Also override OPENSSL_ENGINES to prevent DLL injection (#13124)

This commit is contained in:
Janek Bevendorff 2026-03-10 00:38:06 +01:00 committed by Janek Bevendorff
parent 680f5dae7c
commit b4cf8fa435

View file

@ -54,10 +54,11 @@ int main(int argc, char** argv)
QT_REQUIRE_VERSION(argc, argv, QT_VERSION_STR)
#ifdef Q_OS_WIN
// Set OPENSSL_CONF and OPENSSL_MODULES to an invalid location to prevent DLL injection via openssl.cnf.
// Set OPENSSL_* variables to an invalid location to prevent DLL injection via openssl.cnf.
// vcpkg by default hard-codes this to its packages location, which may be user-writable.
qputenv("OPENSSL_CONF", "::");
qputenv("OPENSSL_MODULES", "::");
qputenv("OPENSSL_ENGINES", "::");
#endif
QApplication::setAttribute(Qt::AA_EnableHighDpiScaling);