If osquery fails to get the service description log a warning message and continue (#6281)

2024-11-06 09:35:20 +00:00 · 2020-03-16 01:01:04 +00:00 · 2020-03-16 01:01:04 +00:00 · aeaf6249ce
commit aeaf6249ce
parent f61c0cace6
1 changed files with 30 additions and 25 deletions
--- a/osquery/tables/system/windows/services.cpp
+++ b/osquery/tables/system/windows/services.cpp
@ -80,30 +80,36 @@ static inline Status getService(const SC_HANDLE& scmHandle,
    return Status(GetLastError(), "Failed to query service config");
  }

-  (void)QueryServiceConfig2(
-      svcHandle.get(), SERVICE_CONFIG_DESCRIPTION, nullptr, 0, &cbBufSize);
-  err = GetLastError();
-  if (ERROR_INSUFFICIENT_BUFFER == err) {
-    svc_descr_t lpsd(static_cast<LPSERVICE_DESCRIPTION>(malloc(cbBufSize)),
-                     freePtr);
-    if (lpsd == nullptr) {
-      return Status(1, "Failed to malloc service description buffer");
+  try {
+    (void)QueryServiceConfig2(
+        svcHandle.get(), SERVICE_CONFIG_DESCRIPTION, nullptr, 0, &cbBufSize);
+    err = GetLastError();
+    if (ERROR_INSUFFICIENT_BUFFER == err) {
+      svc_descr_t lpsd(static_cast<LPSERVICE_DESCRIPTION>(malloc(cbBufSize)),
+                       freePtr);
+      if (lpsd == nullptr) {
+        throw std::runtime_error("failed to malloc service description buffer");
+      }
+      ret = QueryServiceConfig2(svcHandle.get(),
+                                SERVICE_CONFIG_DESCRIPTION,
+                                (LPBYTE)lpsd.get(),
+                                cbBufSize,
+                                &cbBufSize);
+      if (ret == 0) {
+        std::stringstream ss;
+        ss << "failed to query size of service description buffer, error: "
+           << GetLastError();
+        throw std::runtime_error(ss.str());
+      }
+      if (lpsd->lpDescription != nullptr) {
+        r["description"] = SQL_TEXT(lpsd->lpDescription);
+      }
+    } else if (ERROR_MUI_FILE_NOT_FOUND != err) {
+      // Bug in Windows 10 with CDPUserSvc_63718, just ignore description
+      throw std::runtime_error("failed to query service description");
    }
-    ret = QueryServiceConfig2(svcHandle.get(),
-                              SERVICE_CONFIG_DESCRIPTION,
-                              (LPBYTE)lpsd.get(),
-                              cbBufSize,
-                              &cbBufSize);
-    if (ret == 0) {
-      return Status(GetLastError(),
-                    "Failed to query size of service description buffer");
-    }
-    if (lpsd->lpDescription != nullptr) {
-      r["description"] = SQL_TEXT(lpsd->lpDescription);
-    }
-  } else if (ERROR_MUI_FILE_NOT_FOUND != err) {
-    // Bug in Windows 10 with CDPUserSvc_63718, just ignore description
-    return Status(err, "Failed to query service description");
+  } catch (const std::runtime_error& e) {
+    LOG(WARNING) << svc.lpServiceName << ": " << e.what();
  }

  r["name"] = SQL_TEXT(svc.lpServiceName);
@ -190,7 +196,7 @@ static inline Status getServices(QueryData& results) {
  for (size_t i = 0; i < serviceCount; i++) {
    auto s = getService(scmHandle.get(), lpSvcBuf[i], results);
    if (!s.ok()) {
-      return s;
+      LOG(WARNING) << s.getMessage();
    }
  }

@ -201,7 +207,6 @@ QueryData genServices(QueryContext& context) {
  QueryData results;
  auto status = getServices(results);
  if (!status.ok()) {
-    // Prefer no results to incomplete results
    LOG(WARNING) << status.getMessage();
    results = QueryData();
  }