[patch] Fix g10/exec.c (make_tempdir) [_WIN32] not properly handling GetTempPath

David Shaw dshaw at jabberwocky.com
Thu May 25 05:55:23 CEST 2006


On Thu, May 25, 2006 at 01:21:36AM +0100, Israel G. Lugo wrote:

> > Note also that this incorrect code has been in GnuPG for around 4
> > years now, and nobody noticed, meaning nobody used a temporary
> > directory path larger than 256 bytes...
> Uhh... I'm sorry for trying to help, then? I don't see the need to
> become so defensive.

I don't mention it in terms of defensiveness, I mention it to try and
put some perspective to this discussion: we're not talking about a
fatal flaw in a cipher here.  We're talking about *picking a temporary
directory*.  (By the way, on Win32, GnuPG has MAX_PATH bytes hardcoded
in multiple places.  It's not just temporary directories.)

> > This is not a "Windows=Bad, Unix=Good" thing!  Both Windows and
> > Unix provide an API for getting a temporary directory.  If that API
> > fails, then that's it, on whatever platform.  In the Unix code, if
> > you set $TMPDIR to garbage, then it won't work.  In neither case do
> > I think that trying many different directories to try and find a
> > "good" one is advisable.
> The c:\windows\temp thing wasn't even my main point... You will notice
> I did not address that in the patch I sent. My point was fixing a
> quite real problem (GetTempPath's result was not being checked and tmp
> could be used with complete garbage inside if, say, $TMP was > 256,
> for example) and improving something which could be improved (loosing
> the hardcoded malloc and switching to a flexible, non-limited and
> non-wasting solution).

As I have said, I completely agree with you about the problem with
temporary paths over 256 bytes.  There was never any question about
that, and in fact it has already been fixed.  The improvement that you
proposed in the same mail, however, I disagree with.  I don't think
that the cost/benefit ratio justifies it.  It's complex, involving
(potentially) multiple passes just to get a temporary directory.  You
also suggested fallbacks if GetTempDir did not succeed.  If this was a
crucial part of the system, I'd probably be more eager to dive into
it, but again, we're talking about picking a temporary directory here.

> I wanted to to offer my help in a project which I find worthy and
> noble, to contribute and engage in a friendly technical discussion
> with fellow developers; not to argue with them.

I'm sorry you interpret someone disagreeing with you as an argument.
I feel quite friendly about this discussion.

David



More information about the Gnupg-devel mailing list