mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-08 20:47:44 +00:00
1ebe57b5fe
--HG-- extra : rebase_source : 5b0d32f84ddcea375736777270f99af4e63a0513
727 lines
21 KiB
C++
727 lines
21 KiB
C++
/* -*- Mode: C++; tab-width: 40; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#include <windows.h>
|
|
#include <winternl.h>
|
|
#include <io.h>
|
|
|
|
#pragma warning( push )
|
|
#pragma warning( disable : 4275 4530 ) // See msvc-stl-wrapper.template.h
|
|
#include <map>
|
|
#pragma warning( pop )
|
|
|
|
#define MOZ_NO_MOZALLOC
|
|
#include "nsAutoPtr.h"
|
|
|
|
#include "nsWindowsDllInterceptor.h"
|
|
#include "mozilla/WindowsVersion.h"
|
|
#include "nsWindowsHelpers.h"
|
|
|
|
using namespace mozilla;
|
|
|
|
#define ALL_VERSIONS ((unsigned long long)-1LL)
|
|
|
|
// DLLs sometimes ship without a version number, particularly early
|
|
// releases. Blocking "version <= 0" has the effect of blocking unversioned
|
|
// DLLs (since the call to get version info fails), but not blocking
|
|
// any versioned instance.
|
|
#define UNVERSIONED ((unsigned long long)0LL)
|
|
|
|
// Convert the 4 (decimal) components of a DLL version number into a
|
|
// single unsigned long long, as needed by the blocklist
|
|
#define MAKE_VERSION(a,b,c,d)\
|
|
((a##ULL << 48) + (b##ULL << 32) + (c##ULL << 16) + d##ULL)
|
|
|
|
struct DllBlockInfo {
|
|
// The name of the DLL -- in LOWERCASE! It will be compared to
|
|
// a lowercase version of the DLL name only.
|
|
const char *name;
|
|
|
|
// If maxVersion is ALL_VERSIONS, we'll block all versions of this
|
|
// dll. Otherwise, we'll block all versions less than or equal to
|
|
// the given version, as queried by GetFileVersionInfo and
|
|
// VS_FIXEDFILEINFO's dwFileVersionMS and dwFileVersionLS fields.
|
|
//
|
|
// Note that the version is usually 4 components, which is A.B.C.D
|
|
// encoded as 0x AAAA BBBB CCCC DDDD ULL (spaces added for clarity),
|
|
// but it's not required to be of that format.
|
|
//
|
|
// If the USE_TIMESTAMP flag is set, then we use the timestamp from
|
|
// the IMAGE_FILE_HEADER in lieu of a version number.
|
|
unsigned long long maxVersion;
|
|
|
|
enum {
|
|
FLAGS_DEFAULT = 0,
|
|
BLOCK_WIN8PLUS_ONLY = 1,
|
|
BLOCK_XP_ONLY = 2,
|
|
USE_TIMESTAMP = 4,
|
|
} flags;
|
|
};
|
|
|
|
static DllBlockInfo sWindowsDllBlocklist[] = {
|
|
// EXAMPLE:
|
|
// { "uxtheme.dll", ALL_VERSIONS },
|
|
// { "uxtheme.dll", 0x0000123400000000ULL },
|
|
// The DLL name must be in lowercase!
