aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2016-06-05 21:07:03 -0400
committerJay Satiro <raysatiro@yahoo.com>2016-06-05 21:07:03 -0400
commit84a48e5732d9dd0c98fda3597352e4b16f35a7ad (patch)
tree0a3c987061a90ed84f82e82123d6cbabeb6d2488 /lib
parent1aa899ff38548a5d1c196f5c9ad7047f0fae3f5a (diff)
checksrc: Add LoadLibrary to the banned functions list
LoadLibrary was supplanted by Curl_load_library for security reasons in 6df916d.
Diffstat (limited to 'lib')
-rwxr-xr-xlib/checksrc.pl8
-rw-r--r--lib/system_win32.c5
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/checksrc.pl b/lib/checksrc.pl
index aacb242b5..f31083a63 100755
--- a/lib/checksrc.pl
+++ b/lib/checksrc.pl
@@ -421,7 +421,13 @@ sub scanfile {
}
# scan for use of banned functions
- if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|_mbscat|_mbsncat|_tcscat|_tcsncat|wcscat|wcsncat|gets)\s*\(/) {
+ if($l =~ /^(.*\W)
+ (gets|
+ v?sprintf|
+ (str|_mbs|_tcs|_wcs)n?cat|
+ LoadLibrary(Ex)?(A|W)?)
+ \s*\(
+ /x) {
checkwarn("BANNEDFUNC",
$line, length($1), $file, $ol,
"use of $2 is banned");
diff --git a/lib/system_win32.c b/lib/system_win32.c
index 4cc5f2362..2ba7d0bc1 100644
--- a/lib/system_win32.c
+++ b/lib/system_win32.c
@@ -249,10 +249,12 @@ HMODULE Curl_load_library(LPCTSTR filename)
there is. Note: Both back slashes and forward slashes have been supported
since the earlier days of DOS at an API level although they are not
supported by command prompt */
- if(_tcspbrk(filename, TEXT("\\/")))
+ if(_tcspbrk(filename, TEXT("\\/"))) {
+ /** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
LoadLibrary(filename);
+ }
/* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only
supported on Windows Vista, Windows Server 2008, Windows 7 and Windows
Server 2008 R2 with this patch or natively on Windows 8 and above */
@@ -274,6 +276,7 @@ HMODULE Curl_load_library(LPCTSTR filename)
_tcscpy(path + _tcslen(path), filename);
/* Load the DLL from the Windows system directory */
+ /** !checksrc! disable BANNEDFUNC 1 **/
hModule = pLoadLibraryEx ?
pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) :
LoadLibrary(path);