diff options
| author | Christophe Fergeau <cfergeau@redhat.com> | 2017-12-19 15:54:22 +0100 |
|---|---|---|
| committer | Frediano Ziglio <fziglio@redhat.com> | 2017-12-20 14:32:57 +0000 |
| commit | e0be5c99c4a4935418e6f395a2e8a57227ee2a05 (patch) | |
| tree | 96f49389ab2d949f7a928958b71599fe11053380 | |
| parent | 4dc66b7794ae9aa457d2766bb7b30012d67082f8 (diff) | |
Properly quote path to service binaries
If these paths are unquoted, and the path contains spaces (C:\Program
Files (x86)\...), this could be exploited by putting a binary with a
crafted name (C:\Program.exe), leading to privilege escalation as this
is a service that is being started.
https://www.commonexploits.com/unquoted-service-paths/
Bug reported by Chris Moberly
Acked-by: Frediano Ziglio <fziglio@redhat.com>
| -rw-r--r-- | win-guest-tools.nsis | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/win-guest-tools.nsis b/win-guest-tools.nsis index c54608a..19d45a3 100644 --- a/win-guest-tools.nsis +++ b/win-guest-tools.nsis @@ -114,7 +114,7 @@ Section "install" CreateDirectory "$INSTDIR\hooks\after_migration" CreateDirectory "$INSTDIR\hooks\before_migration" - ExecWait "$INSTDIR\vcredist_x86.exe /q" + ExecWait '"$INSTDIR\vcredist_x86.exe" /q' !endif SetOutPath "$INSTDIR\32" @@ -414,7 +414,7 @@ Function InstallService ${endif} DetailPrint "Installing $R2 service" - SimpleSC::InstallService $R0 $R2 16 2 $R1 "" "" "" + SimpleSC::InstallService $R0 $R2 16 2 '"$R1"' "" "" "" Pop $0 ${if} $0 != 0 DetailPrint "Failed to install $R2 service: $0" |