|
|
|
|
// NPFFAddon - Known malware
|
|
{ "npffaddon.dll", ALL_VERSIONS},
|
|
|
|
// AVG 8 - Antivirus vendor AVG, old version, plugin already blocklisted
|
|
{"avgrsstx.dll", MAKE_VERSION(8,5,0,401)},
|
|
|
|
// calc.dll - Suspected malware
|
|
{"calc.dll", MAKE_VERSION(1,0,0,1)},
|
|
|
|
// hook.dll - Suspected malware
|
|
{"hook.dll", ALL_VERSIONS},
|
|
|
|
// GoogleDesktopNetwork3.dll - Extremely old, unversioned instances
|
|
// of this DLL cause crashes
|
|
{"googledesktopnetwork3.dll", UNVERSIONED},
|
|
|
|
// rdolib.dll - Suspected malware
|
|
{"rdolib.dll", MAKE_VERSION(6,0,88,4)},
|
|
|
|
// fgjk4wvb.dll - Suspected malware
|
|
{"fgjk4wvb.dll", MAKE_VERSION(8,8,8,8)},
|
|
|
|
// radhslib.dll - Naomi internet filter - unmaintained since 2006
|
|
{"radhslib.dll", UNVERSIONED},
|
|
|
|
// Music download filter for vkontakte.ru - old instances
|
|
// of this DLL cause crashes
|
|
{"vksaver.dll", MAKE_VERSION(2,2,2,0)},
|
|
|
|
// Topcrash in Firefox 4.0b1
|
|
{"rlxf.dll", MAKE_VERSION(1,2,323,1)},
|
|
|
|
// psicon.dll - Topcrashes in Thunderbird, and some crashes in Firefox
|
|
// Adobe photoshop library, now redundant in later installations
|
|
{"psicon.dll", ALL_VERSIONS},
|
|
|
|
// Topcrash in Firefox 4 betas (bug 618899)
|
|
{"accelerator.dll", MAKE_VERSION(3,2,1,6)},
|
|
|
|
// Topcrash with Roboform in Firefox 8 (bug 699134)
|
|
{"rf-firefox.dll", MAKE_VERSION(7,6,1,0)},
|
|
{"roboform.dll", MAKE_VERSION(7,6,1,0)},
|
|
|
|
// Topcrash with Babylon Toolbar on FF16+ (bug 721264)
|
|
{"babyfox.dll", ALL_VERSIONS},
|
|
|
|
// sprotector.dll crashes, bug 957258
|
|
{"sprotector.dll", ALL_VERSIONS},
|
|
|
|
// Topcrash with Websense Endpoint, bug 828184
|
|
{"qipcap.dll", MAKE_VERSION(7, 6, 815, 1)},
|
|
|
|
// leave these two in always for tests
|
|
{ "mozdllblockingtest.dll", ALL_VERSIONS },
|
|
{ "mozdllblockingtest_versioned.dll", 0x0000000400000000ULL },
|
|
|
|
// Windows Media Foundation FLAC decoder and type sniffer (bug 839031).
|
|
{ "mfflac.dll", ALL_VERSIONS },
|
|
|
|
// Older Relevant Knowledge DLLs cause us to crash (bug 904001).
|
|
{ "rlnx.dll", MAKE_VERSION(1, 3, 334, 9) },
|
|
{ "pmnx.dll", MAKE_VERSION(1, 3, 334, 9) },
|
|
{ "opnx.dll", MAKE_VERSION(1, 3, 334, 9) },
|
|
{ "prnx.dll", MAKE_VERSION(1, 3, 334, 9) },
|
|
|
|
// Older belgian ID card software causes Firefox to crash or hang on
|
|
// shutdown, bug 831285 and 918399.
