Search for dllimported shared libs in the base directory, not cwd.

* loader.c: we don't search the current directory anymore for shared
libraries referenced in DllImport attributes, as it has a slight
security risk. We search in the same directory where the referencing
image was loaded from, instead. Fixes bug# 641915.

diff --git a/mono/metadata/loader.c b/mono/metadata/loader.c
index dc730e1c92f8b9eb1d475ce215093cc22d1b8847..eef32c191e85b00d9451a376de33ee0c9fa91eb2 100644 (file)
--- a/mono/metadata/loader.c
+++ b/mono/metadata/loader.c
@@ -1343,32 +1343,34 @@ mono_lookup_pinvoke_call (MonoMethod *method, const char **exc_class, const char
 
                if (!module) {
                        void *iter = NULL;
-                       while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
+                       char *mdirname = g_path_get_dirname (image->name);
+                       while ((full_name = mono_dl_build_path (mdirname, file_name, &iter))) {
                                mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-                                               "DllImport loading location: '%s'.", full_name);
+                                       "DllImport loading library: '%s'.", full_name);
                                module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
                                if (!module) {
                                        mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-                                                       "DllImport error loading library: '%s'.",
-                                                       error_msg);
+                                               "DllImport error loading library '%s'.",
+                                               error_msg);
                                        g_free (error_msg);
                                }
                                g_free (full_name);
                                if (module)
                                        break;
                        }
+                       g_free (mdirname);
                }
 
                if (!module) {
                        void *iter = NULL;
-                       while ((full_name = mono_dl_build_path (".", file_name, &iter))) {
+                       while ((full_name = mono_dl_build_path (NULL, file_name, &iter))) {
                                mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-                                       "DllImport loading library: '%s'.", full_name);
+                                               "DllImport loading location: '%s'.", full_name);
                                module = cached_module_load (full_name, MONO_DL_LAZY, &error_msg);
                                if (!module) {
                                        mono_trace (G_LOG_LEVEL_INFO, MONO_TRACE_DLLIMPORT,
-                                               "DllImport error loading library '%s'.",
-                                               error_msg);
+                                                       "DllImport error loading library: '%s'.",
+                                                       error_msg);
                                        g_free (error_msg);
                                }
                                g_free (full_name);