Also override OPENSSL_ENGINES to prevent DLL injection (#13124)

This commit is contained in:
Janek Bevendorff 2026-03-10 00:38:06 +01:00
parent d5fe2f0696
commit f70ca1a13c
No known key found for this signature in database
GPG key ID: 2CF41D2AA8438F99

View file

@ -54,10 +54,11 @@ int main(int argc, char** argv)
QT_REQUIRE_VERSION(argc, argv, QT_VERSION_STR)
#ifdef Q_OS_WIN
// Set OPENSSL_CONF and OPENSSL_MODULES to an invalid location to prevent DLL injection via openssl.cnf.
// Set OPENSSL_* variables to an invalid location to prevent DLL injection via openssl.cnf.
// vcpkg by default hard-codes this to its packages location, which may be user-writable.
qputenv("OPENSSL_CONF", "::");
qputenv("OPENSSL_MODULES", "::");
qputenv("OPENSSL_ENGINES", "::");
#endif
QApplication::setAttribute(Qt::AA_EnableHighDpiScaling);