|
|
{ "beid35cardlayer.dll", MAKE_VERSION(3, 5, 6, 6968) },
|
|
|
|
// bug 925459, bitguard crashes
|
|
{ "bitguard.dll", ALL_VERSIONS },
|
|
|
|
// bug 812683 - crashes in Windows library when Asus Gamer OSD is installed
|
|
// Software is discontinued/unsupported
|
|
{ "atkdx11disp.dll", ALL_VERSIONS },
|
|
|
|
// Topcrash with Conduit SearchProtect, bug 944542
|
|
{ "spvc32.dll", ALL_VERSIONS },
|
|
|
|
// XP topcrash with F-Secure, bug 970362
|
|
{ "fs_ccf_ni_umh32.dll", MAKE_VERSION(1, 42, 101, 0), DllBlockInfo::BLOCK_XP_ONLY },
|
|
|
|
// Topcrash with V-bates, bug 1002748 and bug 1023239
|
|
{ "libinject.dll", UNVERSIONED },
|
|
{ "libinject2.dll", 0x537DDC93, DllBlockInfo::USE_TIMESTAMP },
|
|
{ "libredir2.dll", 0x5385B7ED, DllBlockInfo::USE_TIMESTAMP },
|
|
|
|
// Crashes with RoboForm2Go written against old SDK, bug 988311
|
|
{ "rf-firefox-22.dll", ALL_VERSIONS },
|
|
|
|
{ nullptr, 0 }
|
|
};
|
|
|
|
#ifndef STATUS_DLL_NOT_FOUND
|
|
#define STATUS_DLL_NOT_FOUND ((DWORD)0xC0000135L)
|
|
#endif
|
|
|
|
// define this for very verbose dll load debug spew
|
|
#undef DEBUG_very_verbose
|
|
|
|
static const char kBlockedDllsParameter[] = "BlockedDllList=";
|
|
static const int kBlockedDllsParameterLen =
|
|
sizeof(kBlockedDllsParameter) - 1;
|
|
|
|
static const char kBlocklistInitFailedParameter[] = "BlocklistInitFailed=1\n";
|
|
static const int kBlocklistInitFailedParameterLen =
|
|
sizeof(kBlocklistInitFailedParameter) - 1;
|
|
|
|
static const char kUser32BeforeBlocklistParameter[] = "User32BeforeBlocklist=1\n";
|
|
static const int kUser32BeforeBlocklistParameterLen =
|
|
sizeof(kUser32BeforeBlocklistParameter) - 1;
|
|
|
|
static DWORD sThreadLoadingXPCOMModule;
|
|
static bool sBlocklistInitFailed;
|
|
static bool sUser32BeforeBlocklist;
|
|
|
|
// Duplicated from xpcom glue. Ideally this should be shared.
|
|
void
|
|
printf_stderr(const char *fmt, ...)
|
|
{
|
|
if (IsDebuggerPresent()) {
|
|
char buf[2048];
|
|
va_list args;
|
|
va_start(args, fmt);
|
|
vsnprintf(buf, sizeof(buf), fmt, args);
|
|
buf[sizeof(buf) - 1] = '\0';
|
|
va_end(args);
|
|
OutputDebugStringA(buf);
|
|
}
|
|
|
|
FILE *fp = _fdopen(_dup(2), "a");
|
|
if (!fp)
|
|
return;
|
|
|
|
va_list args;
|
|
va_start(args, fmt);
|
|
vfprintf(fp, fmt, args);
|
|
va_end(args);
|
|
|
|
fclose(fp);
|
|
}
|
|
|
|
namespace {
|
|
|
|
typedef NTSTATUS (NTAPI *LdrLoadDll_func) (PWCHAR filePath, PULONG flags, PUNICODE_STRING moduleFileName, PHANDLE handle);
|
|
|
|
static LdrLoadDll_func stub_LdrLoadDll = 0;
|
|
|
|
template <class T>
|
|
struct RVAMap {
|
|
RVAMap(HANDLE map, DWORD offset) {
|
|
SYSTEM_INFO info;
|
|
GetSystemInfo(&info);
|
|
|
|
DWORD alignedOffset = (offset / info.dwAllocationGranularity) *
|
|
info.dwAllocationGranularity;
|
|
|
|
MOZ_ASSERT(offset - alignedOffset < info.dwAllocationGranularity, "Wtf");
|
|
|
|
mRealView = ::MapViewOfFile(map, FILE_MAP_READ, 0, alignedOffset,
|
|
sizeof(T) + (offset - alignedOffset));
|
|
|
|
mMappedView = mRealView ? reinterpret_cast<T*>((char*)mRealView + (offset - alignedOffset)) :
|
|
nullptr;
|
|
}
|
|
~RVAMap() {
|
|
if (mRealView) {
|
|
::UnmapViewOfFile(mRealView);
|
|
}
|
|
}
|
|
operator const T*() const { return mMappedView; }
|
|
const T* operator->() const { return mMappedView; }
|
|
private:
|
|
const T* mMappedView;
|
|
void* mRealView;
|
|
};
|
|
|
|
bool
|
|
CheckASLR(const wchar_t* path)
|
|
{
|
|
bool retval = false;
|
|
|
|
HANDLE file = ::CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
|
|
nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
|
|
nullptr);
|
|
if (file != INVALID_HANDLE_VALUE) {
|
|
HANDLE map = ::CreateFileMappingW(file, nullptr, PAGE_READONLY, 0, 0,
|
|
nullptr);
|
|
if (map) {
|
|
RVAMap<IMAGE_DOS_HEADER> peHeader(map, 0);
|
|
if (peHeader) {
|
|
RVAMap<IMAGE_NT_HEADERS> ntHeader(map, peHeader->e_lfanew);
|
|
if (ntHeader) {
|
|
// If the DLL has no code, permit it regardless of ASLR status.
