From 55580d33b7df01231941cda26d8ac1bcdaaa603d Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <chipitsine@gmail.com>
Date: Sat, 23 Jul 2022 10:07:29 +0500
Subject: [PATCH] adjust build options to harden binaries

enable hardware-enforced stack protection on
compatible hardware/software (/CETCOMPAT linker option)

enable QSpectre protection

enable Control Flow Guard

issues were found by Microsoft BinSkim
---
 CMakeLists.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 8e56f1c..fc8d1b8 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -35,6 +35,15 @@ find_package(OpenSSL REQUIRED)
 
 set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -DDEBUG")
 
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /guard:cf")
+set(CMAKE_EXE_LINKER_FLAGS  "${CMAKE_EXE_LINKER_FLAGS} /guard:cf /DYNAMICBASE")
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre")
+
+if(NOT (${CMAKE_C_COMPILER_ARCHITECTURE_ID} STREQUAL "ARM64"))
+    set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /CETCOMPAT")
+endif()
+
 target_link_libraries(${PROJECT_NAME} PRIVATE
     OpenSSL::SSL
     Wtsapi32.lib