aboutsummaryrefslogtreecommitdiff
path: root/src/burn
diff options
context:
space:
mode:
authorSean Hall <r.sean.hall@gmail.com>2022-09-02 16:06:18 -0500
committerSean Hall <r.sean.hall@gmail.com>2022-09-03 15:29:26 -0500
commitd6ced0b6c527dc853d7e116acb60ba8fde9859da (patch)
tree7c7959db5b66b7e80e29dcb7de2930a1d78d4d11 /src/burn
parent914a92d16d7a0245f3cf0b42cc5e320c34d23d30 (diff)
downloadwix-d6ced0b6c527dc853d7e116acb60ba8fde9859da.tar.gz
wix-d6ced0b6c527dc853d7e116acb60ba8fde9859da.tar.bz2
wix-d6ced0b6c527dc853d7e116acb60ba8fde9859da.zip
Mask the elevated secrets when logging its command line.
Diffstat (limited to 'src/burn')
-rw-r--r--src/burn/engine/core.cpp27
-rw-r--r--src/burn/engine/core.h2
-rw-r--r--src/burn/engine/engine.cpp1
3 files changed, 27 insertions, 3 deletions
diff --git a/src/burn/engine/core.cpp b/src/burn/engine/core.cpp
index ed824411..25124c8a 100644
--- a/src/burn/engine/core.cpp
+++ b/src/burn/engine/core.cpp
@@ -1612,6 +1612,16 @@ extern "C" HRESULT CoreParseCommandLine(
1612 1612
1613 ++i; 1613 ++i;
1614 1614
1615 hr = MemEnsureArraySizeForNewItems(reinterpret_cast<LPVOID*>(&pInternalCommand->rgSecretArgs), pInternalCommand->cSecretArgs, 3, sizeof(int), 3);
1616 ExitOnFailure(hr, "Failed to ensure size for secret args.");
1617
1618 pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i;
1619 pInternalCommand->cSecretArgs += 1;
1620 pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i + 1;
1621 pInternalCommand->cSecretArgs += 1;
1622 pInternalCommand->rgSecretArgs[pInternalCommand->cSecretArgs] = i + 2;
1623 pInternalCommand->cSecretArgs += 1;
1624
1615 hr = ParsePipeConnection(argv + i, pCompanionConnection); 1625 hr = ParsePipeConnection(argv + i, pCompanionConnection);
1616 if (FAILED(hr)) 1626 if (FAILED(hr))
1617 { 1627 {
@@ -1684,7 +1694,7 @@ extern "C" HRESULT CoreParseCommandLine(
1684 if (i + 3 >= argc) 1694 if (i + 3 >= argc)
1685 { 1695 {
1686 fInvalidCommandLine = TRUE; 1696 fInvalidCommandLine = TRUE;
1687 ExitOnRootFailure(hr = E_INVALIDARG, "Must specify the embedded name, token and parent process id."); 1697 ExitWithRootFailure(hr, E_INVALIDARG, "Must specify the embedded name, token and parent process id.");
1688 } 1698 }
1689 1699
1690 switch (pInternalCommand->mode) 1700 switch (pInternalCommand->mode)
@@ -1701,7 +1711,7 @@ extern "C" HRESULT CoreParseCommandLine(
1701 break; 1711 break;
1702 default: 1712 default:
1703 fInvalidCommandLine = TRUE; 1713 fInvalidCommandLine = TRUE;
1704 ExitOnRootFailure(hr = E_INVALIDARG, "Multiple mode command-line switches were provided."); 1714 ExitWithRootFailure(hr, E_INVALIDARG, "Multiple mode command-line switches were provided.");
1705 } 1715 }
1706 1716
1707 ++i; 1717 ++i;
@@ -2111,6 +2121,7 @@ static HRESULT GetSanitizedCommandLine(
2111{ 2121{
2112 HRESULT hr = S_OK; 2122 HRESULT hr = S_OK;
2113 DWORD dwUnknownArgIndex = 0; 2123 DWORD dwUnknownArgIndex = 0;
2124 DWORD dwSecretArgIndex = 0;
2114 BOOL fHidden = FALSE; 2125 BOOL fHidden = FALSE;
2115 LPWSTR sczSanitizedArgument = NULL; 2126 LPWSTR sczSanitizedArgument = NULL;
