From 64f53f1a536cd871b2948cbea30869d68b37f98e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fridrich=20=C5=A0trba?= <fridrich.strba@bluewin.ch>
Date: Wed, 15 Sep 2010 16:49:01 +0200
Subject: Increase safety on Windows Call SetDllDirectory() to reduce risk of
 DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code
 execution.

---
 shell/main.c | 32 +++++++++++++++++++++++++++++---
 1 file changed, 29 insertions(+), 3 deletions(-)

(limited to 'shell/main.c')

diff --git a/shell/main.c b/shell/main.c
index 3e922a488a..a24e618ef0 100644
--- a/shell/main.c
+++ b/shell/main.c
@@ -36,10 +36,16 @@
 #ifdef DATADIR
 #undef DATADIR
 #endif
-#include <io.h>
-#include <conio.h>
-#define _WIN32_WINNT 0x0501
+#define _WIN32_WINNT 0x0601
 #include <windows.h>
+#include <conio.h>
+#include <io.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
 #endif
 
 #include <gconf/gconf-client.h>
@@ -444,6 +450,26 @@ main (gint argc, gchar **argv)
 #ifdef G_OS_WIN32
 	gchar *path;
 
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
+
 	if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) {
 		/* stdout is fine, presumably redirected to a file or pipe */
 	} else {
-- 
cgit v1.2.3