diff options
| author | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
|---|---|---|
| committer | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
| commit | 64f53f1a536cd871b2948cbea30869d68b37f98e (patch) | |
| tree | 9a23c1d30d0bc30cefb73d1489b2a62149cc9592 /capplet | |
| parent | 5310e4a0b10ded4c77ce9dfaff49d3e99e327462 (diff) | |
| download | gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.gz gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.zst gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.zip | |
Increase safety on Windows
Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.
Diffstat (limited to 'capplet')
| -rw-r--r-- | capplet/anjal-settings-main.c | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/capplet/anjal-settings-main.c b/capplet/anjal-settings-main.c index f380e2bf7a..eb9ccce6a9 100644 --- a/capplet/anjal-settings-main.c +++ b/capplet/anjal-settings-main.c @@ -43,10 +43,16 @@ #ifdef DATADIR #undef DATADIR #endif -#include <io.h> -#include <conio.h> -#define _WIN32_WINNT 0x0501 +#define _WIN32_WINNT 0x0601 #include <windows.h> +#include <conio.h> +#include <io.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif #endif #include <unique/unique.h> @@ -176,14 +182,33 @@ main (gint argc, gchar *argv[]) UniqueApp *app; #ifdef G_OS_WIN32 + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif + if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) { /* stdout is fine, presumably redirected to a file or pipe */ } else { typedef BOOL (* WINAPI AttachConsole_t) (DWORD); AttachConsole_t p_AttachConsole = - (AttachConsole_t) GetProcAddress ( - GetModuleHandle ("kernel32.dll"), "AttachConsole"); + (AttachConsole_t) GetProcAddress (GetModuleHandle ("kernel32.dll"), "AttachConsole"); if (p_AttachConsole && p_AttachConsole (ATTACH_PARENT_PROCESS)) { freopen ("CONOUT$", "w", stdout); |