Skip to content
Permalink
Browse files Browse the repository at this point in the history
WindowsServiceControl: quote service binary path
Fix unquoted service path vulnerability.

Closes #657.
  • Loading branch information
tobydox committed Sep 1, 2020
1 parent afd0e6c commit f231ec5
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion plugins/platform/windows/WindowsServiceControl.cpp
Expand Up @@ -158,6 +158,8 @@ bool WindowsServiceControl::stop()

bool WindowsServiceControl::install( const QString& filePath, const QString& displayName )
{
const auto binaryPath = QStringLiteral("\"%1\"").arg( QString( filePath ).replace( QLatin1Char('"'), QString() ) );

m_serviceHandle = CreateService(
m_serviceManager, // SCManager database
WindowsCoreFunctions::toConstWCharArray( m_name ), // name of service
Expand All @@ -167,7 +169,7 @@ bool WindowsServiceControl::install( const QString& filePath, const QString& dis
// service type
SERVICE_AUTO_START, // start type
SERVICE_ERROR_NORMAL, // error control type
WindowsCoreFunctions::toConstWCharArray( filePath ), // service's binary
WindowsCoreFunctions::toConstWCharArray( binaryPath ), // service's binary
nullptr, // no load ordering group
nullptr, // no tag identifier
L"Tcpip\0RpcSs\0\0", // dependencies
Expand Down

0 comments on commit f231ec5

Please sign in to comment.