From 06fa04f63379899933b503bbfcd233e5d70f3c87 Mon Sep 17 00:00:00 2001 From: "Jason A. Donenfeld" Date: Thu, 26 Nov 2020 14:05:21 +0100 Subject: fetcher: delay load anything with transitive dependencies outside of knowndlls It looks like advapi32.dll loads cryptbase.dll because RtlGenRandom is forwarded to it, and cryptbase.dll isn't in knowndlls. So, even though we haven't done anything wrong by importing advapi32.dll statically, the surprising forwarding behavior means that this is a disaster. At the same time, some UI-related system modules wind up calling loadlibraryex with default arguments, so again, even though linking to things like user32.dll and such statically is fine, microsoft is doing the wrong thing inside of them. Work around the first issue by loading advapi32.dll (and others, just for good measure) delayed, and work around the latter by gimping the dll search path. Reported-by: Stefan Kanthak Signed-off-by: Jason A. Donenfeld --- installer/fetcher/Makefile | 2 +- installer/fetcher/fetcher.c | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/installer/fetcher/Makefile b/installer/fetcher/Makefile index 49b0bc51..0c150d90 100644 --- a/installer/fetcher/Makefile +++ b/installer/fetcher/Makefile @@ -13,7 +13,7 @@ LDLIBS += -lkernel32 -lwinhttp -lntdll -lshlwapi -lmsi -lcomctl32 -luser32 -lshe LDFLAGS += -s -flto -Wl,--dynamicbase -Wl,--nxcompat -Wl,--tsaware -mwindows LDFLAGS += -Wl,--major-os-version=6 -Wl,--minor-os-version=1 -Wl,--major-subsystem-version=6 -Wl,--minor-subsystem-version=1 # The use of -Wl,/delayload: here implies we're using llvm-mingw -LDFLAGS += -Wl,/delayload:winhttp.dll -Wl,/delayload:msi.dll -Wl,/delayload:wintrust.dll +LDFLAGS += -Wl,/delayload:winhttp.dll -Wl,/delayload:msi.dll -Wl,/delayload:wintrust.dll -Wl,/delayload:advapi32.dll -Wl,/delayload:shell32.dll -Wl,/delayload:shlwapi.dll -Wl,/delayload:gdi32.dll -Wl,/delayload:user32.dll -Wl,/delayload:comctl32.dll TARGET := wireguard-installer.exe CC := i686-w64-mingw32-clang WINDRES := i686-w64-mingw32-windres diff --git a/installer/fetcher/fetcher.c b/installer/fetcher/fetcher.c index 473cb26d..2e0a2d16 100644 --- a/installer/fetcher/fetcher.c +++ b/installer/fetcher/fetcher.c @@ -284,6 +284,9 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR pCmdLine, (void)hPrevInstance; (void)pCmdLine; (void)nCmdShow; + if (!SetDllDirectoryA("") || !SetDefaultDllDirectories(LOAD_LIBRARY_SEARCH_SYSTEM32)) + return 1; + InitCommonControlsEx(&(INITCOMMONCONTROLSEX){ .dwSize = sizeof(INITCOMMONCONTROLSEX), .dwICC = ICC_PROGRESS_CLASS }); progress = CreateWindowEx(0, PROGRESS_CLASS, "WireGuard Installer", -- cgit v1.2.3-59-g8ed1b