel; + + HMODULE hK32 = LoadLibraryA("KERNEL32"); + // We can be associated with .nsi and .nsh files and when launched from the shell we inherit the current directory + // so we need to prevent LoadLibrary from searching the current directory because it can contain untrusted DLLs! + FARPROC SDDA = GetProcAddress(hK32, "SetDllDirectoryA"); // WinXP.SP1+ + if (SDDA) ((BOOL(WINAPI*)(LPCSTR))SDDA)(""); // Remove the current directory from the default DLL search order memset(&g_sdata,0,sizeof(NSCRIPTDATA)); memset(&g_resize,0,sizeof(NRESIZEDATA)); @@ -62,7 +65,7 @@ int WINAPI _tWinMain(HINSTANCE hInst,HINSTANCE hOldInst,LPTSTR CmdLineParams,int if (g_sdata.verbosity > 4) g_sdata.verbosity = 4; RestoreSymbols(); - HINSTANCE hRichEditDLL = LoadLibrary(_T("RichEd20.dll")); + HMODULE hRichEditDLL = LoadLibraryA("RichEd20.dll"); if (!InitBranding()) { MessageBox(0,NSISERROR,ERRBOXTITLE,MB_ICONEXCLAMATION|MB_OK|MB_TASKMODAL); @@ -74,7 +77,9 @@ int WINAPI _tWinMain(HINSTANCE hInst,HINSTANCE hOldInst,LPTSTR CmdLineParams,int MessageBox(0,DLGERROR,ERRBOXTITLE,MB_ICONEXCLAMATION|MB_OK|MB_TASKMODAL); return 1; } - haccel = LoadAccelerators(g_sdata.hInstance, MAKEINTRESOURCE(IDK_ACCEL)); + HACCEL haccel = LoadAccelerators(g_sdata.hInstance, MAKEINTRESOURCE(IDK_ACCEL)); + MSG msg; + int status; while ((status=GetMessage(&msg,0,0,0))!=0) { if (status==-1) return -1; if (!IsDialogMessage(g_find.hwndFind, &msg)) {