Reviewed-by: Yan Vugenfirer <yvuge...@redhat.com>
On Mon, Feb 20, 2023 at 7:41 PM Konstantin Kostiuk <kkost...@redhat.com> wrote: > > Add specific an entry points for rundll which is > just a wrapper for COMRegister/COMUnregister functions. > > resolves: rhbz#2167436 > fixes: CVE-2023-0664 > > Signed-off-by: Konstantin Kostiuk <kkost...@redhat.com> > --- > qga/installer/qemu-ga.wxs | 10 +++++----- > qga/vss-win32/install.cpp | 9 +++++++++ > qga/vss-win32/qga-vss.def | 2 ++ > 3 files changed, 16 insertions(+), 5 deletions(-) > > diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs > index feb629ec47..46ae9e7a13 100644 > --- a/qga/installer/qemu-ga.wxs > +++ b/qga/installer/qemu-ga.wxs > @@ -127,22 +127,22 @@ > </Directory> > </Directory> > > - <Property Id="cmd" Value="cmd.exe"/> > + <Property Id="rundll" Value="rundll32.exe"/> > <Property Id="REINSTALLMODE" Value="amus"/> > > <?ifdef var.InstallVss?> > <CustomAction Id="RegisterCom" > - ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s vss-install' > + ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMRegister' > Execute="deferred" > - Property="cmd" > + Property="rundll" > Impersonate="no" > Return="check" > > > </CustomAction> > <CustomAction Id="UnRegisterCom" > - ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s > vss-uninstall' > + ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMUnregister' > Execute="deferred" > - Property="cmd" > + Property="rundll" > Impersonate="no" > Return="check" > > > diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp > index b57508fbe0..68662a6dfc 100644 > --- a/qga/vss-win32/install.cpp > +++ b/qga/vss-win32/install.cpp > @@ -357,6 +357,15 @@ out: > return hr; > } > > +STDAPI_(void) CALLBACK DLLCOMRegister(HWND, HINSTANCE, LPSTR, int) > +{ > + COMRegister(); > +} > + > +STDAPI_(void) CALLBACK DLLCOMUnregister(HWND, HINSTANCE, LPSTR, int) > +{ > + COMUnregister(); > +} > > static BOOL CreateRegistryKey(LPCTSTR key, LPCTSTR value, LPCTSTR data) > { > diff --git a/qga/vss-win32/qga-vss.def b/qga/vss-win32/qga-vss.def > index 927782c31b..ee97a81427 100644 > --- a/qga/vss-win32/qga-vss.def > +++ b/qga/vss-win32/qga-vss.def > @@ -1,6 +1,8 @@ > LIBRARY "QGA-PROVIDER.DLL" > > EXPORTS > + DLLCOMRegister > + DLLCOMUnregister > COMRegister PRIVATE > COMUnregister PRIVATE > DllCanUnloadNow PRIVATE > -- > 2.25.1 >