diff options
author | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
---|---|---|
committer | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
commit | 64f53f1a536cd871b2948cbea30869d68b37f98e (patch) | |
tree | 9a23c1d30d0bc30cefb73d1489b2a62149cc9592 /shell/main.c | |
parent | 5310e4a0b10ded4c77ce9dfaff49d3e99e327462 (diff) | |
download | gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.gz gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.zst gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.zip |
Increase safety on Windows
Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.
Diffstat (limited to 'shell/main.c')
-rw-r--r-- | shell/main.c | 32 |
1 files changed, 29 insertions, 3 deletions
diff --git a/shell/main.c b/shell/main.c index 3e922a488a..a24e618ef0 100644 --- a/shell/main.c +++ b/shell/main.c @@ -36,10 +36,16 @@ #ifdef DATADIR #undef DATADIR #endif -#include <io.h> -#include <conio.h> -#define _WIN32_WINNT 0x0501 +#define _WIN32_WINNT 0x0601 #include <windows.h> +#include <conio.h> +#include <io.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif #endif #include <gconf/gconf-client.h> @@ -444,6 +450,26 @@ main (gint argc, gchar **argv) #ifdef G_OS_WIN32 gchar *path; + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif + if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) { /* stdout is fine, presumably redirected to a file or pipe */ } else { |