aboutsummaryrefslogtreecommitdiffstats
path: root/shell/main.c
diff options
context:
space:
mode:
authorFridrich Štrba <fridrich.strba@bluewin.ch>2010-09-15 22:49:01 +0800
committerFridrich Štrba <fridrich.strba@bluewin.ch>2010-09-15 22:49:01 +0800
commit64f53f1a536cd871b2948cbea30869d68b37f98e (patch)
tree9a23c1d30d0bc30cefb73d1489b2a62149cc9592 /shell/main.c
parent5310e4a0b10ded4c77ce9dfaff49d3e99e327462 (diff)
downloadgsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.gz
gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.zst
gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.zip
Increase safety on Windows
Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.
Diffstat (limited to 'shell/main.c')
-rw-r--r--shell/main.c32
1 files changed, 29 insertions, 3 deletions
diff --git a/shell/main.c b/shell/main.c
index 3e922a488a..a24e618ef0 100644
--- a/shell/main.c
+++ b/shell/main.c
@@ -36,10 +36,16 @@
#ifdef DATADIR
#undef DATADIR
#endif
-#include <io.h>
-#include <conio.h>
-#define _WIN32_WINNT 0x0501
+#define _WIN32_WINNT 0x0601
#include <windows.h>
+#include <conio.h>
+#include <io.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
#endif
#include <gconf/gconf-client.h>
@@ -444,6 +450,26 @@ main (gint argc, gchar **argv)
#ifdef G_OS_WIN32
gchar *path;
+ /* Reduce risks */
+ {
+ typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+ t_SetDllDirectoryA p_SetDllDirectoryA;
+
+ p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+ if (p_SetDllDirectoryA)
+ (*p_SetDllDirectoryA) ("");
+ }
+#ifndef _WIN64
+ {
+ typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+ t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+ p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+ if (p_SetProcessDEPPolicy)
+ (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+ }
+#endif
+
if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) {
/* stdout is fine, presumably redirected to a file or pipe */
} else {