traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[3.7] bpo-39401: Avoid unsafe DLL load on Windows 7 and earlier (GH-18231) (GH-18232) 

https://bugs.python.org/issue39401



Automerge-Triggered-By: @zooba
This commit is contained in:
Steve Dower 2020-01-30 17:07:17 +11:00 committed by GitHub
parent 194c7aeb6f
commit 561c59777c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Misc/NEWS.d/next/Security/2020-01-28-20-54-09.bpo-39401.he7h_A.rst Normal file
View File

@ -0,0 +1 @@
Avoid unsafe load of ``api-ms-win-core-path-l1-1-0.dll`` at startup on Windows 7.

6
PC/getpathp.c
View File

@ -245,7 +245,8 @@ static void
join(wchar_t *buffer, const wchar_t *stuff) join(wchar_t *buffer, const wchar_t *stuff)
{ {
if (_PathCchCombineEx_Initialized == 0) { if (_PathCchCombineEx_Initialized == 0) {
HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL,
LOAD_LIBRARY_SEARCH_SYSTEM32);
if (pathapi) { if (pathapi) {
_PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx"); _PathCchCombineEx = (PPathCchCombineEx)GetProcAddress(pathapi, "PathCchCombineEx");
} }
@ -278,7 +279,8 @@ static _PyInitError canonicalize(wchar_t *buffer, const wchar_t *path)
} }
if (_PathCchCanonicalizeEx_Initialized == 0) { if (_PathCchCanonicalizeEx_Initialized == 0) {
HMODULE pathapi = LoadLibraryW(L"api-ms-win-core-path-l1-1-0.dll"); HMODULE pathapi = LoadLibraryExW(L"api-ms-win-core-path-l1-1-0.dll", NULL,
LOAD_LIBRARY_SEARCH_SYSTEM32);
if (pathapi) { if (pathapi) {
_PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx"); _PathCchCanonicalizeEx = (PPathCchCanonicalizeEx)GetProcAddress(pathapi, "PathCchCanonicalizeEx");
} }

8
Tools/msi/bundle/bootstrap/PythonBootstrapperApplication.cpp
View File

@ -3028,8 +3028,16 @@ private:
} }
} else { } else {
if (IsWindows7SP1OrGreater()) { if (IsWindows7SP1OrGreater()) {
HMODULE hKernel32 = GetModuleHandleW(L"kernel32");
if (hKernel32 && !GetProcAddress(hKernel32, "AddDllDirectory")) {
BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "Detected Windows 7 SP1 without KB2533623");
BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "KB2533623 update is required to continue.");
/* The "MissingSP1" error also specifies updates are required */
LocGetString(_wixLoc, L"#(loc.FailureWin7MissingSP1)", &pLocString);
} else {
BalLog(BOOTSTRAPPER_LOG_LEVEL_STANDARD, "Target OS is Windows 7 SP1 or later"); BalLog(BOOTSTRAPPER_LOG_LEVEL_STANDARD, "Target OS is Windows 7 SP1 or later");
return; return;
}
} else if (IsWindows7OrGreater()) { } else if (IsWindows7OrGreater()) {
BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "Detected Windows 7 RTM"); BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "Detected Windows 7 RTM");
BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "Service Pack 1 is required to continue installation"); BalLog(BOOTSTRAPPER_LOG_LEVEL_ERROR, "Service Pack 1 is required to continue installation");