From f2b9d5341334954192f568ae442edc66bfd785c3 Mon Sep 17 00:00:00 2001 From: Dean Ellis Date: Tue, 4 Aug 2020 11:22:00 +0100 Subject: [PATCH] Use DefaultDllImportSearchPathsAttribute Fixes #64 Context: https://devdiv.visualstudio.com/DevDiv/_workitems/edit/1139578 Context: https://liquid.microsoft.com/Web/Object/Read/ms.security/Requirements/Microsoft.Security.SystemsADM.10039#guide The current security guidance is that the [`System.Runtime.InteropServices.DefaultDllImportSearchPathsAttribute`](https://docs.microsoft.com/en-us/dotnet/api/system.runtime.interopservices.defaultdllimportsearchpathsattribute?view=netcore-3.1) attribute should be placed either on the assembly or on `[DllImport]` methods, to control and constrain where [`LoadLibraryEx()`](https://docs.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-loadlibraryexa?redirectedfrom=MSDN) will look for native libraries. This commit implements this in the `Native.cs` file. We are using an assembly level atribute but place it in the area where all the native calls are maintained. --- Native.cs | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/Native.cs b/Native.cs index 5fc2d328..54ffd482 100644 --- a/Native.cs +++ b/Native.cs @@ -27,6 +27,8 @@ using System; using System.Runtime.InteropServices; +[assembly: DefaultDllImportSearchPathsAttribute(DllImportSearchPath.SafeDirectories)] + namespace Xamarin.Tools.Zip { internal class Native @@ -47,16 +49,16 @@ public struct zip_source_args_seek_t public struct zip_stat_t { - public UInt64 valid; /* which fields have valid values */ - public IntPtr name; /* name of the file (char *) */ - public UInt64 index; /* index within archive */ - public UInt64 size; /* size of file (uncompressed) */ - public UInt64 comp_size; /* size of file (compressed) */ - public IntPtr mtime; /* modification time (time_t) */ - public UInt32 crc; /* crc of file data */ - public Int16 comp_method; /* compression method used */ - public UInt16 encryption_method; /* encryption method used */ - public UInt32 flags; /* reserved for future use */ + public UInt64 valid; /* which fields have valid values */ + public IntPtr name; /* name of the file (char *) */ + public UInt64 index; /* index within archive */ + public UInt64 size; /* size of file (uncompressed) */ + public UInt64 comp_size; /* size of file (compressed) */ + public IntPtr mtime; /* modification time (time_t) */ + public UInt32 crc; /* crc of file data */ + public Int16 comp_method; /* compression method used */ + public UInt16 encryption_method; /* encryption method used */ + public UInt32 flags; /* reserved for future use */ }; [UnmanagedFunctionPointer (CallingConvention.Cdecl)] @@ -360,7 +362,7 @@ public static int zip_set_file_comment (IntPtr archive, UInt64 index, string com [DllImport (ZIP_LIBNAME, CallingConvention = CallingConvention.Cdecl)] public static extern int zip_set_file_compression (IntPtr archive, UInt64 index, CompressionMethod comp, UInt32 comp_flags); - + [DllImport (ZIP_LIBNAME, CallingConvention = CallingConvention.Cdecl)] public static extern int zip_file_set_mtime(IntPtr archive, UInt64 index, ulong mtime, UInt32 flags);