forked from joejulian/gio
app: [Windows] use NewLazySystemDLL for kernel32.dll
In order to avoid DLL preloading attacks, we should always load our system dependencies using the helper that only searches the system library path. Thanks to Mohsen Mirzakhani and Utkarsh Satya Prakash for bringing this to our attention. Signed-off-by: Chris Waldon <christopher.waldon.dev@gmail.com>
This commit is contained in:
+3
-2
@@ -4,14 +4,15 @@ package app
|
||||
|
||||
import (
|
||||
"log"
|
||||
"syscall"
|
||||
"unsafe"
|
||||
|
||||
syscall "golang.org/x/sys/windows"
|
||||
)
|
||||
|
||||
type logger struct{}
|
||||
|
||||
var (
|
||||
kernel32 = syscall.NewLazyDLL("kernel32")
|
||||
kernel32 = syscall.NewLazySystemDLL("kernel32")
|
||||
outputDebugStringW = kernel32.NewProc("OutputDebugStringW")
|
||||
debugView *logger
|
||||
)
|
||||
|
||||
Reference in New Issue
Block a user