|
|
if (ntHeader->OptionalHeader.SizeOfCode == 0) {
|
|
retval = true;
|
|
}
|
|
// Check to see if the DLL supports ASLR
|
|
else if ((ntHeader->OptionalHeader.DllCharacteristics &
|
|
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE) != 0) {
|
|
retval = true;
|
|
}
|
|
}
|
|
}
|
|
::CloseHandle(map);
|
|
}
|
|
::CloseHandle(file);
|
|
}
|
|
|
|
return retval;
|
|
}
|
|
|
|
DWORD
|
|
GetTimestamp(const wchar_t* path)
|
|
{
|
|
DWORD timestamp = 0;
|
|
|
|
HANDLE file = ::CreateFileW(path, GENERIC_READ, FILE_SHARE_READ,
|
|
nullptr, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL,
|
|
nullptr);
|
|
if (file != INVALID_HANDLE_VALUE) {
|
|
HANDLE map = ::CreateFileMappingW(file, nullptr, PAGE_READONLY, 0, 0,
|
|
nullptr);
|
|
if (map) {
|
|
RVAMap<IMAGE_DOS_HEADER> peHeader(map, 0);
|
|
if (peHeader) {
|
|
RVAMap<IMAGE_NT_HEADERS> ntHeader(map, peHeader->e_lfanew);
|
|
if (ntHeader) {
|
|
timestamp = ntHeader->FileHeader.TimeDateStamp;
|
|
}
|
|
}
|
|
::CloseHandle(map);
|
|
}
|
|
::CloseHandle(file);
|
|
}
|
|
|
|
return timestamp;
|
|
}
|
|
|
|
// This lock protects both the reentrancy sentinel and the crash reporter
|
|
// data structures.
|
|
static CRITICAL_SECTION sLock;
|
|
|
|
/**
|
|
* Some versions of Windows call LoadLibraryEx to get the version information
|
|
* for a DLL, which causes our patched LdrLoadDll implementation to re-enter
|
|
* itself and cause infinite recursion and a stack-exhaustion crash. We protect
|
|
* against reentrancy by allowing recursive loads of the same DLL.
|
|
*
|
|
* Note that we don't use __declspec(thread) because that doesn't work in DLLs
|
|
* loaded via LoadLibrary and there can be a limited number of TLS slots, so
|
|
* we roll our own.
|
|
*/
|
|
class ReentrancySentinel
|
|
{
|
|
public:
|
|
explicit ReentrancySentinel(const char* dllName)
|
|
{
|
|
DWORD currentThreadId = GetCurrentThreadId();
|
|
AutoCriticalSection lock(&sLock);
|
|
mPreviousDllName = (*sThreadMap)[currentThreadId];
|
|
|
|
// If there is a DLL currently being loaded and it has the same name
|
|
// as the current attempt, we're re-entering.
