diff options
| author | Mike Kaganski <mike.kaganski@collabora.com> | 2019-04-16 22:08:42 +0200 |
|---|---|---|
| committer | Thorsten Behrens <Thorsten.Behrens@CIB.de> | 2020-06-08 22:25:21 +0200 |
| commit | 7c78dbc48f41654f17f5cc10198bcb799ae5ae41 (patch) | |
| tree | d484ba5a1ea556e3ff5cc6e14a8f8d2dac0fef3c | |
| parent | limit forms to http[s] (diff) | |
| download | core-7c78dbc48f41654f17f5cc10198bcb799ae5ae41.tar.gz core-7c78dbc48f41654f17f5cc10198bcb799ae5ae41.zip | |
tdf#124776: don't use SearchPathW to get full path of executable
... use GetModuleFileNameW() for that.
We call SetDllDirectoryW and SetSearchPathMode to improve security of
the process, and exclude some paths (including current directory) from
search when using API that looks for binaries whose names are not fully
qualified.
So the sequence is this:
1. Program is started using relative executable path like
"instdir\program\soffice";
2. sal_detail_initialize is called, which calls the two mentioned
hardening functions;
3. sal_detail_initialize calls osl_setCommandArgs, which in turn calls
osl_createCommandArgs_Impl;
4. The latter uses SearchPathW with empty path and first program arg
"instdir\program\soffice" to find fully qualified program path.
That now naturally fails, because current path is not searched.
But to find the process name, we need no search: we can simply use
GetModuleFileNameW() with NULL passed as module handle. Let's use that.
Note that we can't use _wpgmptr/_get_wpgmptr, because we don't use wide
entry point like wmain.
LHM-Stuff
---------
Dieser Patch löst das Problem wenn Symbols eingeschaltet ist, danach
konnte LO nicht mit scalc.exe, swriter.exe, .. gestartet werden den es
ist damit abgestürzt. (Dumpfile war im LO-Verzeichnis)
Reviewed-on: https://gerrit.libreoffice.org/70844
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
(cherry picked from commit c650217cc543080928a26de4bfc07ebb0be5c6ca)
Change-Id: I7a0013a0505f7bdd38164b09b045bfade9686664
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/89689
Tested-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
Conflicts:
sal/osl/w32/process.cxx
| -rw-r--r-- | sal/osl/w32/process.cxx | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sal/osl/w32/process.cxx b/sal/osl/w32/process.cxx index 8c3e1169116d..529b73a27b97 100644 --- a/sal/osl/w32/process.cxx +++ b/sal/osl/w32/process.cxx @@ -275,8 +275,8 @@ static rtl_uString ** osl_createCommandArgs_Impl (int argc, char **) ::osl::LongPathBuffer< sal_Unicode > aBuffer( MAX_LONG_PATH ); DWORD dwResult = 0; - dwResult = SearchPath ( - 0, reinterpret_cast<LPCWSTR>(ppArgs[0]->buffer), L".exe", aBuffer.getBufSizeInSymbols(), ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), 0); + dwResult = GetModuleFileName ( + 0, ::osl::mingw_reinterpret_cast<LPWSTR>(aBuffer), aBuffer.getBufSizeInSymbols()); if ((0 < dwResult) && (dwResult < aBuffer.getBufSizeInSymbols())) { /* Replace argv[0] with its absolute path */ |