qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 2/2] qga/win32: Use rundll for VSS installation

From: Yan Vugenfirer
Subject: Re: [PATCH 2/2] qga/win32: Use rundll for VSS installation
Date: Tue, 21 Feb 2023 09:47:02 +0200 
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>


On Mon, Feb 20, 2023 at 7:41 PM Konstantin Kostiuk <kkostiuk@redhat.com> wrote:
>
> Add specific an entry points for rundll which is
> just a wrapper for COMRegister/COMUnregister functions.
>
> resolves: rhbz#2167436
> fixes: CVE-2023-0664
>
> Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
> ---
>  qga/installer/qemu-ga.wxs | 10 +++++-----
>  qga/vss-win32/install.cpp |  9 +++++++++
>  qga/vss-win32/qga-vss.def |  2 ++
>  3 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
> index feb629ec47..46ae9e7a13 100644
> --- a/qga/installer/qemu-ga.wxs
> +++ b/qga/installer/qemu-ga.wxs
> @@ -127,22 +127,22 @@
>        </Directory>
>      </Directory>
>
> -    <Property Id="cmd" Value="cmd.exe"/>
> +    <Property Id="rundll" Value="rundll32.exe"/>
>      <Property Id="REINSTALLMODE" Value="amus"/>
>
>      <?ifdef var.InstallVss?>
>      <CustomAction Id="RegisterCom"
> -              ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s vss-install'
> +              ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMRegister'
>                Execute="deferred"
> -              Property="cmd"
> +              Property="rundll"
>                Impersonate="no"
>                Return="check"
>                >
>      </CustomAction>
>      <CustomAction Id="UnRegisterCom"
> -              ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s 
> vss-uninstall'
> +              ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMUnregister'
>                Execute="deferred"
> -              Property="cmd"
> +              Property="rundll"
>                Impersonate="no"
>                Return="check"
>                >
> diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp
> index b57508fbe0..68662a6dfc 100644
> --- a/qga/vss-win32/install.cpp
> +++ b/qga/vss-win32/install.cpp
> @@ -357,6 +357,15 @@ out:
>      return hr;
>  }
>
> +STDAPI_(void) CALLBACK DLLCOMRegister(HWND, HINSTANCE, LPSTR, int)
> +{
> +    COMRegister();
> +}
> +
> +STDAPI_(void) CALLBACK DLLCOMUnregister(HWND, HINSTANCE, LPSTR, int)
> +{
> +    COMUnregister();
> +}
>
>  static BOOL CreateRegistryKey(LPCTSTR key, LPCTSTR value, LPCTSTR data)
>  {
> diff --git a/qga/vss-win32/qga-vss.def b/qga/vss-win32/qga-vss.def
> index 927782c31b..ee97a81427 100644
> --- a/qga/vss-win32/qga-vss.def
> +++ b/qga/vss-win32/qga-vss.def
> @@ -1,6 +1,8 @@
>  LIBRARY      "QGA-PROVIDER.DLL"
>
>  EXPORTS
> +       DLLCOMRegister
> +       DLLCOMUnregister
>         COMRegister             PRIVATE
>         COMUnregister           PRIVATE
>         DllCanUnloadNow         PRIVATE
> --
> 2.25.1
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]