fixed: exploit, \Program.exe is launched instead of synergy binaries.

This commit is contained in:
Nick Bolton
2013-10-03 14:24:58 +00:00
parent 10b9b2e406
commit 85eae2a744
2 changed files with 21 additions and 1 deletions

View File

@@ -485,6 +485,9 @@ bool MainWindow::clientArgs(QStringList& args, QString& app)
return false;
}
// wrap in quotes so a malicious user can't start \Program.exe as admin.
app = QString("\"%1\"").arg(app);
if (m_pLineEditHostname->text().isEmpty())
{
show();
@@ -560,6 +563,9 @@ bool MainWindow::serverArgs(QStringList& args, QString& app)
return false;
}
// wrap in quotes so a malicious user can't start \Program.exe as admin.
app = QString("\"%1\"").arg(app);
if (appConfig().logToFile())
{
appConfig().persistLogDir();