diff options
author | Hao Kung <haok@microsoft.com> | 2021-11-03 01:22:06 +0300 |
---|---|---|
committer | Will Godbe <wigodbe@microsoft.com> | 2021-11-03 01:22:06 +0300 |
commit | 6c06851a6b49927d3146bf03bd56df03183be349 (patch) | |
tree | e5fffd59b17bf81104285dbe6d129f55dc05c6c9 | |
parent | 43f0237502a036c8c2ed5d73642a4113b4830743 (diff) |
Merged PR 19216: [release/2.1] MSRC: 68089 - EoP - aspNetCore processPath should be surrounded by quotes in case path contains spaces to avoid possible escalation of privileges
MSRC: 68089 - EoP - aspNetCore processPath should be surrounded by quotes in case path contains spaces to avoid possible escalation of privileges CRM:0331001776
Fixes an issue with a path not being properly escaped so spaces can result in executing an app in the parent directory. The fix just adds double quotes around the argument.
Regression:
No
Risk:
Low
Verification
Manual
Packaging changes reviewed?
TBD - this change is in the ANCM dll
-rw-r--r-- | src/Servers/IIS/AspNetCoreModuleV1/AspNetCore/src/serverprocess.cxx | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/Servers/IIS/AspNetCoreModuleV1/AspNetCore/src/serverprocess.cxx b/src/Servers/IIS/AspNetCoreModuleV1/AspNetCore/src/serverprocess.cxx index be5e250df5..53a689593b 100644 --- a/src/Servers/IIS/AspNetCoreModuleV1/AspNetCore/src/serverprocess.cxx +++ b/src/Servers/IIS/AspNetCoreModuleV1/AspNetCore/src/serverprocess.cxx @@ -645,8 +645,9 @@ SERVER_PROCESS::SetupCommandLine( pszPath = pszFullPath; } } - if (FAILED(hr = pstrCommandLine->Copy(pszPath)) || - FAILED(hr = pstrCommandLine->Append(L" ")) || + if (FAILED(hr = pstrCommandLine->Copy(L"\"")) || + FAILED(hr = pstrCommandLine->Append(pszPath)) || + FAILED(hr = pstrCommandLine->Append(L"\" ")) || FAILED(hr = pstrCommandLine->Append(m_Arguments.QueryStr()))) { goto Finished; |