bcarrella/cef
1
0
Fork 0
mirror of https://bitbucket.org/chromiumembedded/cef synced 2025-06-05 21:39:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

bootstrap: Load client DLL as untrusted for checks (see #3935)

Browse Source
This commit is contained in:
Marshall Greenblatt
2025-05-23 13:07:36 -04:00
parent 6606e241a1
commit 1e8093a910
2 changed files with 29 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/wrapper/cef_certificate_util_win.h
View File

@@ -51,7 +51,6 @@ inline constexpr size_t kThumbprintLength = 40U;
/// Structure populated by GetClientThumbprints(). /// Structure populated by GetClientThumbprints().
/// ///
struct ThumbprintsInfo { struct ThumbprintsInfo {
public:
/// ///
/// True if one or more signatures exist and all are valid. /// True if one or more signatures exist and all are valid.
/// ///

40
libcef_dll/bootstrap/bootstrap_win.cc
View File

@@ -165,8 +165,16 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
std::wstring error; std::wstring error;
if (HMODULE hModule = ::LoadLibrary(dll_name.c_str())) { if (!is_sandboxed) {
if (!is_sandboxed) { // Load the client DLL as untrusted (e.g. without executing DllMain or
// loading additional modules) so that we can first check requirements.
// LoadLibrary's "default search order" is tricky and we don't want to guess
// about what DLL it will load. DONT_RESOLVE_DLL_REFERENCES is the only
// option that doesn't execute DllMain while still allowing us retrieve the
// path using GetModuleFileName. No execution of the DLL should be attempted
// while loaded in this mode.
if (HMODULE hModule = ::LoadLibraryEx(dll_name.c_str(), nullptr,
DONT_RESOLVE_DLL_REFERENCES)) {
const auto& dll_path = bootstrap_util::GetModulePath(hModule); const auto& dll_path = bootstrap_util::GetModulePath(hModule);
if (!bootstrap_util::IsModulePathAllowed(dll_path, exe_path)) { if (!bootstrap_util::IsModulePathAllowed(dll_path, exe_path)) {
@@ -190,9 +198,19 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
error = FormatErrorString(IDS_ERROR_INVALID_CERT, subst); error = FormatErrorString(IDS_ERROR_INVALID_CERT, subst);
} }
} }
}
if (error.empty()) { FreeLibrary(hModule);
} else {
const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString())});
error = FormatErrorString(IDS_ERROR_LOAD_FAILED, subst);
}
}
if (error.empty()) {
// Load the client DLL normally.
if (HMODULE hModule = ::LoadLibrary(dll_name.c_str())) {
if (auto* pFunc = (kProcType)::GetProcAddress(hModule, kProcName)) { if (auto* pFunc = (kProcType)::GetProcAddress(hModule, kProcName)) {
#if defined(CEF_BUILD_BOOTSTRAP_CONSOLE) #if defined(CEF_BUILD_BOOTSTRAP_CONSOLE)
return pFunc(argc, argv, sandbox_info); return pFunc(argc, argv, sandbox_info);
@@ -206,14 +224,14 @@ int APIENTRY wWinMain(HINSTANCE hInstance,
base::ASCIIToUTF16(std::string(kProcName))}); base::ASCIIToUTF16(std::string(kProcName))});
error = FormatErrorString(IDS_ERROR_NO_PROC_EXPORT, subst); error = FormatErrorString(IDS_ERROR_NO_PROC_EXPORT, subst);
} }
}
FreeLibrary(hModule); FreeLibrary(hModule);
} else if (!is_sandboxed) { } else if (!is_sandboxed) {
const auto subst = std::to_array<std::u16string>( const auto subst = std::to_array<std::u16string>(
{base::WideToUTF16(dll_name), {base::WideToUTF16(dll_name),
base::WideToUTF16(cef_util::GetLastErrorAsString())}); base::WideToUTF16(cef_util::GetLastErrorAsString())});
error = FormatErrorString(IDS_ERROR_LOAD_FAILED, subst); error = FormatErrorString(IDS_ERROR_LOAD_FAILED, subst);
}
} }
// Don't try to show errors while sandboxed. // Don't try to show errors while sandboxed.