api: make pipe handles non-inheritable by default

...and change to inheritable only the ones really needed, eliminating a window where we'd have inheritable handles that are not supposed to be inheritable. Suggested-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Simon Rozman <simon@rozman.si>
2020-10-30 07:35:00 +01:00 · 2020-10-30 07:35:00 +01:00 · 3dacd1c6ce
commit 3dacd1c6ce
parent fb6d5b62f1
1 changed files with 4 additions and 7 deletions
--- a/api/adapter.c
+++ b/api/adapter.c
@ -1397,19 +1397,16 @@ ExecuteRunDll32(
        Result = ERROR_INVALID_PARAMETER;
        goto cleanupDelete;
    }
-    SECURITY_ATTRIBUTES sa = { .nLength = sizeof(SECURITY_ATTRIBUTES),
-                               .bInheritHandle = TRUE,
-                               .lpSecurityDescriptor =
-                                   SecurityAttributes ? SecurityAttributes->lpSecurityDescriptor : NULL };
    HANDLE StreamRStdout = INVALID_HANDLE_VALUE, StreamRStderr = INVALID_HANDLE_VALUE,
           StreamWStdout = INVALID_HANDLE_VALUE, StreamWStderr = INVALID_HANDLE_VALUE;
-    if (!CreatePipe(&StreamRStdout, &StreamWStdout, &sa, 0) || !CreatePipe(&StreamRStderr, &StreamWStderr, &sa, 0))
+    if (!CreatePipe(&StreamRStdout, &StreamWStdout, SecurityAttributes, 0) ||
+        !CreatePipe(&StreamRStderr, &StreamWStderr, SecurityAttributes, 0))
    {
        Result = LOG_LAST_ERROR(L"Failed to create pipes");
        goto cleanupPipes;
    }
-    if (!SetHandleInformation(StreamRStdout, HANDLE_FLAG_INHERIT, 0) ||
-        !SetHandleInformation(StreamRStderr, HANDLE_FLAG_INHERIT, 0))
+    if (!SetHandleInformation(StreamWStdout, HANDLE_FLAG_INHERIT, HANDLE_FLAG_INHERIT) ||
+        !SetHandleInformation(StreamWStderr, HANDLE_FLAG_INHERIT, HANDLE_FLAG_INHERIT))
    {
        Result = LOG_LAST_ERROR(L"Failed to set handle info");
        goto cleanupPipes;