|
|
mReentered = mPreviousDllName && !stricmp(mPreviousDllName, dllName);
|
|
(*sThreadMap)[currentThreadId] = dllName;
|
|
}
|
|
|
|
~ReentrancySentinel()
|
|
{
|
|
DWORD currentThreadId = GetCurrentThreadId();
|
|
AutoCriticalSection lock(&sLock);
|
|
(*sThreadMap)[currentThreadId] = mPreviousDllName;
|
|
}
|
|
|
|
bool BailOut() const
|
|
{
|
|
return mReentered;
|
|
};
|
|
|
|
static void InitializeStatics()
|
|
{
|
|
InitializeCriticalSection(&sLock);
|
|
sThreadMap = new std::map<DWORD, const char*>;
|
|
}
|
|
|
|
private:
|
|
static std::map<DWORD, const char*>* sThreadMap;
|
|
|
|
const char* mPreviousDllName;
|
|
bool mReentered;
|
|
};
|
|
|
|
std::map<DWORD, const char*>* ReentrancySentinel::sThreadMap;
|
|
|
|
/**
|
|
* This is a linked list of DLLs that have been blocked. It doesn't use
|
|
* mozilla::LinkedList because this is an append-only list and doesn't need
|
|
* to be doubly linked.
|
|
*/
|
|
class DllBlockSet
|
|
{
|
|
public:
|
|
static void Add(const char* name, unsigned long long version);
|
|
|
|
// Write the list of blocked DLLs to a file HANDLE. This method is run after
|
|
// a crash occurs and must therefore not use the heap, etc.
|
|
static void Write(HANDLE file);
|
|
|
|
private:
|
|
DllBlockSet(const char* name, unsigned long long version)
|
|
: mName(name)
|
|
, mVersion(version)
|
|
, mNext(nullptr)
|
|
{
|
|
}
|
|
|
|
const char* mName; // points into the sWindowsDllBlocklist string
|
|
unsigned long long mVersion;
|
|
DllBlockSet* mNext;
|
|
|
|
static DllBlockSet* gFirst;
|
|
};
|
|
|
|
DllBlockSet* DllBlockSet::gFirst;
|
|
|
|
void
|
|
DllBlockSet::Add(const char* name, unsigned long long version)
|
|
{
|
|
AutoCriticalSection lock(&sLock);
|
|
for (DllBlockSet* b = gFirst; b; b = b->mNext) {
|
|
if (0 == strcmp(b->mName, name) && b->mVersion == version) {
|
|
return;
|
|
}
|
|
}
|
|
// Not already present
|
|
DllBlockSet* n = new DllBlockSet(name, version);
|
|
n->mNext = gFirst;
|
|
gFirst = n;
|
|
}
|
|
|
|
void
|
|
DllBlockSet::Write(HANDLE file)
|
|
{
|
|
AutoCriticalSection lock(&sLock);
|
|
DWORD nBytes;
|
|
|
|
// Because this method is called after a crash occurs, and uses heap memory,
|
|
// protect this entire block with a structured exception handler.
|
|
MOZ_SEH_TRY {
|
|
for (DllBlockSet* b = gFirst; b; b = b->mNext) {
|
|
// write name[,v.v.v.v];
|
|
WriteFile(file, b->mName, strlen(b->mName), &nBytes, nullptr);
|
|
if (b->mVersion != -1) {
|
|
WriteFile(file, ",", 1, &nBytes, nullptr);
|
|
uint16_t parts[4];
|
|
parts[0] = b->mVersion >> 48;
|
|
parts[1] = (b->mVersion >> 32) & 0xFFFF;
|
|
parts[2] = (b->mVersion >> 16) & 0xFFFF;
|
|
parts[3] = b->mVersion & 0xFFFF;
|
|
for (int p = 0; p < 4; ++p) {
|
|
char buf[32];
|
|
ltoa(parts[p], buf, 10);
|
|
WriteFile(file, buf, strlen(buf), &nBytes, nullptr);
|
|
if (p != 3) {
|
|
WriteFile(file, ".", 1, &nBytes, nullptr);
|
|
}
|
|
}
|
|
}
|
|
WriteFile(file, ";", 1, &nBytes, nullptr);
|
|
}
|
|
}
|
|
MOZ_SEH_EXCEPT (EXCEPTION_EXECUTE_HANDLER) { }
|
|
}
|
|
|
|
static
|
|
wchar_t* getFullPath (PWCHAR filePath, wchar_t* fname)
|
|
{
|
|
// In Windows 8, the first parameter seems to be used for more than just the
|
|
// path name. For example, its numerical value can be 1. Passing a non-valid
|
|
// pointer to SearchPathW will cause a crash, so we need to check to see if we
|
|
// are handed a valid pointer, and otherwise just pass nullptr to SearchPathW.
