From 64f53f1a536cd871b2948cbea30869d68b37f98e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fridrich=20=C5=A0trba?= Date: Wed, 15 Sep 2010 16:49:01 +0200 Subject: Increase safety on Windows Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution. --- plugins/backup-restore/backup.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'plugins/backup-restore') diff --git a/plugins/backup-restore/backup.c b/plugins/backup-restore/backup.c index 104afe7166..dcfe20c5d9 100644 --- a/plugins/backup-restore/backup.c +++ b/plugins/backup-restore/backup.c @@ -30,6 +30,20 @@ #include #include +#ifdef G_OS_WIN32 +#ifdef DATADIR +#undef DATADIR +#endif +#include +#include +#ifndef PROCESS_DEP_ENABLE +#define PROCESS_DEP_ENABLE 0x00000001 +#endif +#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION +#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002 +#endif +#endif + #include "e-util/e-util-private.h" #include "e-util/e-util.h" @@ -408,6 +422,28 @@ main (gint argc, gchar **argv) gint i; GError *error = NULL; +#ifdef G_OS_WIN32 + /* Reduce risks */ + { + typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName); + t_SetDllDirectoryA p_SetDllDirectoryA; + + p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA"); + if (p_SetDllDirectoryA) + (*p_SetDllDirectoryA) (""); + } +#ifndef _WIN64 + { + typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags); + t_SetProcessDEPPolicy p_SetProcessDEPPolicy; + + p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy"); + if (p_SetProcessDEPPolicy) + (*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION); + } +#endif +#endif + bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR); bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8"); textdomain (GETTEXT_PACKAGE); -- cgit v1.2.3