From 4858bb58998f843c04d44ca102cec2e481e2d467 Mon Sep 17 00:00:00 2001
From: Quantum <quantum2048@gmail.com>
Date: Fri, 15 Jan 2021 18:34:29 -0500
Subject: [PATCH] [host] windows: avoid quoting issues with
 CreateProcessAsUserA
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

To quote MSDN documentation:

> The lpApplicationName parameter can be NULL, in which case the executable
> name must be the first white space–delimited string in lpCommandLine. If
> the executable or path name has a space in it, there is a risk that a
> different executable could be run because of the way the function parses
> spaces. The following example is dangerous because the function will
> attempt to run "Program.exe", if it exists, instead of "MyApp.exe".
>
>   LPTSTR szCmdline[] = _tcsdup(TEXT("C:\\Program Files\\MyApp"));
>   CreateProcessAsUser(hToken, NULL, szCmdline, /*...*/ );
>
> If a malicious user were to create an application called "Program.exe" on
> a system, any program that incorrectly calls CreateProcessAsUser using the
> Program Files directory will run this application instead of the intended
> application.
>
> To avoid this problem, do not pass NULL for lpApplicationName.

So instead, we pass the executable to lpApplicationName instead, which avoids
the issue. MSDN says:

> The lpCommandLine parameter can be NULL. In that case, the function uses
> the string pointed to by lpApplicationName as the command line.

This also avoids the strdup since lpApplicationName is LPCSTR unlike
lpCommandLine which is LPSTR.
---
 host/platform/Windows/src/service.c | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/host/platform/Windows/src/service.c b/host/platform/Windows/src/service.c
index 3da06b1d..80e1241d 100644
--- a/host/platform/Windows/src/service.c
+++ b/host/platform/Windows/src/service.c
@@ -340,11 +340,10 @@ void Launch(void)
     .lpDesktop   = "WinSta0\\Default"
   };
 
-  char * exe = strdup(os_getExecutable());
   if (!f_CreateProcessAsUserA(
       hToken,
+      os_getExecutable(),
       NULL,
-      exe,
       NULL,
       NULL,
       TRUE,
@@ -358,16 +357,13 @@ void Launch(void)
     service.running = false;
     doLog("failed to launch\n");
     winerr();
-    goto fail_exe;
+    goto fail_token;
   }
 
   CloseHandle(pi.hThread);
   service.process = pi.hProcess;
   service.running = true;
 
-fail_exe:
-  free(exe);
-
 fail_token:
   CloseHandle(hToken);
 }