xmlparse.c: Fix DLL hijacking vulnerability (#82)

expat/Changes

@@ -5,6 +5,7 @@ NOTE: We are looking for help with a few things:
 Release 2.2.? ????????????????
         Security fixes:
              #81  Pre-10.7/Lion macOS: Support entropy from arc4random
+             #82  Windows: Fix DLL hijacking vulnerability
 
         Other changes:
              #23  Test suite: Fix memory leaks
@@ -13,6 +14,7 @@ Release 2.2.? ????????????????
 
         Special thanks to:
             Rhodri James
+            Viktor Szakats
                  and
             Core Infrastructure Initiative
 

expat/lib/xmlparse.c

@@ -50,6 +50,9 @@
 # include <bsd/stdlib.h>
 #endif
 
+#if defined(_WIN32) && !defined(LOAD_LIBRARY_SEARCH_SYSTEM32)
+# define LOAD_LIBRARY_SEARCH_SYSTEM32  0x00000800
+#endif
 
 #if !defined(HAVE_GETRANDOM) && !defined(HAVE_SYSCALL_GETRANDOM) \
     && !defined(HAVE_ARC4RANDOM_BUF) && !defined(HAVE_ARC4RANDOM) \
@@ -811,7 +814,13 @@ typedef BOOLEAN (APIENTRY *RTLGENRANDOM_FUNC)(PVOID, ULONG);
 static int
 writeRandomBytes_RtlGenRandom(void * target, size_t count) {
   int success = 0;  /* full count bytes written? */
-  const HMODULE advapi32 = LoadLibrary(TEXT("ADVAPI32.DLL"));
+  const LPCTSTR file_name = TEXT("ADVAPI32.DLL");
+  HMODULE advapi32 = LoadLibraryEx(file_name, 0, LOAD_LIBRARY_SEARCH_SYSTEM32);
+
+  if (! advapi32) {
+    /* Try again without LOAD_LIBRARY_SEARCH_SYSTEM32 if unsupported */
+    advapi32 = LoadLibraryEx(file_name, 0, 0);
+  }
 
   if (advapi32) {
     const RTLGENRANDOM_FUNC RtlGenRandom