Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Search for dllimported shared libs in the base directory, not cwd.

* loader.c: we don't search the current directory anymore for shared
libraries referenced in DllImport attributes, as it has a slight
security risk. We search in the same directory where the referencing
image was loaded from, instead. Fixes bug# 641915.
commit 8e890a3bf80a4620e417814dc14886b1bbd17625 1 parent b80ffc9
@illupus illupus authored
Showing with 10 additions and 8 deletions.
  1. +10 −8 mono/metadata/loader.c
View
18 mono/metadata/loader.c
@@ -1340,32 +1340,34 @@ mono_lookup_pinvoke_call (MonoMethod *method, const char **exc_class, const char
if (!module) {
void *iter = NULL;
- while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
+ char *mdirname = g_path_get_dirname (image->name);
+ while ((full_name = mono_dl_build_path (mdirname, file_name, &iter))) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport loading location: '%s'.", full_name);
+ "DllImport loading library: '%s'.", full_name);
module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
if (!module) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport error loading library: '%s'.",
- error_msg);
+ "DllImport error loading library '%s'.",
+ error_msg);
g_free (error_msg);
}
g_free (full_name);
if (module)
break;
}
+ g_free (mdirname);
}
if (!module) {
void *iter = NULL;
- while ((full_name = mono_dl_build_path (".", file_name, &iter))) {
+ while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport loading library: '%s'.", full_name);
+ "DllImport loading location: '%s'.", full_name);
module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
if (!module) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport error loading library '%s'.",
- error_msg);
+ "DllImport error loading library: '%s'.",
+ error_msg);
g_free (error_msg);
}
g_free (full_name);
Please sign in to comment.
Something went wrong with that request. Please try again.