Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update service_windows.go to avoid "unquoted search path" windows service issue #290

Closed
wants to merge 1 commit into from
Closed

Update service_windows.go to avoid "unquoted search path" windows service issue #290

wants to merge 1 commit into from

Conversation

ghost
Copy link

@ghost ghost commented Aug 4, 2021

wrap exepath in quotes to avoid "unquoted search path" with windows services

Update service_windows.go
5233973 
wrap exepath in quotes to avoid "unquoted search path" with windows services
@ghost ghost mentioned this pull request Aug 4, 2021
Closed
@KatelynHaworth
Copy link
Contributor

@kardianos are you able to review this PR? This issue is affecting the company I work for and if possible we would prefer to keep using your lib rather than a fork with this change.

@jba jba mentioned this pull request Apr 22, 2022
Open
@GoVulnBot GoVulnBot mentioned this pull request Apr 22, 2022
Closed
@ghost
Copy link
Author

ghost commented Apr 25, 2022

I requested CVE-2022-29583 from MITRE

@masinger
Copy link

@trespassing-potato Could it be that you got fooled by your security scanner?

Because if you step into the m.CreateService(... call at line 256, you will see that the path is already being escaped by a call to syscall.EscapeArg() (see https://docs.microsoft.com/en-us/previous-versions/ms880421(v=msdn.10)?redirectedfrom=MSDN).

@twz123
Copy link

twz123 commented Apr 26, 2022

@trespassing-potato Do you maybe have a reproducer that triggers the vulnerability? What would a malicious input look like?

@ghost
Copy link
Author

ghost commented Apr 27, 2022

Hello! As I mentioned in #289 I tried to actually reproduce the issue discovered by our vulnerability scanner - but the added service in question (telegraf) does have a fully quoted path.

I apologize, I should have verified before doing anything :)

@ghost ghost closed this Apr 27, 2022
@ainar-g ainar-g mentioned this pull request Jun 2, 2022
Closed
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@KatelynHaworth @masinger @twz123