loadlibrary: Only load system DLLs from the system directory

Inspiration provided by: Daniel Stenberg and Ray Satiro Bug: https://curl.haxx.se/docs/adv_20160530.html Ref: Windows DLL hijacking with curl, CVE-2016-4802
author: Steve Holme <steve_holme@hotmail.com> 2016-05-29 22:57:40 +0200
committer: Daniel Stenberg <daniel@haxx.se> 2016-05-30 08:14:27 +0200
commit: 6df916d751e72fc9a1febc07bb59c4ddd886c043 (patch)
tree: 4719db7dad6c1a8068988e22f5569a120a602091 /lib/telnet.c
parent: ddf25f6b28c944702792b9555d47cdeb8217fece (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/lib/telnet.c b/lib/telnet.c
index 6b73bc5bd..870a1b825 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -51,6 +51,7 @@
 #include "telnet.h"
 #include "connect.h"
 #include "progress.h"
+#include "system_win32.h"
 
 #define  TELOPTS
 #define  TELCMDS
@@ -1334,7 +1335,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
 
   /* OK, so we have WinSock 2.0.  We need to dynamically */
   /* load ws2_32.dll and get the function pointers we need. */
-  wsock2 = LoadLibrary(TEXT("WS2_32.DLL"));
+  wsock2 = Curl_load_library(TEXT("WS2_32.DLL"));
   if(wsock2 == NULL) {
     failf(data, "failed to load WS2_32.DLL (%d)", ERRNO);
     return CURLE_FAILED_INIT;
author	Steve Holme <steve_holme@hotmail.com>	2016-05-29 22:57:40 +0200
committer	Daniel Stenberg <daniel@haxx.se>	2016-05-30 08:14:27 +0200
commit	6df916d751e72fc9a1febc07bb59c4ddd886c043 (patch)
tree	4719db7dad6c1a8068988e22f5569a120a602091 /lib/telnet.c
parent	ddf25f6b28c944702792b9555d47cdeb8217fece (diff)