From 895409011f20d6a08da75ac8dde44ad5e9ba1371 Mon Sep 17 00:00:00 2001
From: John Brooks <special@dereferenced.net>
Date: Thu, 6 Jan 2011 22:08:27 -0700
Subject: Enable ASLR and permanent DEP for Windows executables

Fix for #2358
---
 configure.in  | 14 ++++++++++++++
 src/or/main.c | 13 +++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/configure.in b/configure.in
index 7c6a8a484e..9cbfbb1ca5 100644
--- a/configure.in
+++ b/configure.in
@@ -848,6 +848,20 @@ AC_SUBST(BINDIR)
 LOCALSTATEDIR=`eval echo $localstatedir`
 AC_SUBST(LOCALSTATEDIR)
 
+if test "$bwin32" = true; then
+  # Test if the linker supports the --nxcompat and --dynamicbase options
+  # for Windows
+  save_LDFLAGS="$LDFLAGS"
+  LDFLAGS="-Wl,--nxcompat -Wl,--dynamicbase"
+  AC_MSG_CHECKING([whether the linker supports DllCharacteristics])
+  AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+    [AC_MSG_RESULT([yes])]
+    [save_LDFLAGS="$save_LDFLAGS $LDFLAGS"],
+    [AC_MSG_RESULT([no])]
+  )
+  LDFLAGS="$save_LDFLAGS"
+fi
+
 # Set CFLAGS _after_ all the above checks, since our warnings are stricter
 # than autoconf's macros like.
 if test "$GCC" = yes; then
diff --git a/src/or/main.c b/src/or/main.c
index 4b512905c3..979a2bec5c 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -2194,6 +2194,19 @@ tor_main(int argc, char *argv[])
   }
 #endif
 
+#ifdef MS_WINDOWS
+  /* Call SetProcessDEPPolicy to permanently enable DEP.
+     The function will not resolve on earlier versions of Windows,
+     and failure is not dangerous. */
+  HMODULE hMod = GetModuleHandleA("Kernel32.dll");
+  if (hMod) {
+    typedef BOOL (WINAPI *PSETDEP)(DWORD);
+    PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
+                           "SetProcessDEPPolicy");
+    if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+  }
+#endif
+
   update_approx_time(time(NULL));
   tor_threads_init();
   init_logging();
-- 
cgit v1.2.3-54-g00ecf