diff options
author | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-02 02:52:09 +0000 |
---|---|---|
committer | jschuh@chromium.org <jschuh@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-10-02 02:52:09 +0000 |
commit | 7b1686c70456dd6bca6bdf4f2733fd9dd7ad3d32 (patch) | |
tree | 40c3bb242a05c1fc5e643c5138966f95a0a8d7af /sandbox/win | |
parent | 618b62458bb7f59f1f416cd57481c7c62fd9f41c (diff) | |
download | chromium_src-7b1686c70456dd6bca6bdf4f2733fd9dd7ad3d32.zip chromium_src-7b1686c70456dd6bca6bdf4f2733fd9dd7ad3d32.tar.gz chromium_src-7b1686c70456dd6bca6bdf4f2733fd9dd7ad3d32.tar.bz2 |
Improve error handling in ApplyProcessMitigationsToCurrentProcess
BUG=153399
Review URL: https://codereview.chromium.org/11036009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@159632 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'sandbox/win')
-rw-r--r-- | sandbox/win/src/process_mitigations.cc | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/sandbox/win/src/process_mitigations.cc b/sandbox/win/src/process_mitigations.cc index 8390c51..f569479 100644 --- a/sandbox/win/src/process_mitigations.cc +++ b/sandbox/win/src/process_mitigations.cc @@ -34,30 +34,39 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { if (!IsXPSP2OrLater()) return true; + base::win::Version version = base::win::GetVersion(); HMODULE module = ::GetModuleHandleA("kernel32.dll"); - if (flags & MITIGATION_DLL_SEARCH_ORDER) { + if (version >= base::win::VERSION_VISTA && + (flags & MITIGATION_DLL_SEARCH_ORDER)) { SetDefaultDllDirectoriesFunction set_default_dll_directories = reinterpret_cast<SetDefaultDllDirectoriesFunction>( ::GetProcAddress(module, "SetDefaultDllDirectories")); // Check for SetDefaultDllDirectories since it requires KB2533623. if (set_default_dll_directories) { - if (!set_default_dll_directories(LOAD_LIBRARY_SEARCH_DEFAULT_DIRS)) + if (!set_default_dll_directories(LOAD_LIBRARY_SEARCH_DEFAULT_DIRS) && + ERROR_ACCESS_DENIED != ::GetLastError()) { return false; + } } } // Set the heap to terminate on corruption - if (flags & MITIGATION_HEAP_TERMINATE) { + if (version >= base::win::VERSION_VISTA && + (flags & MITIGATION_HEAP_TERMINATE)) { if (!::HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, - NULL, 0)) + NULL, 0) && + ERROR_ACCESS_DENIED != ::GetLastError()) { return false; + } } #if !defined(_WIN64) // DEP is always enabled on 64-bit. if (flags & MITIGATION_DEP) { DWORD dep_flags = PROCESS_DEP_ENABLE; + // DEP support is quirky on XP, so don't force a failure in that case. + const bool return_on_fail = version >= base::win::VERSION_VISTA; if (flags & MITIGATION_DEP_NO_ATL_THUNK) dep_flags |= PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION; @@ -67,7 +76,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { ::GetProcAddress(module, "SetProcessDEPPolicy")); if (set_process_dep_policy) { if (!set_process_dep_policy(dep_flags) && - ERROR_ACCESS_DENIED != ::GetLastError()) { + ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) { return false; } } else { @@ -89,7 +98,7 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { if (!SUCCEEDED(set_information_process(GetCurrentProcess(), ProcessExecuteFlags, &dep, sizeof(dep))) && - ERROR_ACCESS_DENIED != ::GetLastError()) { + ERROR_ACCESS_DENIED != ::GetLastError() && return_on_fail) { return false; } } @@ -97,7 +106,6 @@ bool ApplyProcessMitigationsToCurrentProcess(MitigationFlags flags) { #endif // This is all we can do in Win7 and below. - base::win::Version version = base::win::GetVersion(); if (version < base::win::VERSION_WIN8) return true; |