diff options
| author | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-07-09 02:20:39 +0200 |
|---|---|---|
| committer | Mounir IDRASSI <mounir.idrassi@idrix.fr> | 2014-11-08 23:20:35 +0100 |
| commit | f67748ae8e3ebefc1361d6e8a7f8e5020ff68517 (patch) | |
| tree | 7598dd5467ab2913b4517745188e5b87f1859078 /src/Common/Format.c | |
| parent | d6817f941a1218aa1564da158f87ac7ec4434396 (diff) | |
| download | VeraCrypt-f67748ae8e3ebefc1361d6e8a7f8e5020ff68517.tar.gz VeraCrypt-f67748ae8e3ebefc1361d6e8a7f8e5020ff68517.zip | |
Static Code Analysis : fix non-absolute DLL/process loads that can be hijacked (Microsoft Security Advisory 2269637).
Diffstat (limited to 'src/Common/Format.c')
| -rw-r--r-- | src/Common/Format.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/Common/Format.c b/src/Common/Format.c index 49365a1b..25f20acd 100644 --- a/src/Common/Format.c +++ b/src/Common/Format.c @@ -795,10 +795,20 @@ BOOLEAN __stdcall FormatExCallback (int command, DWORD subCommand, PVOID paramet BOOL FormatNtfs (int driveNo, int clusterSize)
{
+ char dllPath[MAX_PATH] = {0};
WCHAR dir[8] = { (WCHAR) driveNo + 'A', 0 };
PFORMATEX FormatEx;
- HMODULE hModule = LoadLibrary ("fmifs.dll");
+ HMODULE hModule;
int i;
+
+ if (GetSystemDirectory (dllPath, MAX_PATH))
+ {
+ strcat(dllPath, "\\fmifs.dll");
+ }
+ else
+ strcpy(dllPath, "C:\\Windows\\System32\\fmifs.dll");
+
+ hModule = LoadLibrary (dllPath);
if (hModule == NULL)
return FALSE;
|