[all-commits] [llvm/llvm-project] ef1dbc: [Windows] Restrict searchpath of dbghelp.dll to Sy...
jofrn via All-commits
all-commits at lists.llvm.org
Tue Apr 30 19:57:45 PDT 2024
Branch: refs/heads/main
Home: https://github.com/llvm/llvm-project
Commit: ef1dbcd60f81dafd777355ffd675e1bb73358d77
https://github.com/llvm/llvm-project/commit/ef1dbcd60f81dafd777355ffd675e1bb73358d77
Author: jofrn <jofernau at amd.com>
Date: 2024-04-30 (Tue, 30 Apr 2024)
Changed paths:
M llvm/lib/Support/Windows/Signals.inc
Log Message:
-----------
[Windows] Restrict searchpath of dbghelp.dll to System32 (#90520)
LoadLibraryW will lookup dlls in user directories if its search path is
left unrestricted. This is a security vulnerability as one can name a
shared library the same as that of a system dll in order to run
arbitrary code when the shared library is loaded from the path in a user
directory. This change modifies it to only search within sys32 when
loading dbghelp.dll.
To unsubscribe from these emails, change your notification settings at https://github.com/llvm/llvm-project/settings/notifications
More information about the All-commits
mailing list