Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"

It is related to windows unquoted service path vulnerability in the the
installer that creates service path without quotes that make service.exe to
look for undesirable path for executable.

postgresql-9.3 service path : C:/Users/asif/Desktop/Program
files/9.3/bin/pg_ctl.exe runservice -N "postgresql-9.3" -D
"C:/Users/asif/Desktop/Program files/9.3/data" -w

service.exe

> C:\Users\asif\Desktop\Program NAME NOT FOUND
> C:\Users\asif\Desktop\Program.exe NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe ACCESS DENIED
>
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice NAME
> NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice.exe
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N.exe
> NAME NOT FOUND
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3".exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D.exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program.exe NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" NAME
> INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data".exe
> NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w
> NAME INVALID
> C:\Users\asif\Desktop\Program files\9.3\bin\pg_ctl.exe runservice -N
> "postgresql-9.3" -D "C:\Users\asif\Desktop\Program files\9.3\data" -w.exe
> NAME INVALID

Fix :

postgresql-9.3 service path : "C:/Users/asif/Desktop/Program
files/9.3/bin/pg_ctl.exe" runservice -N "postgresql-9.3" -D
"C:/Users/asif/Desktop/Program files/9.3/data" -w

It would be good if this is reported on pg installer forum or security
forum. Thanks.

Regards,
Asif Naeem

On Mon, Oct 28, 2013 at 12:06 PM, Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>
wrote:
>
> Hi, Asif.
>
> Thank you for response.
>
>
> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
"C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > server starting
>
> This failure does not occur by the command line.
> PostgreSQL needs to start by Windows Service.
>
> Additionally,In this case,
> A file "Program" needs to be exist at "C:\Users\asif\Desktop\", and
> "postgres.exe" needs to be exist at "C:\Users\asif\Desktop\Program
files\9.3\bin".
> ------------
> C:\Users\asif\Desktop\Program files\9.3\bin>dir
> ...
> 4,435,456 postgres.exe
> 80,896 pg_ctl.exe
> ...
>
> C:\Users\asif\Desktopp>dir
> ...
> 0 Program
> <DIR> Program files
> ...
> ------------
>
> Regards,
> Naoya
>
> > Hi Naoya,
> >
> > I am not able to reproduce the problem. Do you mean pg windows service
installed by installer is not working or bin\pg_ctl binary is not accepting
spaces in the patch ?. Following worked for me i.e.
> >
> >
> > C:\Users\asif\Desktop\Program files\9.3>"bin\pg_ctl" -D
"C:\Users\asif\Desktop\Program files\9.3\data1" -l logfile start
> > server starting
> >
> >
> > Can you please share the exact steps ?. Thanks.
> >
> >
> > Regards,
> > Muhammad Asif Naeem
> >
> >
> >
> > On Mon, Oct 28, 2013 at 10:26 AM, Naoya Anzai <
anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp> wrote:
> >
> >
> > Hi All,
> >
> > I have found a case that PostgreSQL Service does not start.
> > When it happens, the following error appears.
> >
> > "is not a valid Win32 application"
> >
> > This failure occurs when the following conditions are true.
> >
> > 1. There is "postgres.exe" in any directory that contains a space,
> > such as "Program Files".
> >
> > e.g.)
> > C:\Program Files\PostgreSQL\bin\postgres.exe
> >
> > 2. A file using the first white space-delimited
> > tokens of that directory as the file name exists,
> > and there is it in the same hierarchy.
> >
> > e.g.)
> > C:\Program //file
> >
> > "pg_ctl.exe" as PostgreSQL Service creates a postgres
> > process using an absolute path which indicates the
> > location of "postgres.exe",but the path is not enclosed
> > in quotation.
> >
> > Therefore,if the above-mentioned conditions are true,
> > CreateProcessAsUser(a Windows Function called by pg_ctl.exe)
> > tries to create a process using the other file such
> > as "Program", so the service fails to start.
> >
> > Accordingly, I think that the command path should be
> > enclosed in quotation.
> >
> > I created a patch to fix this failure,
> > So could anyone confirm?
> >
> > Regards,
> >
> > Naoya
> >
> > ---
> > Naoya Anzai
> > Engineering Department
> > NEC Soft, Ltd.
> > E-Mail: anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> > ---
> >
> >
> > --
> > Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> > To make changes to your subscription:
> > http://www.postgresql.org/mailpref/pgsql-hackers
> >
> >
> >
> >
> >
>
> 以上、よろしくお願い致します。
>
> --------------------------------------------------------
> NECソフト株式会社
> PFシステム事業部 テーマソフト開発G
> 安西 直也
>
> 外線(03)5534-2353
> 内線(8)57-40364
> Mail:NES-N2363
> E-mail:anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp
> --------------------------------------------------------
> ≪本メールの取り扱い≫
> ・区分：秘密
> ・開示：必要最小限で可
> ・持出：禁止
> ・期限：無期限
> ・用済後：廃棄
>
>
>