This is the mail archive of the cygwin-developers mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: src/winsup/utils ChangeLog cygcheck.cc cygpath ...


> CVSROOT: Â Â Â Â/cvs/src
> Module name: Â Âsrc
>
> Modified files:
>    Âwinsup/utils  : ChangeLog cygcheck.cc cygpath.cc ldh.cc
> Â Â Â Â Â Â Â Â Â Â Â Â locale.cc mkgroup.c mkpasswd.c module_info.cc
> Â Â Â Â Â Â Â Â Â Â Â Â path.cc ps.cc regtool.cc strace.cc
> Added files:
>    Âwinsup/utils  : loadlib.h
>
> Log message:
> Â Â Â Â* loadlib.h: New header implementing safe LoadLibrary calls.
> Â Â Â ÂInclude throughout files using LoadLibrary function.
> Â Â Â Â* cygcheck.cc (dump_sysinfo): Retrieve kernel32.dll handle via
> Â Â Â ÂGetModuleHandle, rather than using LoadLibrary.
> Â Â Â Â* cygpath.cc (get_long_name): Ditto.
> Â Â Â Â(do_sysfolders): Append .dll suffix in LoadLibrary call.
> Â Â Â Â* ldh.cc (WinMain): Use LoadLibraryExW with DONT_RESOLVE_DLL_REFERENCES
> Â Â Â Âto avoid loading malicious library code.
> Â Â Â Â* locale.cc (print_locale_with_codeset): Change way to retrieve
> Â Â Â Âkernel32.dll path.

I'm not convinced about the approach of #defining LoadLibrary, because
it's very easy to forget to include loadlib.h, and there's no way to
tell from just looking at a LoadLibrary("bla") call whether it's safe.

Andy


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]