commit c928fb988a6679cc5aca380bcc568b165e5f7c4a
parent 9666c620d584b2c715596b415a808941b17cbda0
Author: Nick Mathewson <nickm@torproject.org>
Date: Mon, 13 Nov 2017 11:13:18 -0500
Merge branch 'ticket21953_029' into maint-0.2.9
Diffstat:
2 files changed, 15 insertions(+), 1 deletion(-)
diff --git a/changes/ticket21953 b/changes/ticket21953
@@ -0,0 +1,6 @@
+ o Minor features:
+ - Enable a couple of pieces of Windows hardening: one
+ (HeapEnableTerminationOnCorruption) that has been on-by-default since
+ Windows 8, and unavailable before Windows 7, and one
+ (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+ affect us, but shouldn't do any harm. Closes ticket 21953.
diff --git a/src/or/main.c b/src/or/main.c
@@ -3426,6 +3426,11 @@ tor_main(int argc, char *argv[])
int result = 0;
#ifdef _WIN32
+#ifndef HeapEnableTerminationOnCorruption
+#define HeapEnableTerminationOnCorruption 1
+#endif
+ /* On heap corruption, just give up; don't try to play along. */
+ HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
/* Call SetProcessDEPPolicy to permanently enable DEP.
The function will not resolve on earlier versions of Windows,
and failure is not dangerous. */
@@ -3434,7 +3439,10 @@ tor_main(int argc, char *argv[])
typedef BOOL (WINAPI *PSETDEP)(DWORD);
PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
"SetProcessDEPPolicy");
- if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+ if (setdeppolicy) {
+ /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
+ setdeppolicy(3);
+ }
}
#endif
