valitydev/osquery-1
14
0
Fork 0
mirror of https://github.com/valitydev/osquery-1.git synced 2024-11-06 09:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

If osquery fails to get the service description log a warning message and continue (#6281)

Browse Source
This commit is contained in:
Breakwell 2020-03-16 01:01:04 +00:00 committed by GitHub
parent f61c0cace6
commit aeaf6249ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
osquery/tables/system/windows/services.cpp
View File

@ -80,30 +80,36 @@ static inline Status getService(const SC_HANDLE& scmHandle,
return Status(GetLastError(), "Failed to query service config"); return Status(GetLastError(), "Failed to query service config");
} }
(void)QueryServiceConfig2( try {
svcHandle.get(), SERVICE_CONFIG_DESCRIPTION, nullptr, 0, &cbBufSize); (void)QueryServiceConfig2(
err = GetLastError(); svcHandle.get(), SERVICE_CONFIG_DESCRIPTION, nullptr, 0, &cbBufSize);
if (ERROR_INSUFFICIENT_BUFFER == err) { err = GetLastError();
svc_descr_t lpsd(static_cast<LPSERVICE_DESCRIPTION>(malloc(cbBufSize)), if (ERROR_INSUFFICIENT_BUFFER == err) {
freePtr); svc_descr_t lpsd(static_cast<LPSERVICE_DESCRIPTION>(malloc(cbBufSize)),
if (lpsd == nullptr) { freePtr);
return Status(1, "Failed to malloc service description buffer"); if (lpsd == nullptr) {
throw std::runtime_error("failed to malloc service description buffer");
}
ret = QueryServiceConfig2(svcHandle.get(),
SERVICE_CONFIG_DESCRIPTION,
(LPBYTE)lpsd.get(),
cbBufSize,
&cbBufSize);
if (ret == 0) {
std::stringstream ss;
ss << "failed to query size of service description buffer, error: "
<< GetLastError();
throw std::runtime_error(ss.str());
}
if (lpsd->lpDescription != nullptr) {
r["description"] = SQL_TEXT(lpsd->lpDescription);
}
} else if (ERROR_MUI_FILE_NOT_FOUND != err) {
// Bug in Windows 10 with CDPUserSvc_63718, just ignore description
throw std::runtime_error("failed to query service description");
} }
ret = QueryServiceConfig2(svcHandle.get(), } catch (const std::runtime_error& e) {
SERVICE_CONFIG_DESCRIPTION, LOG(WARNING) << svc.lpServiceName << ": " << e.what();
(LPBYTE)lpsd.get(),
cbBufSize,
&cbBufSize);
if (ret == 0) {
return Status(GetLastError(),
"Failed to query size of service description buffer");
}
if (lpsd->lpDescription != nullptr) {
r["description"] = SQL_TEXT(lpsd->lpDescription);
}
} else if (ERROR_MUI_FILE_NOT_FOUND != err) {
// Bug in Windows 10 with CDPUserSvc_63718, just ignore description
return Status(err, "Failed to query service description");
} }
r["name"] = SQL_TEXT(svc.lpServiceName); r["name"] = SQL_TEXT(svc.lpServiceName);
@ -190,7 +196,7 @@ static inline Status getServices(QueryData& results) {
for (size_t i = 0; i < serviceCount; i++) { for (size_t i = 0; i < serviceCount; i++) {
auto s = getService(scmHandle.get(), lpSvcBuf[i], results); auto s = getService(scmHandle.get(), lpSvcBuf[i], results);
if (!s.ok()) { if (!s.ok()) {
return s; LOG(WARNING) << s.getMessage();
} }
} }
@ -201,7 +207,6 @@ QueryData genServices(QueryContext& context) {
QueryData results; QueryData results;
auto status = getServices(results); auto status = getServices(results);
if (!status.ok()) { if (!status.ok()) {
// Prefer no results to incomplete results
LOG(WARNING) << status.getMessage(); LOG(WARNING) << status.getMessage();
results = QueryData(); results = QueryData();
} }