diff --git a/browser/app/moz.build b/browser/app/moz.build index 5a35fd07e612..bc1f24325b22 100644 --- a/browser/app/moz.build +++ b/browser/app/moz.build @@ -56,6 +56,11 @@ if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': 'sandbox_s', ] + DELAYLOAD_DLLS += [ + 'winmm.dll', + 'user32.dll', + ] + # Control the default heap size. # This is the heap returned by GetProcessHeap(). # As we use the CRT heap, the default size is too large and wastes VM. diff --git a/browser/app/nsBrowserApp.cpp b/browser/app/nsBrowserApp.cpp index 2ef2f8705ae9..4764a51a95a6 100644 --- a/browser/app/nsBrowserApp.cpp +++ b/browser/app/nsBrowserApp.cpp @@ -322,6 +322,20 @@ sizeof(XPCOM_DLL) - 1)) int main(int argc, char* argv[], char* envp[]) { + mozilla::TimeStamp start = mozilla::TimeStamp::Now(); + +#ifdef HAS_DLL_BLOCKLIST + DllBlocklist_Initialize(); + +#ifdef DEBUG + // In order to be effective against AppInit DLLs, the blocklist must be + // initialized before user32.dll is loaded into the process (bug 932100). + if (GetModuleHandleA("user32.dll")) { + fprintf(stderr, "DLL blocklist was unable to intercept AppInit DLLs.\n"); + } +#endif +#endif + #ifdef MOZ_BROWSER_CAN_BE_CONTENTPROC // We are launching as a content process, delegate to the appropriate // main @@ -349,22 +363,9 @@ int main(int argc, char* argv[], char* envp[]) } #endif - mozilla::TimeStamp start = mozilla::TimeStamp::Now(); nsIFile *xreDirectory; -#ifdef HAS_DLL_BLOCKLIST - DllBlocklist_Initialize(); - -#ifdef DEBUG - // In order to be effective against AppInit DLLs, the blocklist must be - // initialized before user32.dll is loaded into the process (bug 932100). - if (GetModuleHandleA("user32.dll")) { - fprintf(stderr, "DLL blocklist was unable to intercept AppInit DLLs.\n"); - } -#endif -#endif - nsresult rv = InitXPCOMGlue(argv[0], &xreDirectory); if (NS_FAILED(rv)) { return 255; diff --git a/ipc/app/MozillaRuntimeMain.cpp b/ipc/app/MozillaRuntimeMain.cpp index 67b636333145..3f977e4623ee 100644 --- a/ipc/app/MozillaRuntimeMain.cpp +++ b/ipc/app/MozillaRuntimeMain.cpp @@ -1,12 +1,19 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- - * vim: sw=4 ts=4 et : - * This Source Code Form is subject to the terms of the Mozilla Public +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "../contentproc/plugin-container.cpp" - + +#include "mozilla/WindowsDllBlocklist.h" + int -main(int argc, char *argv[]) { - return content_process_main(argc, argv); +main(int argc, char *argv[]) +{ +#ifdef HAS_DLL_BLOCKLIST + DllBlocklist_Initialize(); +#endif + + return content_process_main(argc, argv); } diff --git a/ipc/app/moz.build b/ipc/app/moz.build index 6c89083e5b8c..6fc4828a8c92 100644 --- a/ipc/app/moz.build +++ b/ipc/app/moz.build @@ -37,15 +37,30 @@ if CONFIG['OS_TARGET'] != 'Android': 'rlz', ] -if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_ARCH'] == 'WINNT': - # For sandbox includes and the include dependencies those have - LOCAL_INCLUDES += [ - '/security/sandbox/chromium', - '/security/sandbox/chromium-shim', +# DELAYLOAD_DLLS in this block ensures that the DLL blocklist is functional +if CONFIG['OS_ARCH'] == 'WINNT': + DELAYLOAD_DLLS += [ + 'nss3.dll', ] - USE_LIBS += [ - 'sandbox_s', + if CONFIG['MOZ_SANDBOX']: + # For sandbox includes and the include dependencies those have + LOCAL_INCLUDES += [ + '/security/sandbox/chromium', + '/security/sandbox/chromium-shim', + ] + + USE_LIBS += [ + 'sandbox_s', + ] + + DELAYLOAD_DLLS += [ + 'winmm.dll', + 'user32.dll', + ] + + DELAYLOAD_DLLS += [ + 'xul.dll', ] if CONFIG['MOZ_SANDBOX'] and CONFIG['OS_TARGET'] in ('Linux', 'Android'): diff --git a/js/xpconnect/shell/moz.build b/js/xpconnect/shell/moz.build index 4352c2bcbbb5..f1a4a192ea94 100644 --- a/js/xpconnect/shell/moz.build +++ b/js/xpconnect/shell/moz.build @@ -31,6 +31,7 @@ if CONFIG['_MSC_VER']: # a console application. WIN32_EXE_LDFLAGS += ['-ENTRY:wmainCRTStartup'] +# DELAYLOAD_DLLS in this block ensure that the DLL blocklist initializes if CONFIG['OS_ARCH'] == 'WINNT': RCINCLUDE = 'xpcshell.rc' @@ -45,6 +46,15 @@ if CONFIG['OS_ARCH'] == 'WINNT': 'sandbox_s', ] + DELAYLOAD_DLLS += [ + 'winmm.dll', + 'user32.dll', + ] + + DELAYLOAD_DLLS += [ + 'xul.dll', + ] + CFLAGS += CONFIG['TK_CFLAGS'] CXXFLAGS += CONFIG['TK_CFLAGS'] OS_LIBS += CONFIG['TK_LIBS'] diff --git a/mozglue/build/WindowsDllBlocklist.cpp b/mozglue/build/WindowsDllBlocklist.cpp index 3d9bf5156a20..24e359adf4c4 100644 --- a/mozglue/build/WindowsDllBlocklist.cpp +++ b/mozglue/build/WindowsDllBlocklist.cpp @@ -243,6 +243,7 @@ static const int kUser32BeforeBlocklistParameterLen = sizeof(kUser32BeforeBlocklistParameter) - 1; static DWORD sThreadLoadingXPCOMModule; +static bool sBlocklistInitAttempted; static bool sBlocklistInitFailed; static bool sUser32BeforeBlocklist; @@ -756,9 +757,16 @@ WindowsDllInterceptor NtDllIntercept; MFBT_API void DllBlocklist_Initialize() { + if (sBlocklistInitAttempted) { + return; + } + sBlocklistInitAttempted = true; + if (GetModuleHandleA("user32.dll")) { sUser32BeforeBlocklist = true; } + // Catch any missing DELAYLOADS for user32.dll + MOZ_ASSERT(!sUser32BeforeBlocklist); NtDllIntercept.Init("ntdll.dll"); diff --git a/toolkit/xre/nsEmbedFunctions.cpp b/toolkit/xre/nsEmbedFunctions.cpp index c5d5945498d1..a81168c3682f 100644 --- a/toolkit/xre/nsEmbedFunctions.cpp +++ b/toolkit/xre/nsEmbedFunctions.cpp @@ -304,10 +304,6 @@ XRE_InitChildProcess(int aArgc, NS_ENSURE_ARG_POINTER(aArgv[0]); MOZ_ASSERT(aChildData); -#ifdef HAS_DLL_BLOCKLIST - DllBlocklist_Initialize(); -#endif - #ifdef MOZ_JPROF // Call the code to install our handler setupProfilingStuff();