Snippets Groups Projects

Commit 11768733 authored 8 years ago by Justin Clift Committed by Brad King 8 years ago

NSIS: Quote uninstaller path when executing it in a shell


Protect our `$0` reference in the shell as `"$0"`.  Otherwise it works
with a space in the path only due to an insecure Windows feature.

Prior to this fix, any installer using the option added by commit
v2.8.9~234^2 (Added CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL,
2011-06-11) exposes a local privilege escalation vulnerability.

Reported-by: Amir Szekely <kichik@gmail.com>
Reported-by: Ug_0 Security

parent e31084e6

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 7 additions and 1 deletion

Brad King @brad.king
mentioned in commit e09518ca
· 8 years ago

mentioned in commit e09518ca

mentioned in commit e09518ca50177d1dd0e1e156f481cd51562a394b

Toggle commit list
Brad King @brad.king
Mentioned in commit e09518ca
· 8 years ago

Mentioned in commit e09518ca

Mentioned in commit e09518ca50177d1dd0e1e156f481cd51562a394b

Toggle commit list
Brad King @brad.king
mentioned in issue #23001
· 3 years ago

mentioned in issue #23001

mentioned in issue #23001

Toggle commit list

Please register or to comment