Looks good to me. Minor comment below. Adding also others. On Mon, Oct 16, 2017 at 4:03 PM, Christophe Fergeau <cfergeau@xxxxxxxxxx> wrote: > If these paths are unquoted, and the path contains spaces (C:\Program > Files (x86)\...), this could be exploited by putting a binary with a > crafted name (C:\Program.exe), leading to priviledge escalation as this privilege > is a service that is being started. > > https://www.commonexploits.com/unquoted-service-paths/ > > Bug reported by Chris Moberly > --- > win-guest-tools.nsis | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/win-guest-tools.nsis b/win-guest-tools.nsis > index c23bf1d..908bf07 100644 > --- a/win-guest-tools.nsis > +++ b/win-guest-tools.nsis > @@ -114,7 +114,7 @@ Section "install" > CreateDirectory "$INSTDIR\hooks\after_migration" > CreateDirectory "$INSTDIR\hooks\before_migration" > > - ExecWait "$INSTDIR\vcredist_x86.exe /q" > + ExecWait '"$INSTDIR\vcredist_x86.exe /q"' > !endif > > SetOutPath "$INSTDIR\32" > @@ -326,7 +326,7 @@ Function InstallDriver > Pop $0 > StrCpy $1 $R1 > Push $1 > - StrCpy $2 "$INSTDIR\drivers\$0" > + StrCpy $2 '"$INSTDIR\drivers\$0"' > Push $2 > StrCpy $3 "$2\$R1.inf" > Push $3 > @@ -416,7 +416,7 @@ Function InstallService > ${endif} > > DetailPrint "Installing $R2 service" > - SimpleSC::InstallService $R0 $R2 16 2 $R1 "" "" "" > + SimpleSC::InstallService $R0 $R2 16 2 '"$R1"' "" "" "" > Pop $0 > ${if} $0 != 0 > DetailPrint "Failed to install $R2 service: $0" > -- > 2.13.6 > -- Didi _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel