diff options
| author | Justin Clift <justin@postgresql.org> | 2016-07-15 13:18:37 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2016-07-21 14:05:46 (GMT) |
| commit | 11768733d321df55b0efcb70b278c71b8e216cf7 (patch) | |
| tree | f56cb0e1e1055e7d462a3508d284055b173ffa03 /Modules | |
| parent | e31084e65745f9dd422c6aff0a2ed4ada6918805 (diff) | |
| download | CMake-11768733d321df55b0efcb70b278c71b8e216cf7.zip CMake-11768733d321df55b0efcb70b278c71b8e216cf7.tar.gz CMake-11768733d321df55b0efcb70b278c71b8e216cf7.tar.bz2 | |
NSIS: Quote uninstaller path when executing it in a shell
Protect our `$0` reference in the shell as `"$0"`. Otherwise it works
with a space in the path only due to an insecure Windows feature.
Prior to this fix, any installer using the option added by commit
v2.8.9~234^2 (Added CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL,
2011-06-11) exposes a local privilege escalation vulnerability.
Reported-by: Amir Szekely <kichik@gmail.com>
Reported-by: Ug_0 Security
Diffstat (limited to 'Modules')
| -rw-r--r-- | Modules/NSIS.template.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Modules/NSIS.template.in b/Modules/NSIS.template.in index 1ef3d28..92a3142 100644 --- a/Modules/NSIS.template.in +++ b/Modules/NSIS.template.in @@ -920,7 +920,7 @@ uninst: ClearErrors StrLen $2 "\Uninstall.exe" StrCpy $3 $0 -$2 # remove "\Uninstall.exe" from UninstallString to get path - ExecWait '$0 _?=$3' ;Do not copy the uninstaller to a temp file + ExecWait '"$0" _?=$3' ;Do not copy the uninstaller to a temp file IfErrors uninst_failed inst uninst_failed: |