Enable ASLR and permanent DEP for Windows executables

Fix for #2358

diff --git a/configure.in b/configure.in
index 7c6a8a484e2ad9c1b46c495fec5028f953059a7d..9cbfbb1ca5f5bbaa439d0dd64d9e30ac933ac1b8 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -848,6 +848,20 @@ AC_SUBST(BINDIR)
 LOCALSTATEDIR=`eval echo $localstatedir`
 AC_SUBST(LOCALSTATEDIR)
 
+if test "$bwin32" = true; then
+  # Test if the linker supports the --nxcompat and --dynamicbase options
+  # for Windows
+  save_LDFLAGS="$LDFLAGS"
+  LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
+  AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+    [AC_MSG_RESULT([yes])]
+    [save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
+    [AC_MSG_RESULT([no])]
+  )
+  LDFLAGS="$save_LDFLAGS"
+fi
+
 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
 # than autoconf's macros like.
 if test "$GCC" = yes; then

diff --git a/src/or/main.c b/src/or/main.c
index 4b512905c36586c7564a8a1df3ee0f7a87fe6536..979a2bec5cac612f90e7df856a21a571dd3fe1fc 100644 (file)
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2194,6 +2194,19 @@ tor_main(int argc, char *argv[])
   }
 #endif
 
+#ifdef MS_WINDOWS
+  /* Call SetProcessDEPPolicy to permanently enable DEP.
+     The function will not resolve on earlier versions of Windows,
+     and failure is not dangerous. */
+  HMODULE hMod = GetModuleHandleA("Kernel32.dll");
+  if (hMod) {
+    typedef BOOL (WINAPI *PSETDEP)(DWORD);
+    PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
+                           "SetProcessDEPPolicy");
+    if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+  }
+#endif
+
   update_approx_time(time(NULL));
   tor_threads_init();
   init_logging();