From: John Brooks <special@dereferenced.net>
Date: Fri, 7 Jan 2011 05:08:27 +0000 (-0700)
Subject: Enable ASLR and permanent DEP for Windows executables
X-Git-Tag: tor-0.2.2.23-alpha~11^2~13
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=895409011f20d6a08da75ac8dde44ad5e9ba1371;p=thirdparty%2Ftor.git

Enable ASLR and permanent DEP for Windows executables

Fix for #2358
---

diff --git a/configure.in b/configure.in
index 7c6a8a484e..9cbfbb1ca5 100644
--- a/configure.in
+++ b/configure.in
@@ -848,6 +848,20 @@ AC_SUBST(BINDIR)
 LOCALSTATEDIR=`eval echo $localstatedir`
 AC_SUBST(LOCALSTATEDIR)
 
+if test "$bwin32" = true; then
+  # Test if the linker supports the --nxcompat and --dynamicbase options
+  # for Windows
+  save_LDFLAGS="$LDFLAGS"
+  LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
+  AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+    [AC_MSG_RESULT([yes])]
+    [save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
+    [AC_MSG_RESULT([no])]
+  )
+  LDFLAGS="$save_LDFLAGS"
+fi
+
 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
 # than autoconf's macros like.
 if test "$GCC" = yes; then
diff --git a/src/or/main.c b/src/or/main.c
index 4b512905c3..979a2bec5c 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2194,6 +2194,19 @@ tor_main(int argc, char *argv[])
   }
 #endif
 
+#ifdef MS_WINDOWS
+  /* Call SetProcessDEPPolicy to permanently enable DEP.
+     The function will not resolve on earlier versions of Windows,
+     and failure is not dangerous. */
+  HMODULE hMod = GetModuleHandleA("Kernel32.dll");
+  if (hMod) {
+    typedef BOOL (WINAPI *PSETDEP)(DWORD);
+    PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
+                           "SetProcessDEPPolicy");
+    if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+  }
+#endif
+
   update_approx_time(time(NULL));
   tor_threads_init();
   init_logging();