Skip to content

Latest commit

 

History

History
96 lines (79 loc) · 3.01 KB

c6277.md

File metadata and controls

96 lines (79 loc) · 3.01 KB
Raw
description title ms.date f1_keywords helpviewer_keywords ms.assetid
Learn more about: Warning C6277
Warning C6277
09/28/2022
C6277
CREATEPROCESS_ESCAPE
__WARNING_CREATEPROCESS_ESCAPE
C6277
2b41252a-68c2-4e92-b005-0458db5f4430

Warning C6277

NULL application name with an unquoted path in call to 'function-name': results in a security vulnerability if the path contains spaces

This warning indicates that the application name parameter is null and that there might be spaces in the executable path name.

Remarks

Unless the executable name is fully qualified, there's likely to be a security problem. A malicious user could insert a rogue executable with the same name earlier in the path. To correct this warning, you can specify the application name instead of passing null. Alternatively, if you do pass null for the application name, use quotation marks around the executable path.

Code analysis name: CREATEPROCESS_ESCAPE

Example

The following sample code generates warning C6277. The warning is caused by the NULL application name and from the executable path name having a space. Due to how the function parses spaces, there's a risk that a different executable could be run. For more information, see CreateProcessA.

#include <windows.h>
#include <stdio.h>

void f_defective()
{
    STARTUPINFOA si;
    PROCESS_INFORMATION pi;

    ZeroMemory( &si, sizeof( si ) );
    si.cb = sizeof( si );
    ZeroMemory( &pi, sizeof( pi ) );
    if( !CreateProcessA( NULL,
                        "C:\\Program Files\\MyApp",
                        NULL,
                        NULL,
                        FALSE,
                        0,
                        NULL,
                        NULL,
                        &si,
                        &pi ) )
    {
        puts( "CreateProcess failed." );
        return;
    }
    // Wait until child process exits.
    WaitForSingleObject( pi.hProcess, INFINITE );

    // Close process and thread handles.
    CloseHandle( pi.hProcess );
    CloseHandle( pi.hThread );
}

To correct this warning, use quotation marks around the executable path, as shown in the following example:

#include <windows.h>
#include <stdio.h>

void f ()
{
    STARTUPINFOA si;
    PROCESS_INFORMATION pi;

    ZeroMemory( &si, sizeof( si ) );
    si.cb = sizeof( si );
    ZeroMemory( &pi, sizeof( pi ) );

    if( !CreateProcessA( NULL,
                        "\"C:\\Program Files\\MyApp.exe\"",
                        NULL,
                        NULL,
                        FALSE,
                        0,
                        NULL,
                        NULL,
                        &si,
                        &pi ) )
    {
        puts( "CreateProcess failed." );
        return;
    }
    // Wait until child process exits.
    WaitForSingleObject( pi.hProcess, INFINITE );

    // Close process and thread handles.
    CloseHandle( pi.hProcess );
    CloseHandle( pi.hThread );
}