codeql/UnsafeCreateProcessCall.cpp at e4d2c7cfc423ebd263bbc767c4ca829eb002b982 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00

Files

Raul Garcia 85283d63ce C++ : NULL application name with an unquoted path in call to CreateProcess

Calling a function of the CreatePorcess* family of functions, which may result in a security vulnerability if the path contains spaces.

2018-10-12 15:57:01 -07:00

11 lines

278 B

C++

Raw Blame History

 STARTUPINFOW si;
 PROCESS_INFORMATION pi;
 // ...
 CreateProcessW(                           // BUG
     NULL,                                 // lpApplicationName
     (LPWSTR)L"C:\\Program Files\\MyApp",  // lpCommandLine
     NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
 // ...