From 23cbe11a5b11b301b17bcce23c199e9879fe2db8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.strba@bluewin.ch>
Date: Mon, 13 Sep 2010 22:54:19 +0200
Subject: Avoid dll hijacking Load sensapi.dll only from system directory where
 it should normally be and not from any random place.

---
 modules/windows-sens/evolution-windows-sens.c | 27 ++++++++++++++++++++++++++-
 1 file changed, 26 insertions(+), 1 deletion(-)

(limited to 'modules/windows-sens/evolution-windows-sens.c')

diff --git a/modules/windows-sens/evolution-windows-sens.c b/modules/windows-sens/evolution-windows-sens.c
index 469087ba3e..536ff06ff4 100644
--- a/modules/windows-sens/evolution-windows-sens.c
+++ b/modules/windows-sens/evolution-windows-sens.c
@@ -457,6 +457,8 @@ static const gchar * add_curly_braces_to_uuid (const gchar * string_uuid)
 	return curly_braced_uuid_string;
 }
 
+#define SENSAPI_DLL "sensapi.dll"
+
 static void
 windows_sens_constructed (GObject *object)
 {
@@ -549,7 +551,27 @@ windows_sens_constructed (GObject *object)
 
 		IsNetworkAlive_t pIsNetworkAlive = NULL;
 
-		HMODULE hDLL=LoadLibrary ("sensapi.dll");
+		char *buf = NULL;
+		char dummy;
+		int n, k;
+		HMODULE hDLL = NULL;
+
+		n = GetSystemDirectory (&dummy, 0);
+
+		if (n <= 0)
+			goto cleanup;
+
+		buf = g_malloc (n + 1 + strlen (SENSAPI_DLL));
+		k = GetSystemDirectory (buf, n);
+  
+		if (k == 0 || k > n)
+			goto cleanup;
+
+		if (!G_IS_DIR_SEPARATOR (buf[strlen (buf) -1]))
+			strcat (buf, G_DIR_SEPARATOR_S);
+		strcat (buf, SENSAPI_DLL);
+
+		hDLL=LoadLibrary (buf);
 
 		if ((pIsNetworkAlive=(IsNetworkAlive_t) GetProcAddress (hDLL, "IsNetworkAlive"))) {
 			DWORD Network;
@@ -559,6 +581,9 @@ windows_sens_constructed (GObject *object)
 		FreeLibrary (hDLL);
 
 		e_shell_set_network_available (shell, alive);
+
+cleanup:
+		g_free (buf);
 	}
 }
 
-- 
cgit v1.2.3