Add a SHA256 hash to verify on load.

jonsimantov · jonsimantov · commit c67ac66f22d8 · 2025-06-12T19:29:04.000-07:00
diff --git a/analytics/generate_windows_stubs.py b/analytics/generate_windows_stubs.py
@@ -16,6 +16,7 @@
 """Generate stubs and function pointers for Windows SDK"""
 
 import argparse
+import hashlib
 import os
 import re
 import sys
@@ -39,17 +40,29 @@
 
 """
 
-def generate_function_pointers(header_file_path, output_h_path, output_c_path):
+
+def hash_file(filename):
+    sha256_hash = hashlib.sha256()
+    with open(filename, "rb") as file:
+        while chunk := file.read(4096):
+            sha256_hash.update(chunk)
+    return sha256_hash.hexdigest()
+
+def generate_function_pointers(dll_file_path, header_file_path, output_h_path, output_c_path):
     """
     Parses a C header file to generate a self-contained header with typedefs,
     extern function pointer declarations, and a source file with stub functions,
     initialized pointers, and a dynamic loading function for Windows.
 
     Args:
+        header_file_path (str): The path to the DLL file.
         header_file_path (str): The path to the input C header file.
         output_h_path (str): The path for the generated C header output file.
         output_c_path (str): The path for the generated C source output file.
     """
+    print(f"Reading DLL file: {dll_file_path}")
+    dll_hash = hash_file(dll_file_path)
+    
     print(f"Reading header file: {header_file_path}")
     try:
         with open(header_file_path, 'r', encoding='utf-8') as f:
@@ -142,6 +155,8 @@ def generate_function_pointers(header_file_path, output_h_path, output_c_path):
         f.write("\n\n// --- Dynamic Loader Declaration for Windows ---\n")
         f.write("#if defined(_WIN32)\n")
         f.write('#include <windows.h> // For HMODULE\n')
+        f.write(f'\n// Google Analytics Windows DLL SHA256 hash, to be verified on load.')
+        f.write(f'\n#define FIREBASE_ANALYTICS_DYNAMIC_LIBRARY_HASH "{dll_hash}"\n')
         f.write(f'\n// Number of Google Analytics functions expected to be loaded from the DLL.')
         f.write(f'\n#define FIREBASE_ANALYTICS_DYNAMIC_FUNCTION_COUNT {len(function_details_for_loader)}\n\n')
         f.write('// Load Google Analytics functions from the given DLL handle into function pointers.\n')
@@ -205,6 +220,12 @@ def generate_function_pointers(header_file_path, output_h_path, output_c_path):
     parser = argparse.ArgumentParser(
         description="Generate C stubs and function pointers from a header file."
     )
+    parser.add_argument(
+        "--windows_dll",
+        default = os.path.join(os.path.dirname(sys.argv[0]), "windows/analytics_win.dll"),
+        #required=True,
+        help="Path to the DLL file to calculate a hash."
+    )
     parser.add_argument(
         "--windows_header",
         default = os.path.join(os.path.dirname(sys.argv[0]), "windows/include/public/c/analytics.h"),
@@ -223,10 +244,10 @@ def generate_function_pointers(header_file_path, output_h_path, output_c_path):
         #required=True,
         help="Path for the generated output source file."
     )
-    
     args = parser.parse_args()
     
     generate_function_pointers(
+        args.windows_dll,
         args.windows_header, 
         args.output_header, 
         args.output_source
diff --git a/analytics/src/analytics_desktop.cc b/analytics/src/analytics_desktop.cc
@@ -34,79 +34,9 @@ namespace firebase {
 namespace analytics {
 
 #if defined(_WIN32)
-#define ANALYTICS_DLL_DEFAULT_FILENAME L"analytics_win.dll"
-std::wstring g_analytics_dll_filename = ANALYTICS_DLL_DEFAULT_FILENAME;
-static HMODULE g_analytics_dll = 0;
-
-// Function to convert a UTF-8 string to a wide character (UTF-16) string.
-std::wstring Utf8ToWide(const std::string& utf8String) {
-  if (utf8String.empty()) {
-    return std::wstring();
-  }
-
-  // First, determine the required buffer size.
-  int wideCharCount = MultiByteToWideChar(
-      CP_UTF8,             // Source code page (UTF-8)
-      0,                   // Flags
-      utf8String.c_str(),  // Source UTF-8 string
-      -1,                  // -1 indicates the string is null-terminated
-      nullptr,             // No buffer provided, we're calculating the size
-      0                    // Requesting the buffer size
-  );
-
-  if (wideCharCount == 0) {
-    // Handle error: GetLastError() can provide more details.
-    LogError(
-        "Error determining buffer size for UTF-8 to wide char conversion.");
-    return std::wstring();
-  }
-
-  // Allocate the wide character string.
-  std::wstring wideString(wideCharCount, 0);
-
-  // Second, perform the actual conversion.
-  int result =
-      MultiByteToWideChar(CP_UTF8,             // Source code page (UTF-8)
-                          0,                   // Flags
-                          utf8String.c_str(),  // Source UTF-8 string
-                          -1,  // -1 indicates the string is null-terminated
-                          &wideString[0],  // Pointer to the destination buffer
-                          wideCharCount    // The size of the destination buffer
-      );
-
-  if (result == 0) {
-    // Handle error: GetLastError() can provide more details.
-    LogError("Error converting UTF-8 to wide char.");
-    return std::wstring();
-  }
-
-  // The returned wideString from MultiByteToWideChar will be null-terminated,
-  // but std::wstring handles its own length. We might need to resize it
-  // to remove the extra null character included in the count if we passed -1.
-  size_t pos = wideString.find(L'\0');
-  if (pos != std::wstring::npos) {
-    wideString.resize(pos);
-  }
-
-  return wideString;
-}
-
-void SetAnalyticsLibraryPath(const char* path) {
-  if (path) {
-    g_analytics_dll_filename = Utf8ToWide(path);
-  } else {
-    g_analytics_dll_filename = ANALYTICS_DLL_DEFAULT_FILENAME;
-  }
-}
+#define ANALYTICS_DLL_FILENAME L"analytics_win.dll"
 
