[patch] Fix g10/exec.c (make_tempdir) [_WIN32] not properly
handling GetTempPath
David Shaw
dshaw at jabberwocky.com
Wed May 24 07:10:03 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, May 24, 2006 at 03:35:46AM +0100, Israel G. Lugo wrote:
> Greetings,
>
> There is a problem in GnuPG, in the way g10/exec.c's make_tempdir()
> obtains the temporary directory path on Windows systems. There is a
> hardcoded limit of 256 characters (including the '\0') for the length
> of the path (if a hard-limit is to be imposed, it should at least be
> MAX_PATH+1). What's worse, there is no verification being made as to
> whether the buffer was large enough to fit the path. In the event that
> the hardcoded 256 bytes are not enough to hold the path plus '\0',
> GetTempPath will do nothing and return the size of the buffer required
> to hold the path. The current code will take that as success and
> continue on, using uninitialized data as the temporary directory path.
>
> The problem exists in both the stable and development branches, both
> in the CVS and in the releases (1.4.3 and 1.9.20); the relevant
> portion of code is the same in all of them.
I think the proposed fix is a bit of overkill. I'd rather do
something simpler, like (not tested yet):
Index: exec.c
===================================================================
- --- exec.c (revision 4145)
+++ exec.c (working copy)
@@ -129,8 +129,11 @@
if(tmp==NULL)
{
#if defined (_WIN32)
- - tmp=xmalloc(256);
- - if(GetTempPath(256,tmp)==0)
+ char tmp[MAX_PATH+1];
+ int err;
+
+ err=GetTempPath(MAX_PATH+1,tmp);
+ if(err==0 || err>MAX_PATH+1)
strcpy(tmp,"c:\\windows\\temp");
else
{
@@ -165,10 +168,6 @@
sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
- -#if defined (_WIN32)
- - xfree(tmp);
- -#endif
- -
if(mkdtemp(info->tempdir)==NULL)
log_error(_("can't create directory `%s': %s\n"),
info->tempdir,strerror(errno));
> I also saw something which I believe could be changed, in the same
> function: in case of failure to obtain the temporary directory
> (GetTempPath failure), make_tempdir() is using the hardcoded string
> "c:\\windows\\temp". This will break on NT/2000 systems, for example
> (the Windows directory is \WINNT), on some non-English systems and,
> of course, on systems where the user chose to customize his/her
> installation directory (or installed to a partition other than
> C:). I would propose doing away with the hardcoded string and
> obtaining the Windows directory from the API. If that fails as well
> then the hardcoded string could be used as a last resort. I would be
> more than willing to produce such a patch, if it was agreeable to
> the development team.
There is no need to get the Windows directory specially, as
GetTempPath will return the Windows directory as a last resort. It
tries $TMP, $TEMP, $USERPROFILE, and finally the Windows directory. I
must admit I'm not terribly concerned that some version of Windows
somewhere can't handle c:\windows\temp. If we get that far, it means
GetTempPath failed in some manner, and if GetTempPath fails with
MAX_PATH+1, then the system is sufficiently broken that we likely
don't *want* to continue executing. ;)
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4114 (GNU/Linux)
iGoEARECACoFAkRz6qsjGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8lSDgCeIJox4iiLBwcbANsT4oiHFkSnFX4An1iNht1egSrN
egRmrxXfKGwp0kKW
=znhe
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list