Permalink
Browse files

Switch to msitools' msiinfo for ProductVersion fetching

This replaces the insecure VBScript-based parsing, which has issues described at http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
  • Loading branch information...
jlu5 committed Jul 17, 2017
1 parent 0e5dbd1 commit 1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
Showing with 3 additions and 18 deletions.
  1. +3 −18 usr/bin/gnome-exe-thumbnailer
@@ -356,25 +356,10 @@ fi
# Get the version number:
if [[ ${INPUTFILE##*.} = 'msi' ]]
then
# Look for the ProductVersion property if user has the Microsoft (R) Windows Script Host installed:
if which wine && grep -v 'Wine placeholder DLL' $HOME/.wine/drive_c/windows/system32/cscript.exe
# Look for the ProductVersion property using msitools' msiinfo if present
if which msiinfo
then
# Workaround wine bug #19799: cscript crashes if you call WScript.Arguments(0)
# http://bugs.winehq.org/show_bug.cgi?id=19799
<<< "
Dim WI, DB, View, Record
Set WI = CreateObject(\"WindowsInstaller.Installer\")
Set DB = WI.OpenDatabase(\"$INPUTFILE\",0)
Set View = DB.OpenView(\"SELECT Value FROM Property WHERE Property = 'ProductVersion'\")
View.Execute
Wscript.Echo View.Fetch.StringData(1)
" iconv -f utf8 -t unicode > $TEMPFILE1.vbs
VERSION=$(
DISPLAY=NONE wine cscript.exe //E:vbs //NoLogo Z:\\tmp\\${TEMPFILE1##*/}.vbs 2>/dev/null \
| egrep -o '^[0-9]+\.[0-9]+(\.[0-9][0-9]?)?(beta)?'
)
VERSION=$(msiinfo export "$INPUTFILE" 'Property' | grep 'ProductVersion' | cut -f 2)
else
# Try to get the version number from extended file properties at least:
VERSION=$(

3 comments on commit 1d8e310

@bigon

This comment has been minimized.

Show comment
Hide comment
@bigon

bigon Jul 18, 2017

Hi,

This is definitely CVE worthy, could you please request a CVE to track this downstream?

Hi,

This is definitely CVE worthy, could you please request a CVE to track this downstream?

@carnil

This comment has been minimized.

Show comment
Hide comment
@carnil

carnil Jul 18, 2017

@bigon FTR, already requested one via MITRE

@bigon FTR, already requested one via MITRE

@carnil

This comment has been minimized.

Show comment
Hide comment
@carnil

carnil Jul 18, 2017

CVE-2017-11421 has been assigned for this issue.

CVE-2017-11421 has been assigned for this issue.

Please sign in to comment.