rayelliott
/
barrier
mirror of https://github.com/debauchee/barrier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

fixed: exploit, \Program.exe is launched instead of synergy binaries.

This commit is contained in:
Nick Bolton 2013-10-03 14:24:58 +00:00
parent 10b9b2e406
commit 85eae2a744
2 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/gui/src/MainWindow.cpp
View File

@ -485,6 +485,9 @@ bool MainWindow::clientArgs(QStringList& args, QString& app)
return false;
}
// wrap in quotes so a malicious user can't start \Program.exe as admin.
app = QString("\"%1\"").arg(app);
if (m_pLineEditHostname->text().isEmpty())
{
show();
@ -560,6 +563,9 @@ bool MainWindow::serverArgs(QStringList& args, QString& app)
return false;
}
// wrap in quotes so a malicious user can't start \Program.exe as admin.
app = QString("\"%1\"").arg(app);
if (appConfig().logToFile())
{
appConfig().persistLogDir();

16
src/lib/arch/CArchDaemonWindows.cpp
View File

@ -817,7 +817,21 @@ CArchDaemonWindows::installDaemon()
// install default daemon if not already installed.
if (!isDaemonInstalled(DEFAULT_DAEMON_NAME, true)) {
char path[MAX_PATH];
GetModuleFileName(CArchMiscWindows::instanceWin32(), path, MAX_PATH);
GetModuleFileName(CArchMiscWindows::instanceWin32(), &path[1], MAX_PATH - 2);
int length = 0;
for (int i = 0; i < MAX_PATH; i++) {
if (path[i] == '\0') {
length = i;
break;
}
}
// wrap in quotes so a malicious user can't start \Program.exe as admin.
path[0] = '"';
path[length] = '"';
path[length + 1] = '\0';
installDaemon(DEFAULT_DAEMON_NAME, DEFAULT_DAEMON_INFO, path, "", "", true);
}