[PATCH 21/22] ntdll: Deny library load or unload from LDR notification callbacks.

Fri Oct 1 13:21:06 CDT 2021

Signed-off-by: Paul Gofman <pgofman at codeweavers.com>
---
 dlls/ntdll/loader.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/dlls/ntdll/loader.c b/dlls/ntdll/loader.c
index e4c090aa70e..116df9b1453 100644
--- a/dlls/ntdll/loader.c
+++ b/dlls/ntdll/loader.c
@@ -2138,6 +2138,12 @@ NTSTATUS WINAPI LdrGetProcedureAddress( HMODULE module, const ANSI_STRING *name,
 
     if (ret != STATUS_NOT_FOUND) return ret;
 
+    if (RtlIsCriticalSectionLocked( &ldr_notifications_section ))
+    {
+        WARN( "Attempt to unload a library from notification callback.\n" );
+        return STATUS_NOT_FOUND;
+    }
+
     lock_loader_exclusive();
     ret = get_procedure_address( module, name, ord, address );
     unlock_loader();
@@ -3368,6 +3374,11 @@ NTSTATUS WINAPI DECLSPEC_HOTPATCH LdrLoadDll(LPCWSTR path_name, DWORD flags,
 
     if (!LdrGetDllHandleEx( 0, path_name, NULL, libname, hModule )) return STATUS_SUCCESS;
 
+    if (RtlIsCriticalSectionLocked( &ldr_notifications_section ))
+    {
+        WARN( "Attempt to load a new library from notification callback.\n" );
+        return STATUS_NOT_FOUND;
+    }
     lock_loader_exclusive();
 
     nts = load_dll( path_name, libname->Buffer, L".dll", flags, &wm );
@@ -4044,6 +4055,12 @@ NTSTATUS WINAPI LdrUnloadDll( HMODULE hModule )
     unlock_loader();
     if (!need_exclusive) return retv;
 
+    if (RtlIsCriticalSectionLocked( &ldr_notifications_section ))
+    {
+        WARN( "Attempt to unload a library from notification callback.\n" );
+        return STATUS_NOT_FOUND;
+    }
+
     lock_loader_exclusive();
 
     free_lib_count++;
-- 
2.31.1


