From f67748ae8e3ebefc1361d6e8a7f8e5020ff68517 Mon Sep 17 00:00:00 2001
From: Mounir IDRASSI <mounir.idrassi@idrix.fr>
Date: Wed, 9 Jul 2014 02:20:39 +0200
Subject: Static Code Analysis : fix non-absolute DLL/process loads that can be
 hijacked (Microsoft Security Advisory 2269637).

---
 src/Setup/Setup.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/Setup')

diff --git a/src/Setup/Setup.c b/src/Setup/Setup.c
index c0fffb77..5decf595 100644
--- a/src/Setup/Setup.c
+++ b/src/Setup/Setup.c
@@ -2012,7 +2012,14 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, char *lpszComm
 		}
 
 		// System Restore
-		SystemRestoreDll = LoadLibrary ("srclient.dll");
+		char dllPath[MAX_PATH];
+		if (GetSystemDirectory (dllPath, MAX_PATH))
+		{
+			strcat(dllPath, "\\srclient.dll");
+		}
+		else
+			strcpy(dllPath, "C:\\Windows\\System32\\srclient.dll");
+		SystemRestoreDll = LoadLibrary (dllPath);
 
 		if (!bUninstall)
 		{
-- 
cgit v1.2.3