Insecure dynamic loading of DLL files

[mtausig]

The Seadrive client is using the LoadLibrary function to dynamically load DLL files during runtime. Those files are loaded without a full path being used which would a file lying in the local directory having precedence over the expected file installed in the system.

You should use an absolute path to access those libraries or add an integrity checking mechanism to prevent an attacker from injecting a malicious library.

Occurences of this problem are:

• https://github.com/haiwen/seadrive-gui/blob/8a1e459f1c42a24eec6fcce482398bebf6459e1c/src/utils/utils-win.cpp#L54
• https://github.com/haiwen/seadrive-gui/blob/8a1e459f1c42a24eec6fcce482398bebf6459e1c/src/win-sso/win-http-request.cpp#L303
• https://github.com/haiwen/seadrive-gui/blob/8a1e459f1c42a24eec6fcce482398bebf6459e1c/src/daemon-mgr.cpp#L127