Also override OPENSSL_ENGINES to prevent DLL injection (#13124)
Some checks are pending
CodeQL / Analyze (push) Waiting to run

This commit is contained in:
Janek Bevendorff 2026-03-10 00:38:06 +01:00 committed by GitHub
parent b7ad8b4761
commit 12ef38c192
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -54,10 +54,11 @@ int main(int argc, char** argv)
QT_REQUIRE_VERSION(argc, argv, QT_VERSION_STR)
#ifdef Q_OS_WIN
// Set OPENSSL_CONF and OPENSSL_MODULES to an invalid location to prevent DLL injection via openssl.cnf.
// Set OPENSSL_* variables to an invalid location to prevent DLL injection via openssl.cnf.
// vcpkg by default hard-codes this to its packages location, which may be user-writable.
qputenv("OPENSSL_CONF", "::");
qputenv("OPENSSL_MODULES", "::");
qputenv("OPENSSL_ENGINES", "::");
#endif
QApplication::setAttribute(Qt::AA_EnableHighDpiScaling);