-void SetAnalyticsLibraryPath(const wchar_t* path) {
-  if (path) {
-    g_analytics_dll_filename = path;
-  } else {
-    g_analytics_dll_filename = ANALYTICS_DLL_DEFAULT_FILENAME;
-  }
-}
-#endif
+static HMODULE g_analytics_module = 0;
 
 // Future data for analytics.
 // This is initialized in `Initialize()` and cleaned up in `Terminate()`.
@@ -127,14 +57,18 @@ void Initialize(const App& app) {
   g_fake_instance_id = 0;
 
 #if defined(_WIN32)
-  if (!g_analytics_dll) {
-    g_analytics_dll = LoadLibraryW(g_analytics_dll_filename.c_str());
-    if (g_analytics_dll) {
-      LogInfo("Loaded Google Analytics DLL");
+  if (!g_analytics_module) {
+    // Only allow the DLL to be loaded from the application directory.
+    g_analytics_module = LoadLibraryExW(ANALYTICS_DLL_FILENAME, NULL,
+                                        LOAD_LIBRARY_SEARCH_APPLICATION_DIR);
+    if (g_analytics_module) {
+      LogInfo("Loaded Google Analytics module");
       int num_loaded = FirebaseAnalytics_LoadDynamicFunctions(g_analytics_dll);
       if (num_loaded < FIREBASE_ANALYTICS_DYNAMIC_FUNCTION_COUNT) {
-        LogWarning("Only loaded %d out of %d expected functions from DLL.",
-                   num_loaded, FIREBASE_ANALYTICS_DYNAMIC_FUNCTION_COUNT);
+        LogWarning(
+            "Only loaded %d out of %d expected functions from the Google "
+            "Analytics module.",
+            num_loaded, FIREBASE_ANALYTICS_DYNAMIC_FUNCTION_COUNT);
       }
     } else {
       // Silently fail and continue in stub mode.
@@ -155,9 +89,9 @@ bool IsInitialized() { return g_initialized; }
 void Terminate() {
 #if defined(_WIN32)
   FirebaseAnalytics_UnloadDynamicFunctions();
-  if (g_analytics_dll) {
-    FreeLibrary(g_analytics_dll);
-    g_analytics_dll = 0;
+  if (g_analytics_module) {
+    FreeLibrary(g_analytics_module);
+    g_analytics_module = 0;
   }
 #endif
 
diff --git a/analytics/src/analytics_desktop_dynamic.h b/analytics/src/analytics_desktop_dynamic.h
@@ -116,6 +116,10 @@ extern void (*ptr_GoogleAnalytics_SetAnalyticsCollectionEnabled)(bool enabled);
 #if defined(_WIN32)
 #include <windows.h>  // For HMODULE
 
+// Google Analytics Windows DLL SHA256 hash, to be verified on load.
+#define FIREBASE_ANALYTICS_DYNAMIC_LIBRARY_HASH \
+  "c1b9ff6e9119c30bbeb7472326dcde418f45682e6b822e25eed922fe6e3cc698"
+
 // Number of Google Analytics functions expected to be loaded from the DLL.
 #define FIREBASE_ANALYTICS_DYNAMIC_FUNCTION_COUNT 19
 
diff --git a/analytics/src/include/firebase/analytics.h b/analytics/src/include/firebase/analytics.h
@@ -591,20 +591,6 @@ Future<int64_t> GetSessionId();
 /// app session.
 Future<int64_t> GetSessionIdLastResult();
 
-#ifdef INTERNAL_EXPERIMENTAL
-#if defined(_WIN32) || defined(DOXYGEN)
-/// Windows only: Specify the path to the Google Analytics Windows DLL.
-///
-/// @param path Path to the DLL, including filename, in UTF-8 format.
-void SetAnalyticsLibraryPath(const char* path);
-
-/// Windows only: Specify the path to the Google Analytics Windows DLL.
-///
-/// @param path Path to the DLL, including filename, in UTF-16 format.
-void SetAnalyticsLibraryPath(const wchar_t* path);
-#endif
-#endif
-
 }  // namespace analytics
 }  // namespace firebase
 
