From 6df916d751e72fc9a1febc07bb59c4ddd886c043 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 29 May 2016 22:57:40 +0200
Subject: loadlibrary: Only load system DLLs from the system directory

Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
---
 lib/telnet.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'lib/telnet.c')

diff --git a/lib/telnet.c b/lib/telnet.c
index 6b73bc5bd..870a1b825 100644
--- a/lib/telnet.c
+++ b/lib/telnet.c
@@ -51,6 +51,7 @@
 #include "telnet.h"
 #include "connect.h"
 #include "progress.h"
+#include "system_win32.h"
 
 #define  TELOPTS
 #define  TELCMDS
@@ -1334,7 +1335,7 @@ static CURLcode telnet_do(struct connectdata *conn, bool *done)
 
   /* OK, so we have WinSock 2.0.  We need to dynamically */
   /* load ws2_32.dll and get the function pointers we need. */
-  wsock2 = LoadLibrary(TEXT("WS2_32.DLL"));
+  wsock2 = Curl_load_library(TEXT("WS2_32.DLL"));
   if(wsock2 == NULL) {
     failf(data, "failed to load WS2_32.DLL (%d)", ERRNO);
     return CURLE_FAILED_INIT;
-- 
cgit v1.2.3