Use safe DLL loading (avoid current directory) #1293
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This avoids DLL planting issues during the fallback search for a base trust server. It uses the `LOAD_LIBRARY_SEARCH_DEFAULT_DIRS` flag, which searches the usual places, including the application directory, but exclude the current directory. The flag is supported on Win8 onward, as well as on Win7 if you have KB2533623 installed (which you really should). If you need to support versions of Win7 that haven't been patched since 2011, then stick with whatever version of C++/WinRT you are currently using.
kennykerr
approved these changes
Mar 29, 2023
dmachaj
approved these changes
Mar 29, 2023
Contributor
|
Do we want to allow customization of the default, maybe via a #define? |
jlaanstra
approved these changes
Mar 30, 2023
Contributor
|
I'm not sure it's worth the expense of adding a customization switch to support operating systems that haven't been patched since 2011 |
Collaborator
|
Right, the switch is to use a different version of cppwinrt. |
|
For RNW we're going to do this: #ifdef CPPWINRT_USE_LOADLIBRARYEXW
#define WINRT_IMPL_LoadLibraryW(name) \
WINRT_IMPL_LoadLibraryExW(name, nullptr, 0x00001000 /* LOAD_LIBRARY_SEARCH_DEFAULT_DIRS */)
#endifwhere <ItemDefinitionGroup Label="CppWinRT">
<ClCompile>
<PreprocessorDefinitions Condition="$([MSBuild]::VersionGreaterThanOrEquals('$(CppWinRTVersion)', '2.0.230524.3'))">
CPPWINRT_USE_LOADLIBRARYEXW;
%(PreprocessorDefinitions)
</PreprocessorDefinitions>
</ClCompile>
</ItemDefinitionGroup>because of the lack of convenient version macros to do it strictly in code: #668. |
Member
Author
|
@jonthysell Note that all
If you want to call LoadLibrary, you can define your own |
jonthysell
added a commit
to microsoft/react-native-windows
that referenced
this pull request
Jul 28, 2023
…xW (#11953) ## Description CppWinRT >= 2.0.230524.3 no longer expose the `WINRT_IMPL_LoadLibraryW` method for loading libraries, instead preferring a new `WINRT_IMPL_LoadLibraryExW`. See microsoft/cppwinrt#1293. This PR fixes our usage of `WINRT_IMPL_LoadLibraryW` by detecting newer versions of CppWinRT and using the new API when available. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why Customers who tried to specify newer versions of CppWinRT hit build errors due to the use of the deprecated API. Closes #11795 ### What Created a macro to re-define the old API which calls the new API with the same behavior, as seen in the PR which deprecated the API in the first place. ## Screenshots N/A ## Testing Verified able to build against the latest [Microsoft.Windows.CppWinRT 2.0.230706.1](https://www.nuget.org/packages/Microsoft.Windows.CppWinRT/2.0.230706.1). ## Changelog Should this change be included in the release notes: yes Customers who specify their own version of Microsoft.Windows.CppWinRT can now use versions >= 2.0.230524.3.
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this pull request
Aug 7, 2023
…ibraryExW This PR backports microsoft#11953 to RNW 0.72. CppWinRT >= 2.0.230524.3 no longer expose the `WINRT_IMPL_LoadLibraryW` method for loading libraries, instead preferring a new `WINRT_IMPL_LoadLibraryExW`. See microsoft/cppwinrt#1293. This PR fixes our usage of `WINRT_IMPL_LoadLibraryW` by detecting newer versions of CppWinRT and using the new API when available. - Bug fix (non-breaking change which fixes an issue) Customers who tried to specify newer versions of CppWinRT hit build errors due to the use of the deprecated API. Closes microsoft#11795 Created a macro to re-define the old API which calls the new API with the same behavior, as seen in the PR which deprecated the API in the first place. N/A Verified able to build against the latest [Microsoft.Windows.CppWinRT 2.0.230706.1](https://www.nuget.org/packages/Microsoft.Windows.CppWinRT/2.0.230706.1). Should this change be included in the release notes: yes Customers who specify their own version of Microsoft.Windows.CppWinRT can now use versions >= 2.0.230524.3.
