diff options
author | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
---|---|---|
committer | Fridrich Štrba <fridrich.strba@bluewin.ch> | 2010-09-15 22:49:01 +0800 |
commit | 64f53f1a536cd871b2948cbea30869d68b37f98e (patch) | |
tree | 9a23c1d30d0bc30cefb73d1489b2a62149cc9592 | |
parent | 5310e4a0b10ded4c77ce9dfaff49d3e99e327462 (diff) | |
download | gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.gz gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.bz2 gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.lz gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.xz gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.tar.zst gsoc2013-evolution-64f53f1a536cd871b2948cbea30869d68b37f98e.zip |
Increase safety on Windows
Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.
-rw-r--r-- | addressbook/tools/evolution-addressbook-export.c | 36 | ||||
-rw-r--r-- | calendar/gui/alarm-notify/notify-main.c | 34 | ||||
-rw-r--r-- | capplet/anjal-settings-main.c | 35 | ||||
-rw-r--r-- | plugins/backup-restore/backup.c | 36 | ||||
-rw-r--r-- | shell/main.c | 32 |
5 files changed, 164 insertions, 9 deletions
diff --git a/addressbook/tools/evolution-addressbook-export.c b/addressbook/tools/evolution-addressbook-export.c index 58831ed16c..9c495e5b5f 100644 --- a/addressbook/tools/evolution-addressbook-export.c +++ b/addressbook/tools/evolution-addressbook-export.c @@ -30,6 +30,20 @@ #include "evolution-addressbook-export.h" +#ifdef G_OS_WIN32 +#ifdef DATADIR +#undef DATADIR +#endif +#include <windows.h> +#include <conio.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif +#endif + /* Command-Line Options */ static gchar *opt_output_file = NULL; static gboolean opt_list_folders_mode = FALSE; @@ -75,6 +89,28 @@ main (gint argc, gchar **argv) gint IsCSV = FALSE; gint IsVCard = FALSE; +#ifdef G_OS_WIN32 + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif +#endif + g_type_init (); /*i18n-lize */ diff --git a/calendar/gui/alarm-notify/notify-main.c b/calendar/gui/alarm-notify/notify-main.c index 8c56abaff2..ad1a1178f8 100644 --- a/calendar/gui/alarm-notify/notify-main.c +++ b/calendar/gui/alarm-notify/notify-main.c @@ -35,12 +35,24 @@ #include <libedataserver/e-source.h> #include <libedataserverui/e-passwords.h> -#include "e-util/e-util-private.h" #include "alarm.h" #include "alarm-queue.h" #include "alarm-notify.h" #include "config-data.h" +#ifdef G_OS_WIN32 +#include <windows.h> +#include <conio.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif +#endif + +#include "e-util/e-util-private.h" + gint main (gint argc, gchar **argv) { @@ -49,6 +61,26 @@ main (gint argc, gchar **argv) UniqueApp *app; #ifdef G_OS_WIN32 gchar *path; + + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif #endif bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR); diff --git a/capplet/anjal-settings-main.c b/capplet/anjal-settings-main.c index f380e2bf7a..eb9ccce6a9 100644 --- a/capplet/anjal-settings-main.c +++ b/capplet/anjal-settings-main.c @@ -43,10 +43,16 @@ #ifdef DATADIR #undef DATADIR #endif -#include <io.h> -#include <conio.h> -#define _WIN32_WINNT 0x0501 +#define _WIN32_WINNT 0x0601 #include <windows.h> +#include <conio.h> +#include <io.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif #endif #include <unique/unique.h> @@ -176,14 +182,33 @@ main (gint argc, gchar *argv[]) UniqueApp *app; #ifdef G_OS_WIN32 + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif + if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) { /* stdout is fine, presumably redirected to a file or pipe */ } else { typedef BOOL (* WINAPI AttachConsole_t) (DWORD); AttachConsole_t p_AttachConsole = - (AttachConsole_t) GetProcAddress ( - GetModuleHandle ("kernel32.dll"), "AttachConsole"); + (AttachConsole_t) GetProcAddress (GetModuleHandle ("kernel32.dll"), "AttachConsole"); if (p_AttachConsole && p_AttachConsole (ATTACH_PARENT_PROCESS)) { freopen ("CONOUT$", "w", stdout); diff --git a/plugins/backup-restore/backup.c b/plugins/backup-restore/backup.c index 104afe7166..dcfe20c5d9 100644 --- a/plugins/backup-restore/backup.c +++ b/plugins/backup-restore/backup.c @@ -30,6 +30,20 @@ #include <glib/gi18n.h> #include <gtk/gtk.h> +#ifdef G_OS_WIN32 +#ifdef DATADIR +#undef DATADIR +#endif +#include <windows.h> +#include <conio.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif +#endif + #include "e-util/e-util-private.h" #include "e-util/e-util.h" @@ -408,6 +422,28 @@ main (gint argc, gchar **argv) gint i; GError *error = NULL; +#ifdef G_OS_WIN32 + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif +#endif + bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR); bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); textdomain (GETTEXT_PACKAGE); diff --git a/shell/main.c b/shell/main.c index 3e922a488a..a24e618ef0 100644 --- a/shell/main.c +++ b/shell/main.c @@ -36,10 +36,16 @@ #ifdef DATADIR #undef DATADIR #endif -#include <io.h> -#include <conio.h> -#define _WIN32_WINNT 0x0501 +#define _WIN32_WINNT 0x0601 #include <windows.h> +#include <conio.h> +#include <io.h> +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif #endif #include <gconf/gconf-client.h> @@ -444,6 +450,26 @@ main (gint argc, gchar **argv) #ifdef G_OS_WIN32 gchar *path; + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif + if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) { /* stdout is fine, presumably redirected to a file or pipe */ } else { |