diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2016-06-05 21:07:03 -0400 |
|---|---|---|
| committer | Jay Satiro <raysatiro@yahoo.com> | 2016-06-05 21:07:03 -0400 |
| commit | 84a48e5732d9dd0c98fda3597352e4b16f35a7ad (patch) | |
| tree | 0a3c987061a90ed84f82e82123d6cbabeb6d2488 /lib | |
| parent | 1aa899ff38548a5d1c196f5c9ad7047f0fae3f5a (diff) | |
checksrc: Add LoadLibrary to the banned functions list
LoadLibrary was supplanted by Curl_load_library for security
reasons in 6df916d.
Diffstat (limited to 'lib')
| -rwxr-xr-x | lib/checksrc.pl | 8 | ||||
| -rw-r--r-- | lib/system_win32.c | 5 |
2 files changed, 11 insertions, 2 deletions
diff --git a/lib/checksrc.pl b/lib/checksrc.pl index aacb242b5..f31083a63 100755 --- a/lib/checksrc.pl +++ b/lib/checksrc.pl @@ -421,7 +421,13 @@ sub scanfile { } # scan for use of banned functions - if($l =~ /^(.*\W)(sprintf|vsprintf|strcat|strncat|_mbscat|_mbsncat|_tcscat|_tcsncat|wcscat|wcsncat|gets)\s*\(/) { + if($l =~ /^(.*\W) + (gets| + v?sprintf| + (str|_mbs|_tcs|_wcs)n?cat| + LoadLibrary(Ex)?(A|W)?) + \s*\( + /x) { checkwarn("BANNEDFUNC", $line, length($1), $file, $ol, "use of $2 is banned"); diff --git a/lib/system_win32.c b/lib/system_win32.c index 4cc5f2362..2ba7d0bc1 100644 --- a/lib/system_win32.c +++ b/lib/system_win32.c @@ -249,10 +249,12 @@ HMODULE Curl_load_library(LPCTSTR filename) there is. Note: Both back slashes and forward slashes have been supported since the earlier days of DOS at an API level although they are not supported by command prompt */ - if(_tcspbrk(filename, TEXT("\\/"))) + if(_tcspbrk(filename, TEXT("\\/"))) { + /** !checksrc! disable BANNEDFUNC 1 **/ hModule = pLoadLibraryEx ? pLoadLibraryEx(filename, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) : LoadLibrary(filename); + } /* Detect if KB2533623 is installed, as LOAD_LIBARY_SEARCH_SYSTEM32 is only supported on Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2 with this patch or natively on Windows 8 and above */ @@ -274,6 +276,7 @@ HMODULE Curl_load_library(LPCTSTR filename) _tcscpy(path + _tcslen(path), filename); /* Load the DLL from the Windows system directory */ + /** !checksrc! disable BANNEDFUNC 1 **/ hModule = pLoadLibraryEx ? pLoadLibraryEx(path, NULL, LOAD_WITH_ALTERED_SEARCH_PATH) : LoadLibrary(path); |