jonthysell
added a commit
to jonthysell/react-native-windows
that referenced
this pull request
Aug 7, 2023
…ibraryExW This PR backports microsoft#11953 to RNW 0.72. CppWinRT >= 2.0.230524.3 no longer expose the `WINRT_IMPL_LoadLibraryW` method for loading libraries, instead preferring a new `WINRT_IMPL_LoadLibraryExW`. See microsoft/cppwinrt#1293. This PR fixes our usage of `WINRT_IMPL_LoadLibraryW` by detecting newer versions of CppWinRT and using the new API when available. - Bug fix (non-breaking change which fixes an issue) Customers who tried to specify newer versions of CppWinRT hit build errors due to the use of the deprecated API. Closes microsoft#11795 Created a macro to re-define the old API which calls the new API with the same behavior, as seen in the PR which deprecated the API in the first place. N/A Verified able to build against the latest [Microsoft.Windows.CppWinRT 2.0.230706.1](https://www.nuget.org/packages/Microsoft.Windows.CppWinRT/2.0.230706.1). Should this change be included in the release notes: yes Customers who specify their own version of Microsoft.Windows.CppWinRT can now use versions >= 2.0.230524.3. Enable using newer CppWinRT versions that use WINRT_IMPL_LoadLibraryExW (microsoft#11953) CppWinRT >= 2.0.230524.3 no longer expose the `WINRT_IMPL_LoadLibraryW` method for loading libraries, instead preferring a new `WINRT_IMPL_LoadLibraryExW`. See microsoft/cppwinrt#1293. This PR fixes our usage of `WINRT_IMPL_LoadLibraryW` by detecting newer versions of CppWinRT and using the new API when available. - Bug fix (non-breaking change which fixes an issue) Customers who tried to specify newer versions of CppWinRT hit build errors due to the use of the deprecated API. Closes microsoft#11795 Created a macro to re-define the old API which calls the new API with the same behavior, as seen in the PR which deprecated the API in the first place. N/A Verified able to build against the latest [Microsoft.Windows.CppWinRT 2.0.230706.1](https://www.nuget.org/packages/Microsoft.Windows.CppWinRT/2.0.230706.1). Should this change be included in the release notes: yes Customers who specify their own version of Microsoft.Windows.CppWinRT can now use versions >= 2.0.230524.3.
jonthysell
added a commit
to microsoft/react-native-windows
that referenced
this pull request
Aug 7, 2023
…ibraryExW (#11986) This PR backports #11953 to RNW 0.72. ## Description CppWinRT >= 2.0.230524.3 no longer expose the `WINRT_IMPL_LoadLibraryW` method for loading libraries, instead preferring a new `WINRT_IMPL_LoadLibraryExW`. See microsoft/cppwinrt#1293. This PR fixes our usage of `WINRT_IMPL_LoadLibraryW` by detecting newer versions of CppWinRT and using the new API when available. ### Type of Change - Bug fix (non-breaking change which fixes an issue) ### Why Customers who tried to specify newer versions of CppWinRT hit build errors due to the use of the deprecated API. Closes #11795 ### What Created a macro to re-define the old API which calls the new API with the same behavior, as seen in the PR which deprecated the API in the first place. ## Screenshots N/A ## Testing Verified able to build against the latest [Microsoft.Windows.CppWinRT 2.0.230706.1](https://www.nuget.org/packages/Microsoft.Windows.CppWinRT/2.0.230706.1). ## Changelog Should this change be included in the release notes: yes Customers who specify their own version of Microsoft.Windows.CppWinRT can now use versions >= 2.0.230524.3.
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This avoids DLL planting issues during the fallback search for a base trust server. It uses the
LOAD_LIBRARY_SEARCH_DEFAULT_DIRSflag, which searches the usual places, including the application directory, but excludes the current directory. The flag is supported on Win8 onward, as well as on Win7 if you have KB2533623 installed (which you really should). If you need to support versions of Win7 that haven't been patched since 2011, then stick with whatever version of C++/WinRT you are currently using.