Increase safety on Windows

Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.
2010-09-02 18:38:06 +03:00 · 2010-09-02 18:38:06 +03:00 · 24386abb3b
parent bfce429d24
commit 24386abb3b
1 changed files with 28 additions and 0 deletions
--- a/app/main.c
+++ b/app/main.c
@ -60,6 +60,10 @@
 #include "version.h"

 #ifdef G_OS_WIN32
+/* To get PROCESS_DEP_* defined we need _WIN32_WINNT at 0x0601. We still
+ * use the API optionally only if present, though.
+ */
+#define _WIN32_WINNT 0x0601
 #include <windows.h>
 #include <conio.h>
 #endif
@ -279,6 +283,30 @@ main (int    argc,
  argv = __argv;
 #endif

+#ifdef G_OS_WIN32
+  /* Reduce risks */
+  {
+    typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+    t_SetDllDirectoryA p_SetDllDirectoryA;
+
+    p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"),
+					 "SetDllDirectoryA");
+    if (p_SetDllDirectoryA)
+      (*p_SetDllDirectoryA) ("");
+  }
+#ifndef _WIN64
+  {
+    typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+    t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+    p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"),
+					    "SetProcessDEPPolicy");
+    if (p_SetProcessDEPPolicy)
+      (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+  }
+#endif
+#endif
+
  g_thread_init (NULL);

 #ifdef GIMP_UNSTABLE