From f67748ae8e3ebefc1361d6e8a7f8e5020ff68517 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Wed, 9 Jul 2014 02:20:39 +0200
Subject: Static Code Analysis : fix non-absolute DLL/process loads that can be
 hijacked (Microsoft Security Advisory 2269637).

---
 src/Common/Random.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/Common/Random.c')

diff --git a/src/Common/Random.c b/src/Common/Random.c
index ceb14e33..c897e3b7 100644
--- a/src/Common/Random.c
+++ b/src/Common/Random.c
@@ -573,7 +573,15 @@ BOOL SlowPoll (void)
 	{
 		/* Obtain a handle to the module containing the Lan Manager
 		   functions */
-		hNetAPI32 = LoadLibrary ("NETAPI32.DLL");
+		char dllPath[MAX_PATH];
+		if (GetSystemDirectory (dllPath, MAX_PATH))
+		{
+			strcat(dllPath, "\\NETAPI32.DLL");
+		}
+		else
+			strcpy(dllPath, "C:\\Windows\\System32\\NETAPI32.DLL");
+
+		hNetAPI32 = LoadLibrary (dllPath);
 		if (hNetAPI32 != NULL)
 		{
 			/* Now get pointers to the functions */
-- 
cgit v1.2.3