From 6db87d6ae378f394975a82c93791b4980fad6709 Mon Sep 17 00:00:00 2001
From: Jameson Nash <vtjnash@gmail.com>
Date: Mon, 12 Dec 2022 12:15:37 -0500
Subject: [PATCH] win,dl: remove cwd from dlopen search path

SafeSearch (enabled by default) already moves this near the end of the
search list. This flag (added in Windows 8) removes it entirely. This
may enhance security of applications that depend on libuv, at the high
risk of breaking applications that expected to be able to open
libraries by a relative path without a path separator (e.g. just the
file name).
---
 src/win/dl.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/win/dl.c b/src/win/dl.c
index 676be4dc..58bdc170 100644
--- a/src/win/dl.c
+++ b/src/win/dl.c
@@ -27,7 +27,8 @@ static int uv__dlerror(uv_lib_t* lib, const char* filename, DWORD errorno);
 
 int uv_dlopen(const char* filename, uv_lib_t* lib) {
   WCHAR filename_w[32768];
-
+  DWORD flags;
+  
   lib->handle = NULL;
   lib->errmsg = NULL;
 
@@ -40,7 +41,8 @@ int uv_dlopen(const char* filename, uv_lib_t* lib) {
     return uv__dlerror(lib, filename, GetLastError());
   }
 
-  lib->handle = LoadLibraryExW(filename_w, NULL, LOAD_WITH_ALTERED_SEARCH_PATH);
+  flags = LOAD_WITH_ALTERED_SEARCH_PATH | LOAD_LIBRARY_SAFE_CURRENT_DIRS;
+  lib->handle = LoadLibraryExW(filename_w, NULL, flags);
   if (lib->handle == NULL) {
     return uv__dlerror(lib, filename, GetLastError());
   }