2116 LPWSTR sczVariableName = NULL; 2127 LPWSTR sczVariableName = NULL;
@@ -2118,6 +2129,8 @@ static HRESULT GetSanitizedCommandLine(
2118 LPWSTR* argv = pInternalCommand->argv; 2129 LPWSTR* argv = pInternalCommand->argv;
2119 DWORD cUnknownArgs = pInternalCommand->cUnknownArgs; 2130 DWORD cUnknownArgs = pInternalCommand->cUnknownArgs;
2120 int* rgUnknownArgs = pInternalCommand->rgUnknownArgs; 2131 int* rgUnknownArgs = pInternalCommand->rgUnknownArgs;
2132 DWORD cSecretArgs = pInternalCommand->cSecretArgs;
2133 int* rgSecretArgs = pInternalCommand->rgSecretArgs;
2121 2134
2122 for (int i = 0; i < argc; ++i) 2135 for (int i = 0; i < argc; ++i)
2123 { 2136 {
@@ -2148,7 +2161,7 @@ static HRESULT GetSanitizedCommandLine(
2148 if (fHidden) 2161 if (fHidden)
2149 { 2162 {
2150 hr = StrAllocFormatted(&sczSanitizedArgument, L"%ls=*****", sczVariableName); 2163 hr = StrAllocFormatted(&sczSanitizedArgument, L"%ls=*****", sczVariableName);
2151 ExitOnFailure(hr, "Failed to copy sanitized argument."); 2164 ExitOnFailure(hr, "Failed to copy sanitized unknown argument.");
2152 } 2165 }
2153 } 2166 }
2154 } 2167 }
@@ -2156,6 +2169,14 @@ static HRESULT GetSanitizedCommandLine(
2156 // Remember command-line switch to pass off to BA. 2169 // Remember command-line switch to pass off to BA.
2157 AppAppendCommandLineArgument(&pCommand->wzCommandLine, argv[i]); 2170 AppAppendCommandLineArgument(&pCommand->wzCommandLine, argv[i]);
2158 } 2171 }
2172 else if (dwSecretArgIndex < cSecretArgs && rgSecretArgs[dwSecretArgIndex] == i)
2173 {
2174 ++dwSecretArgIndex;
2175 fHidden = TRUE;
2176
2177 hr = StrAllocString(&sczSanitizedArgument, L"*****", 0);
2178 ExitOnFailure(hr, "Failed to copy sanitized secret argument.");
2179 }
2159 2180
2160 if (fHidden) 2181 if (fHidden)
2161 { 2182 {
diff --git a/src/burn/engine/core.h b/src/burn/engine/core.h
index a2f1ab4c..7e594b52 100644
--- a/src/burn/engine/core.h
+++ b/src/burn/engine/core.h
@@ -89,6 +89,8 @@ typedef struct _BURN_ENGINE_COMMAND
89{ 89{
90 int argc; 90 int argc;
91 LPWSTR* argv; 91 LPWSTR* argv;
92 DWORD cSecretArgs;
93 int* rgSecretArgs;
92 DWORD cUnknownArgs; 94 DWORD cUnknownArgs;
93 int* rgUnknownArgs; 95 int* rgUnknownArgs;
94 BOOL fInvalidCommandLine; 96 BOOL fInvalidCommandLine;
diff --git a/src/burn/engine/engine.cpp b/src/burn/engine/engine.cpp
index aefba98b..69f30e26 100644
--- a/src/burn/engine/engine.cpp
+++ b/src/burn/engine/engine.cpp
@@ -414,6 +414,7 @@ static void UninitializeEngineState(
414 AppFreeCommandLineArgs(pEngineState->internalCommand.argv); 414 AppFreeCommandLineArgs(pEngineState->internalCommand.argv);
415 } 415 }
416 416
417 ReleaseMem(pEngineState->internalCommand.rgSecretArgs);
417 ReleaseMem(pEngineState->internalCommand.rgUnknownArgs); 418 ReleaseMem(pEngineState->internalCommand.rgUnknownArgs);
418 419
419 PipeConnectionUninitialize(&pEngineState->embeddedConnection); 420 PipeConnectionUninitialize(&pEngineState->embeddedConnection);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 21:55:12 +0000