|
|
PWCHAR sanitizedFilePath = (intptr_t(filePath) < 1024) ? nullptr : filePath;
|
|
|
|
// figure out the length of the string that we need
|
|
DWORD pathlen = SearchPathW(sanitizedFilePath, fname, L".dll", 0, nullptr,
|
|
nullptr);
|
|
if (pathlen == 0) {
|
|
return nullptr;
|
|
}
|
|
|
|
wchar_t* full_fname = new wchar_t[pathlen+1];
|
|
if (!full_fname) {
|
|
// couldn't allocate memory?
|
|
return nullptr;
|
|
}
|
|
|
|
// now actually grab it
|
|
SearchPathW(sanitizedFilePath, fname, L".dll", pathlen + 1, full_fname,
|
|
nullptr);
|
|
return full_fname;
|
|
}
|
|
|
|
// No builtin function to find the last character matching a set
|
|
static wchar_t* lastslash(wchar_t* s, int len)
|
|
{
|
|
for (wchar_t* c = s + len - 1; c >= s; --c) {
|
|
if (*c == L'\\' || *c == L'/') {
|
|
return c;
|
|
}
|
|
}
|
|
return nullptr;
|
|
}
|
|
|
|
static NTSTATUS NTAPI
|
|
patched_LdrLoadDll (PWCHAR filePath, PULONG flags, PUNICODE_STRING moduleFileName, PHANDLE handle)
|
|
{
|
|
// We have UCS2 (UTF16?), we want ASCII, but we also just want the filename portion
|
|
#define DLLNAME_MAX 128
|
|
char dllName[DLLNAME_MAX+1];
|
|
wchar_t *dll_part;
|
|
char *dot;
|
|
DllBlockInfo *info;
|
|
|
|
int len = moduleFileName->Length / 2;
|
|
wchar_t *fname = moduleFileName->Buffer;
|
|
nsAutoArrayPtr<wchar_t> full_fname;
|
|
|
|
// The filename isn't guaranteed to be null terminated, but in practice
|
|
// it always will be; ensure that this is so, and bail if not.
|
|
// This is done instead of the more robust approach because of bug 527122,
|
|
// where lots of weird things were happening when we tried to make a copy.
|
|
if (moduleFileName->MaximumLength < moduleFileName->Length+2 ||
|
|
fname[len] != 0)
|
|
{
|
|
#ifdef DEBUG
|
|
printf_stderr("LdrLoadDll: non-null terminated string found!\n");
|
|
#endif
|
|
goto continue_loading;
|
|
}
|
|
|
|
dll_part = lastslash(fname, len);
|
|
if (dll_part) {
|
|
dll_part = dll_part + 1;
|
|
len -= dll_part - fname;
|
|
} else {
|
|
dll_part = fname;
|
|
}
|
|
|
|
#ifdef DEBUG_very_verbose
|
|
printf_stderr("LdrLoadDll: dll_part '%S' %d\n", dll_part, len);
|
|
#endif
|
|
|
|
// if it's too long, then, we assume we won't want to block it,
|
|
// since DLLNAME_MAX should be at least long enough to hold the longest
|
|
// entry in our blocklist.
|
|
if (len > DLLNAME_MAX) {
|
|
#ifdef DEBUG
|
|
printf_stderr("LdrLoadDll: len too long! %d\n", len);
|
|
#endif
|
|
goto continue_loading;
|
|
}
|
|
|
|
// copy over to our char byte buffer, lowercasing ASCII as we go
|
|
for (int i = 0; i < len; i++) {
|
|
wchar_t c = dll_part[i];
|
|
|
|
if (c > 0x7f) {
|
|
// welp, it's not ascii; if we need to add non-ascii things to
|
|
// our blocklist, we'll have to remove this limitation.
