1 From 77ef9c7e79a8e8d948c11330584ea205b35bb0e1 Mon Sep 17 00:00:00 2001

     2 From: Brad Fitzpatrick <[email protected]>

     3 Date: Sat, 2 Apr 2016 00:20:13 +0000

     4 Subject: [PATCH 77/79] syscall: point to x/sys in DLL loading docs, update

     5  syscall generator

     6 

     7 Updates the syscall generator for patchset 4 of https://golang.org/cl/21388.

     8 

     9 Updates #14959

    10 

    11 Change-Id: Icbd6df489887d3dcc076dfc73d4feb1376abaf8b

    12 Reviewed-on: https://go-review.googlesource.com/21428

    13 Reviewed-by: Alex Brainman <[email protected]>

    14 Reviewed-on: https://go-review.googlesource.com/21680

    15 Reviewed-by: Brad Fitzpatrick <[email protected]>

    16 ---

    17  src/syscall/dll_windows.go       | 13 +++++++++++++

    18  src/syscall/mksyscall_windows.go |  4 ++--

    19  2 files changed, 15 insertions(+), 2 deletions(-)

    20 

    21 diff --git a/src/syscall/dll_windows.go b/src/syscall/dll_windows.go

    22 index ec8d85b..453ec11 100644

    23 --- a/src/syscall/dll_windows.go

    24 +++ b/src/syscall/dll_windows.go

    25 @@ -37,6 +37,13 @@ type DLL struct {

    26  }

    27  

    28  // LoadDLL loads the named DLL file into memory.

    29 +//

    30 +// If name is not an absolute path and is not a known system DLL used by

    31 +// Go, Windows will search for the named DLL in many locations, causing

    32 +// potential DLL preloading attacks.

    33 +//

    34 +// Use LazyDLL in golang.org/x/sys/windows for a secure way to

    35 +// load system DLLs.

    36  func LoadDLL(name string) (*DLL, error) {

    37  	namep, err := UTF16PtrFromString(name)

    38  	if err != nil {

    39 @@ -174,6 +181,12 @@ func (p *Proc) Call(a ...uintptr) (r1, r2 uintptr, lastErr error) {

    40  // It will delay the load of the DLL until the first

    41  // call to its Handle method or to one of its

    42  // LazyProc's Addr method.

    43 +//

    44 +// LazyDLL is subject to the same DLL preloading attacks as documented

    45 +// on LoadDLL.

    46 +//

    47 +// Use LazyDLL in golang.org/x/sys/windows for a secure way to

    48 +// load system DLLs.

    49  type LazyDLL struct {

    50  	mu   sync.Mutex

    51  	dll  *DLL // non nil once DLL is loaded

    52 diff --git a/src/syscall/mksyscall_windows.go b/src/syscall/mksyscall_windows.go

    53 index 546cb0d..7786d13 100644

    54 --- a/src/syscall/mksyscall_windows.go

    55 +++ b/src/syscall/mksyscall_windows.go

    56 @@ -707,9 +707,9 @@ func (src *Source) Generate(w io.Writer) error {

    57  			}

    58  			if *sysRepo {

    59  				if packageName == "windows" {

    60 -					return "&LazyDLL{Name: " + arg + ", Flags: LoadLibrarySearchSystem32}"

    61 +					return "&LazyDLL{Name: " + arg + ", System: true}"

    62  				} else {

    63 -					return "&windows.LazyDLL{Name: " + arg + ", Flags: windows.LoadLibrarySearchSystem32}"

    64 +					return "&windows.LazyDLL{Name: " + arg + ", System: true}"

    65  				}

    66  			} else {

    67  				return syscalldot() + "NewLazyDLL(" + arg + ")"

    68 -- 

    69 2.7.4

    70