Cypherpunks repositories - gostls13.git/commit

author	Jason A. Donenfeld <Jason@zx2c4.com>
	Wed, 6 Mar 2019 18:26:29 +0000 (19:26 +0100)
committer	Dmitri Shuralyov <dmitshur@golang.org>
	Mon, 6 May 2019 19:24:43 +0000 (19:24 +0000)
commit	1bebc53bc3c200890dd5f03cbd67fbe1023156d1
tree	cb15352183ab21e2cb3e0f004d51ae54d4afc718	tree
parent	5ee175e682980b02a33c673a6b54301032b762ab	commit \| diff

[release-branch.go1.11] runtime: safely load DLLs

While many other call sites have been moved to using the proper
higher-level system loading, these areas were left out. This prevents
DLL directory injection attacks. This includes both the runtime load
calls (using LoadLibrary prior) and the implicitly linked ones via
cgo_import_dynamic, which we move to our LoadLibraryEx. The goal is to
only loosely load kernel32.dll and strictly load all others.

Meanwhile we make sure that we never fallback to insecure loading on
older or unpatched systems.

This is CVE-2019-9634.

Fixes #30989
Updates #14959
Updates #28978
Updates #30642

Change-Id: I401a13ed8db248ab1bb5039bf2d31915cac72b93
Reviewed-on: https://go-review.googlesource.com/c/go/+/165798
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Alex Brainman <alex.brainman@gmail.com>
(cherry picked from commit 9b6e9f0c8c66355c0f0575d808b32f52c8c6d21c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/175378
Run-TryBot: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Andrew Bonventre <andybons@golang.org>

src/runtime/os_windows.go		diff \| blob \| history
src/runtime/syscall_windows.go		diff \| blob \| history
src/syscall/dll_windows.go		diff \| blob \| history
src/syscall/security_windows.go		diff \| blob \| history
src/syscall/zsyscall_windows.go		diff \| blob \| history