|
|
goto continue_loading;
|
|
}
|
|
|
|
// ensure that dll name is all lowercase
|
|
if (c >= 'A' && c <= 'Z')
|
|
c += 'a' - 'A';
|
|
|
|
dllName[i] = (char) c;
|
|
}
|
|
|
|
dllName[len] = 0;
|
|
|
|
#ifdef DEBUG_very_verbose
|
|
printf_stderr("LdrLoadDll: dll name '%s'\n", dllName);
|
|
#endif
|
|
|
|
// Block a suspicious binary that uses various 12-digit hex strings
|
|
// e.g. MovieMode.48CA2AEFA22D.dll (bug 973138)
|
|
dot = strchr(dllName, '.');
|
|
if (dot && (strchr(dot+1, '.') == dot+13)) {
|
|
char * end = nullptr;
|
|
_strtoui64(dot+1, &end, 16);
|
|
if (end == dot+13) {
|
|
return STATUS_DLL_NOT_FOUND;
|
|
}
|
|
}
|
|
|
|
// then compare to everything on the blocklist
|
|
info = &sWindowsDllBlocklist[0];
|
|
while (info->name) {
|
|
if (strcmp(info->name, dllName) == 0)
|
|
break;
|
|
|
|
info++;
|
|
}
|
|
|
|
if (info->name) {
|
|
bool load_ok = false;
|
|
|
|
#ifdef DEBUG_very_verbose
|
|
printf_stderr("LdrLoadDll: info->name: '%s'\n", info->name);
|
|
#endif
|
|
|
|
if ((info->flags == DllBlockInfo::BLOCK_WIN8PLUS_ONLY) &&
|
|
!IsWin8OrLater()) {
|
|
goto continue_loading;
|
|
}
|
|
|
|
if ((info->flags == DllBlockInfo::BLOCK_XP_ONLY) &&
|
|
IsWin2003OrLater()) {
|
|
goto continue_loading;
|
|
}
|
|
|
|
unsigned long long fVersion = ALL_VERSIONS;
|
|
|
|
if (info->maxVersion != ALL_VERSIONS) {
|
|
ReentrancySentinel sentinel(dllName);
|
|
if (sentinel.BailOut()) {
|
|
goto continue_loading;
|
|
}
|
|
|
|
full_fname = getFullPath(filePath, fname);
|
|
if (!full_fname) {
|
|
// uh, we couldn't find the DLL at all, so...
|
|
printf_stderr("LdrLoadDll: Blocking load of '%s' (SearchPathW didn't find it?)\n", dllName);
|
|
return STATUS_DLL_NOT_FOUND;
|
|
}
|
|
|
|
if (info->flags & DllBlockInfo::USE_TIMESTAMP) {
|
|
fVersion = GetTimestamp(full_fname);
|
|
if (fVersion > info->maxVersion) {
|
|
load_ok = true;
|
|
}
|
|
} else {
|
|
DWORD zero;
|
|
DWORD infoSize = GetFileVersionInfoSizeW(full_fname, &zero);
|
|
|
|
// If we failed to get the version information, we block.
|
|
|
|
if (infoSize != 0) {
|
|
nsAutoArrayPtr<unsigned char> infoData(new unsigned char[infoSize]);
|
|
VS_FIXEDFILEINFO *vInfo;
|
|
UINT vInfoLen;
|
|
|
|
if (GetFileVersionInfoW(full_fname, 0, infoSize, infoData) &&
|
|
VerQueryValueW(infoData, L"\\", (LPVOID*) &vInfo, &vInfoLen))
|
|
{
|
|
fVersion =
|
|
((unsigned long long)vInfo->dwFileVersionMS) << 32 |
|
|
((unsigned long long)vInfo->dwFileVersionLS);
|
|
|
|
// finally do the version check, and if it's greater than our block
|
|
// version, keep loading
|
|
if (fVersion > info->maxVersion)
|
|
load_ok = true;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!load_ok) {
|
|
printf_stderr("LdrLoadDll: Blocking load of '%s' -- see http://www.mozilla.com/en-US/blocklist/\n", dllName);
|
|
DllBlockSet::Add(info->name, fVersion);
|
|
return STATUS_DLL_NOT_FOUND;
|
|
}
|
|
}
|
|
|
|
continue_loading:
|
|
#ifdef DEBUG_very_verbose
|
|
printf_stderr("LdrLoadDll: continuing load... ('%S')\n", moduleFileName->Buffer);
|
|
#endif
|
|
|
|
if (GetCurrentThreadId() == sThreadLoadingXPCOMModule) {
|
|
// Check to ensure that the DLL has ASLR.
