From 31cc3cf68cedf160088f8d79840e68ff5ae12339 Mon Sep 17 00:00:00 2001 From: TJ-59 <85706453+TJ-59@users.noreply.github.com> Date: Mon, 31 Jul 2023 21:06:36 +0200 Subject: [PATCH] updated service.cpp for protected ImagePath This version properly encloses the ImagePath of the service in the Windows registry between double quotes, in an effort to protect users from malicious hijacking executables trying to use the unprotected "C:\program" part of "C:\program files" to be run whenever the service is run (default being "automatic"). --- apps/freelan/src/windows/service.cpp | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/apps/freelan/src/windows/service.cpp b/apps/freelan/src/windows/service.cpp index 601722b9..8e62a5d3 100644 --- a/apps/freelan/src/windows/service.cpp +++ b/apps/freelan/src/windows/service.cpp @@ -65,6 +65,7 @@ #include "../tools.hpp" #include "../system.hpp" #include "../configuration_helper.hpp" +#include namespace fs = boost::filesystem; namespace fl = freelan; @@ -237,7 +238,16 @@ namespace windows { SCManager service_control_manager(SC_MANAGER_CREATE_SERVICE); + TCHAR total[_MAX_PATH + 3]; //on cree le buffer + TCHAR quote[3] =_T ("\""); //on cree la quote, taille 3 pour 2 chars pour \ et " plus termination + + _tcscpy(total, (const wchar_t*)quote); //on colle une quote dans le buffer vide + const fs::path path = get_module_filename(); + _tcscat(total, (const TCHAR*)path.string >().c_str()); //on colle le path (cast) dans 'total' + + _tcscat(total, (const wchar_t*)quote); //on colle une quote pour fermer, le path est protege + SC_HANDLE service = ::CreateService( service_control_manager.handle(), @@ -247,7 +257,8 @@ namespace windows SERVICE_WIN32_OWN_PROCESS, SERVICE_AUTO_START, SERVICE_ERROR_NORMAL, - path.string >().c_str(), + /*path.string >().c_str(),*/ //remplace par total + total, NULL, NULL, SERVICE_DEPENDENCIES,