[evolution] Increase safety on Windows Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProce

From: Fridrich Strba <strba src gnome org>
To: commits-list gnome org
Cc:
Subject: [evolution] Increase safety on Windows Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProce
Date: Wed, 15 Sep 2010 14:52:42 +0000 (UTC)
commit 64f53f1a536cd871b2948cbea30869d68b37f98e
Author: Fridrich Å trba <fridrich strba bluewin ch>
Date:   Wed Sep 15 16:49:01 2010 +0200

    Increase safety on Windows
    Call SetDllDirectory() to reduce risk of DLL hijacking, and call SetProcessDEPPolicy() to reduce risk of rogue code execution.

 addressbook/tools/evolution-addressbook-export.c |   36 ++++++++++++++++++++++
 calendar/gui/alarm-notify/notify-main.c          |   34 ++++++++++++++++++++-
 capplet/anjal-settings-main.c                    |   35 ++++++++++++++++++---
 plugins/backup-restore/backup.c                  |   36 ++++++++++++++++++++++
 shell/main.c                                     |   32 +++++++++++++++++--
 5 files changed, 164 insertions(+), 9 deletions(-)
---
diff --git a/addressbook/tools/evolution-addressbook-export.c b/addressbook/tools/evolution-addressbook-export.c
index 58831ed..9c495e5 100644
--- a/addressbook/tools/evolution-addressbook-export.c
+++ b/addressbook/tools/evolution-addressbook-export.c
@@ -30,6 +30,20 @@
 
 #include "evolution-addressbook-export.h"
 
+#ifdef G_OS_WIN32
+#ifdef DATADIR
+#undef DATADIR
+#endif
+#include <windows.h>
+#include <conio.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
+#endif
+
 /* Command-Line Options */
 static gchar *opt_output_file = NULL;
 static gboolean opt_list_folders_mode = FALSE;
@@ -75,6 +89,28 @@ main (gint argc, gchar **argv)
 	gint IsCSV = FALSE;
 	gint IsVCard = FALSE;
 
+#ifdef G_OS_WIN32
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
+#endif
+
 	g_type_init ();
 
 	/*i18n-lize */
diff --git a/calendar/gui/alarm-notify/notify-main.c b/calendar/gui/alarm-notify/notify-main.c
index 8c56aba..ad1a117 100644
--- a/calendar/gui/alarm-notify/notify-main.c
+++ b/calendar/gui/alarm-notify/notify-main.c
@@ -35,12 +35,24 @@
 #include <libedataserver/e-source.h>
 #include <libedataserverui/e-passwords.h>
 
-#include "e-util/e-util-private.h"
 #include "alarm.h"
 #include "alarm-queue.h"
 #include "alarm-notify.h"
 #include "config-data.h"
 
+#ifdef G_OS_WIN32
+#include <windows.h>
+#include <conio.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
+#endif
+
+#include "e-util/e-util-private.h"
+
 gint
 main (gint argc, gchar **argv)
 {
@@ -49,6 +61,26 @@ main (gint argc, gchar **argv)
 	UniqueApp *app;
 #ifdef G_OS_WIN32
 	gchar *path;
+
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
 #endif
 
 	bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR);
diff --git a/capplet/anjal-settings-main.c b/capplet/anjal-settings-main.c
index f380e2b..eb9ccce 100644
--- a/capplet/anjal-settings-main.c
+++ b/capplet/anjal-settings-main.c
@@ -43,10 +43,16 @@
 #ifdef DATADIR
 #undef DATADIR
 #endif
-#include <io.h>
-#include <conio.h>
-#define _WIN32_WINNT 0x0501
+#define _WIN32_WINNT 0x0601
 #include <windows.h>
+#include <conio.h>
+#include <io.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
 #endif
 
 #include <unique/unique.h>
@@ -176,14 +182,33 @@ main (gint argc, gchar *argv[])
 	UniqueApp *app;
 
 #ifdef G_OS_WIN32
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
+
 	if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) {
 		/* stdout is fine, presumably redirected to a file or pipe */
 	} else {
 		typedef BOOL (* WINAPI AttachConsole_t) (DWORD);
 
 		AttachConsole_t p_AttachConsole =
-			(AttachConsole_t) GetProcAddress (
-			GetModuleHandle ("kernel32.dll"), "AttachConsole");
+			(AttachConsole_t) GetProcAddress (GetModuleHandle ("kernel32.dll"), "AttachConsole");
 
 		if (p_AttachConsole && p_AttachConsole (ATTACH_PARENT_PROCESS)) {
 			freopen ("CONOUT$", "w", stdout);
diff --git a/plugins/backup-restore/backup.c b/plugins/backup-restore/backup.c
index 104afe7..dcfe20c 100644
--- a/plugins/backup-restore/backup.c
+++ b/plugins/backup-restore/backup.c
@@ -30,6 +30,20 @@
 #include <glib/gi18n.h>
 #include <gtk/gtk.h>
 
+#ifdef G_OS_WIN32
+#ifdef DATADIR
+#undef DATADIR
+#endif
+#include <windows.h>
+#include <conio.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
+#endif
+
 #include "e-util/e-util-private.h"
 #include "e-util/e-util.h"
 
@@ -408,6 +422,28 @@ main (gint argc, gchar **argv)
 	gint i;
 	GError *error = NULL;
 
+#ifdef G_OS_WIN32
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
+#endif
+
 	bindtextdomain (GETTEXT_PACKAGE, EVOLUTION_LOCALEDIR);
 	bind_textdomain_codeset (GETTEXT_PACKAGE, "UTF-8");
 	textdomain (GETTEXT_PACKAGE);
diff --git a/shell/main.c b/shell/main.c
index 3e922a4..a24e618 100644
--- a/shell/main.c
+++ b/shell/main.c
@@ -36,10 +36,16 @@
 #ifdef DATADIR
 #undef DATADIR
 #endif
-#include <io.h>
-#include <conio.h>
-#define _WIN32_WINNT 0x0501
+#define _WIN32_WINNT 0x0601
 #include <windows.h>
+#include <conio.h>
+#include <io.h>
+#ifndef PROCESS_DEP_ENABLE
+#define PROCESS_DEP_ENABLE 0x00000001
+#endif
+#ifndef PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION
+#define PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION 0x00000002
+#endif
 #endif
 
 #include <gconf/gconf-client.h>
@@ -444,6 +450,26 @@ main (gint argc, gchar **argv)
 #ifdef G_OS_WIN32
 	gchar *path;
 
+	/* Reduce risks */
+	{
+		typedef BOOL (WINAPI *t_SetDllDirectoryA) (LPCSTR lpPathName);
+		t_SetDllDirectoryA p_SetDllDirectoryA;
+
+		p_SetDllDirectoryA = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetDllDirectoryA");
+		if (p_SetDllDirectoryA)
+			(*p_SetDllDirectoryA) ("");
+	}
+#ifndef _WIN64
+	{
+		typedef BOOL (WINAPI *t_SetProcessDEPPolicy) (DWORD dwFlags);
+		t_SetProcessDEPPolicy p_SetProcessDEPPolicy;
+
+		p_SetProcessDEPPolicy = GetProcAddress (GetModuleHandle ("kernel32.dll"), "SetProcessDEPPolicy");
+		if (p_SetProcessDEPPolicy)
+			(*p_SetProcessDEPPolicy) (PROCESS_DEP_ENABLE|PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);
+	}
+#endif
+
 	if (fileno (stdout) != -1 && _get_osfhandle (fileno (stdout)) != -1) {
 		/* stdout is fine, presumably redirected to a file or pipe */
 	} else {
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]