|
|
full_fname = getFullPath(filePath, fname);
|
|
if (!full_fname) {
|
|
// uh, we couldn't find the DLL at all, so...
|
|
printf_stderr("LdrLoadDll: Blocking load of '%s' (SearchPathW didn't find it?)\n", dllName);
|
|
return STATUS_DLL_NOT_FOUND;
|
|
}
|
|
|
|
if (IsVistaOrLater() && !CheckASLR(full_fname)) {
|
|
printf_stderr("LdrLoadDll: Blocking load of '%s'. XPCOM components must support ASLR.\n", dllName);
|
|
return STATUS_DLL_NOT_FOUND;
|
|
}
|
|
}
|
|
|
|
return stub_LdrLoadDll(filePath, flags, moduleFileName, handle);
|
|
}
|
|
|
|
WindowsDllInterceptor NtDllIntercept;
|
|
|
|
} // anonymous namespace
|
|
|
|
NS_EXPORT void
|
|
DllBlocklist_Initialize()
|
|
{
|
|
if (GetModuleHandleA("user32.dll")) {
|
|
sUser32BeforeBlocklist = true;
|
|
}
|
|
|
|
NtDllIntercept.Init("ntdll.dll");
|
|
|
|
ReentrancySentinel::InitializeStatics();
|
|
|
|
// We specifically use a detour, because there are cases where external
|
|
// code also tries to hook LdrLoadDll, and doesn't know how to relocate our
|
|
// nop space patches. (Bug 951827)
|
|
bool ok = NtDllIntercept.AddDetour("LdrLoadDll", reinterpret_cast<intptr_t>(patched_LdrLoadDll), (void**) &stub_LdrLoadDll);
|
|
|
|
if (!ok) {
|
|
sBlocklistInitFailed = true;
|
|
#ifdef DEBUG
|
|
printf_stderr ("LdrLoadDll hook failed, no dll blocklisting active\n");
|
|
#endif
|
|
}
|
|
}
|
|
|
|
NS_EXPORT void
|
|
DllBlocklist_SetInXPCOMLoadOnMainThread(bool inXPCOMLoadOnMainThread)
|
|
{
|
|
if (inXPCOMLoadOnMainThread) {
|
|
MOZ_ASSERT(sThreadLoadingXPCOMModule == 0, "Only one thread should be doing this");
|
|
sThreadLoadingXPCOMModule = GetCurrentThreadId();
|
|
} else {
|
|
sThreadLoadingXPCOMModule = 0;
|
|
}
|
|
}
|
|
|
|
NS_EXPORT void
|
|
DllBlocklist_WriteNotes(HANDLE file)
|
|
{
|
|
DWORD nBytes;
|
|
|
|
WriteFile(file, kBlockedDllsParameter, kBlockedDllsParameterLen, &nBytes, nullptr);
|
|
DllBlockSet::Write(file);
|
|
WriteFile(file, "\n", 1, &nBytes, nullptr);
|
|
|
|
if (sBlocklistInitFailed) {
|
|
WriteFile(file, kBlocklistInitFailedParameter,
|
|
kBlocklistInitFailedParameterLen, &nBytes, nullptr);
|
|
}
|
|
|
|
if (sUser32BeforeBlocklist) {
|
|
WriteFile(file, kUser32BeforeBlocklistParameter,
|
|
kUser32BeforeBlocklistParameterLen, &nBytes, nullptr);
|
|
}
|
|
}
|