From 18d1bcaab499695004c3520133c4d9d4ee2d6bfd Mon Sep 17 00:00:00 2001
From: Yohei Yukawa <yukawa@google.com>
Date: Thu, 26 Oct 2023 07:22:55 +0000
Subject: [PATCH] Set DependentLoadFlags for Mozc executables in Windows

Unlike explicit DLL linking scenario where a DLL is explicitly loaded
with LoadLibrary API, which especially accepts a full path, implicit DLL
linking relies only on a DLL filename (without directory name) and is
known to be vulnerable to so-called DLL planting attack.

To mitigate the above risk, Windows 10 ver. 1607 started recognizing the
following DWORD entry in the PE file [1] as LOAD_LIBRARY_SEARCH_* flags
when implicitly linking DLLs.

 IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [2]
 IMAGE_LOAD_CONFIG_DIRECTORY64::DependentLoadFlags [3]

For example, by setting LOAD_LIBRARY_SEARCH_SYSTEM32 only, we can
tell the system to search "user32.dll" only from the system32 directory.

For Mozc's case, most of what flags can be set differs between *.exe
and *.dll.

For *.exe files, they need to have not only LOAD_LIBRARY_SEARCH_SYSTEM32
but also LOAD_LIBRARY_SEARCH_APPLICATION_DIR so that these *.exe files
can link to Visual C++ runtime DLLs that are installed in the same
directory.

*.dll files, however, are always statically linked to Visual C++ runtime
libraries thus only LOAD_LIBRARY_SEARCH_SYSTEM32 is necessary.

This commit adds '/DEPENDENTLOADFLAG' linker option to achieve the above
settings.

This is an optional security enforcement.  There must be no user
observable behavior change.

Closes #836.

 [1]: https://learn.microsoft.com/en-us/windows/win32/debug/pe-format#file-headers
 [2]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory32
 [3]: https://learn.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_load_config_directory64

PiperOrigin-RevId: 576767635
---
 src/gyp/common_win.gypi | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/gyp/common_win.gypi b/src/gyp/common_win.gypi
index 0db66878b..ad6449ec0 100644
--- a/src/gyp/common_win.gypi
+++ b/src/gyp/common_win.gypi
@@ -385,9 +385,24 @@
         'OptimizeReferences': '2',             # /OPT:REF
         'RandomizedBaseAddress': '2',          # /DYNAMICBASE
         'target_conditions': [
-          # /TSAWARE is valid only on executable target.
           ['_type=="executable"', {
+            # /TSAWARE is valid only on executable target.
             'TerminalServerAware': '2',        # /TSAWARE
+            'AdditionalOptions': [
+              # We build *.exe with dynamic CRT and deploy CRT DLLs into the
+              # application dir. Thus LOAD_LIBRARY_SEARCH_APPLICATION_DIR is
+              # also necessary.
+              #   0x200: LOAD_LIBRARY_SEARCH_APPLICATION_DIR
+              #   0x800: LOAD_LIBRARY_SEARCH_SYSTEM32
+              '/DEPENDENTLOADFLAG:0xA00',
+            ],
+          }, '_type=="shared_library"', {
+            'AdditionalOptions': [
+              # We build *.dll with staticd CRT. Thus
+              # LOAD_LIBRARY_SEARCH_APPLICATION_DIR is not necessary.
+              #   0x800: LOAD_LIBRARY_SEARCH_SYSTEM32
+              '/DEPENDENTLOADFLAG:0x800',
+            ],
           }],
         ],
       },