Reviewed-by: Yan Vugenfirer
On Mon, Feb 20, 2023 at 7:41 PM Konstantin Kostiuk wrote:
>
> Add specific an entry points for rundll which is
> just a wrapper for COMRegister/COMUnregister functions.
>
> resolves: rhbz#2167436
> fixes: CVE-2023-0664
>
> Signed-off-by: Konstantin Kostiuk
> ---
> qga/installer/qemu-ga.wxs | 10 +-
> qga/vss-win32/install.cpp | 9 +
> qga/vss-win32/qga-vss.def | 2 ++
> 3 files changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/qga/installer/qemu-ga.wxs b/qga/installer/qemu-ga.wxs
> index feb629ec47..46ae9e7a13 100644
> --- a/qga/installer/qemu-ga.wxs
> +++ b/qga/installer/qemu-ga.wxs
> @@ -127,22 +127,22 @@
>
>
>
> -
> +
>
>
>
> - ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s vss-install'
> + ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMRegister'
>Execute="deferred"
> - Property="cmd"
> + Property="rundll"
>Impersonate="no"
>Return="check"
>>
>
> - ExeCommand='/c "[qemu_ga_directory]qemu-ga.exe" -s
> vss-uninstall'
> + ExeCommand='"[qemu_ga_directory]qga-vss.dll",DLLCOMUnregister'
>Execute="deferred"
> - Property="cmd"
> + Property="rundll"
>Impersonate="no"
>Return="check"
>>
> diff --git a/qga/vss-win32/install.cpp b/qga/vss-win32/install.cpp
> index b57508fbe0..68662a6dfc 100644
> --- a/qga/vss-win32/install.cpp
> +++ b/qga/vss-win32/install.cpp
> @@ -357,6 +357,15 @@ out:
> return hr;
> }
>
> +STDAPI_(void) CALLBACK DLLCOMRegister(HWND, HINSTANCE, LPSTR, int)
> +{
> +COMRegister();
> +}
> +
> +STDAPI_(void) CALLBACK DLLCOMUnregister(HWND, HINSTANCE, LPSTR, int)
> +{
> +COMUnregister();
> +}
>
> static BOOL CreateRegistryKey(LPCTSTR key, LPCTSTR value, LPCTSTR data)
> {
> diff --git a/qga/vss-win32/qga-vss.def b/qga/vss-win32/qga-vss.def
> index 927782c31b..ee97a81427 100644
> --- a/qga/vss-win32/qga-vss.def
> +++ b/qga/vss-win32/qga-vss.def
> @@ -1,6 +1,8 @@
> LIBRARY "QGA-PROVIDER.DLL"
>
> EXPORTS
> + DLLCOMRegister
> + DLLCOMUnregister
> COMRegister PRIVATE
> COMUnregister PRIVATE
> DllCanUnloadNow PRIVATE
> --
> 2.25.1
>