From 503f101d2b1d8dfdd17cc2aa79fc10d79eecd04c Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 11 May 2017 16:39:02 -0400
Subject: [PATCH 1/2] Enable some windows hardening features

One (HeapEnableTerminationOnCorruption) is on-by-default since win8;
the other (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) supposedly only
affects ATL, which (we think) we don't use.  Still, these are good
hygiene. Closes ticket 21953.
---
 changes/ticket21953 | 6 ++++++
 src/or/main.c       | 7 ++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 changes/ticket21953

diff --git a/changes/ticket21953 b/changes/ticket21953
new file mode 100644
index 000000000..7cc84f506
--- /dev/null
+++ b/changes/ticket21953
@@ -0,0 +1,6 @@
+  o Minor features:
+    - Enable a couple of pieces of Windows hardening: one
+      (HeapEnableTerminationOnCorruption) that has been on-by-default since
+      Windows 8, and unavailable before Windows 7, and one
+      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+      affect us, but shouldn't do any harm. Closes ticket 21953.
diff --git a/src/or/main.c b/src/or/main.c
index 66a857190..2de8ed29a 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3426,6 +3426,8 @@ tor_main(int argc, char *argv[])
   int result = 0;
 
 #ifdef _WIN32
+  /* On heap corruption, just give up; don't try to play along. */
+  HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
   /* Call SetProcessDEPPolicy to permanently enable DEP.
      The function will not resolve on earlier versions of Windows,
      and failure is not dangerous. */
@@ -3434,7 +3436,10 @@ tor_main(int argc, char *argv[])
     typedef BOOL (WINAPI *PSETDEP)(DWORD);
     PSETDEP setdeppolicy = (PSETDEP)GetProcAddress(hMod,
                            "SetProcessDEPPolicy");
-    if (setdeppolicy) setdeppolicy(1); /* PROCESS_DEP_ENABLE */
+    if (setdeppolicy) {
+      /* PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION */
+      setdeppolicy(3);
+    }
   }
 #endif
 

From 15cc41e6649009ccd92d927850f918b962ee35d6 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 19 May 2017 06:44:13 -0400
Subject: [PATCH 2/2] Define HeapEnableTerminationOnCorruption if the headers
 don't.

MSDN says that it's always going to be 1, and they're usually pretty
accurate about that.

Fixes a bug in 21953.
---
 src/or/main.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/or/main.c b/src/or/main.c
index 2de8ed29a..187b255bf 100644
--- a/src/or/main.c
+++ b/src/or/main.c
@@ -3426,6 +3426,9 @@ tor_main(int argc, char *argv[])
   int result = 0;
 
 #ifdef _WIN32
+#ifndef HeapEnableTerminationOnCorruption
+#define HeapEnableTerminationOnCorruption 1
+#endif
   /* On heap corruption, just give up; don't try to play along. */
   HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);
   /* Call SetProcessDEPPolicy to permanently enable DEP.