windows/svc: safely load system DLLs

These DLLs, well advapi32.dll in particular, are vulnerable to classic DLL directory injection attacks. The rest of x/sys/windows moved over to the safe system loader, but apparently the svc package was forgotten. This tidies up that oversight. Change-Id: I330fa752cf2d49ccc5cf1bd60fb4bd612bd2b6b0 Reviewed-on: https://go-review.googlesource.com/c/sys/+/165758 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2026-02-08 19:56:04 +03:00 · 2019-03-06 17:51:47 +01:00
parent 3e9a981b8d
commit 70f5298506
1 changed files with 5 additions and 5 deletions
--- a/windows/svc/service.go
+++ b/windows/svc/service.go
@@ -115,11 +115,11 @@ var (
 )

 func init() {
-	k := syscall.MustLoadDLL("kernel32.dll")
-	cSetEvent = k.MustFindProc("SetEvent").Addr()
-	cWaitForSingleObject = k.MustFindProc("WaitForSingleObject").Addr()
-	a := syscall.MustLoadDLL("advapi32.dll")
-	cRegisterServiceCtrlHandlerExW = a.MustFindProc("RegisterServiceCtrlHandlerExW").Addr()
+	k := windows.NewLazySystemDLL("kernel32.dll")
+	cSetEvent = k.NewProc("SetEvent").Addr()
+	cWaitForSingleObject = k.NewProc("WaitForSingleObject").Addr()
+	a := windows.NewLazySystemDLL("advapi32.dll")
+	cRegisterServiceCtrlHandlerExW = a.NewProc("RegisterServiceCtrlHandlerExW").Addr()
 }

 type ctlEvent struct {