Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Switch to msitools' msiinfo for ProductVersion fetching
This replaces the insecure VBScript-based parsing, which has issues described at http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
  • Loading branch information
jlu5 committed Jul 17, 2017
1 parent 0e5dbd1 commit 1d8e310
Showing 1 changed file with 3 additions and 18 deletions.
21 changes: 3 additions & 18 deletions usr/bin/gnome-exe-thumbnailer
Expand Up @@ -356,25 +356,10 @@ fi
# Get the version number:
if [[ ${INPUTFILE##*.} = 'msi' ]]
then
# Look for the ProductVersion property if user has the Microsoft (R) Windows Script Host installed:
if which wine && grep -v 'Wine placeholder DLL' $HOME/.wine/drive_c/windows/system32/cscript.exe
# Look for the ProductVersion property using msitools' msiinfo if present
if which msiinfo
then
# Workaround wine bug #19799: cscript crashes if you call WScript.Arguments(0)
# http://bugs.winehq.org/show_bug.cgi?id=19799
<<< "
Dim WI, DB, View, Record
Set WI = CreateObject(\"WindowsInstaller.Installer\")
Set DB = WI.OpenDatabase(\"$INPUTFILE\",0)
Set View = DB.OpenView(\"SELECT Value FROM Property WHERE Property = 'ProductVersion'\")
View.Execute
Wscript.Echo View.Fetch.StringData(1)
" iconv -f utf8 -t unicode > $TEMPFILE1.vbs
VERSION=$(
DISPLAY=NONE wine cscript.exe //E:vbs //NoLogo Z:\\tmp\\${TEMPFILE1##*/}.vbs 2>/dev/null \
| egrep -o '^[0-9]+\.[0-9]+(\.[0-9][0-9]?)?(beta)?'
)
VERSION=$(msiinfo export "$INPUTFILE" 'Property' | grep 'ProductVersion' | cut -f 2)
else
# Try to get the version number from extended file properties at least:
VERSION=$(
Expand Down

3 comments on commit 1d8e310

@bigon
Copy link

@bigon bigon commented on 1d8e310 Jul 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

This is definitely CVE worthy, could you please request a CVE to track this downstream?

@carnil
Copy link

@carnil carnil commented on 1d8e310 Jul 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bigon FTR, already requested one via MITRE

@carnil
Copy link

@carnil carnil commented on 1d8e310 Jul 18, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2017-11421 has been assigned for this issue.

Please sign in to comment.