Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Search for dllimported shared libs in the base directory, not cwd.

* loader.c: we don't search the current directory anymore for shared
libraries referenced in DllImport attributes, as it has a slight
security risk. We search in the same directory where the referencing
image was loaded from, instead. Fixes bug# 641915.
  • Loading branch information...
commit 8e890a3bf80a4620e417814dc14886b1bbd17625 1 parent b80ffc9
@illupus illupus authored
Showing with 10 additions and 8 deletions.
  1. +10 −8 mono/metadata/loader.c
View
18 mono/metadata/loader.c
@@ -1340,32 +1340,34 @@ mono_lookup_pinvoke_call (MonoMethod *method, const char **exc_class, const char
if (!module) {
void *iter = NULL;
- while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
+ char *mdirname = g_path_get_dirname (image->name);
+ while ((full_name = mono_dl_build_path (mdirname, file_name, &iter))) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport loading location: '%s'.", full_name);
+ "DllImport loading library: '%s'.", full_name);
module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
if (!module) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport error loading library: '%s'.",
- error_msg);
+ "DllImport error loading library '%s'.",
+ error_msg);
g_free (error_msg);
}
g_free (full_name);
if (module)
break;
}
+ g_free (mdirname);
}
if (!module) {
void *iter = NULL;
- while ((full_name = mono_dl_build_path (".", file_name, &iter))) {
+ while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport loading library: '%s'.", full_name);
+ "DllImport loading location: '%s'.", full_name);
module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
if (!module) {
mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
- "DllImport error loading library '%s'.",
- error_msg);
+ "DllImport error loading library: '%s'.",
+ error_msg);
g_free (error_msg);
}
g_free (full_name);
Please sign in to comment.
Something went wrong with that request. Please try again.