[patch] Fix g10/exec.c (make_tempdir) [_WIN32] not properly handling GetTempPath

David Shaw dshaw at jabberwocky.com
Thu May 25 16:23:58 CEST 2006

On Thu, May 25, 2006 at 06:43:56AM +0100, Israel G. Lugo wrote:

> The passes thing is only there to take care of the race condition
> where $TMP might change between us polling the temp length and
> actually obtaining it the second time around. It is highly unlikely
> that it would happen (except for some sort of timed attack), but in
> the event that it does, I wanted the code to be protected against it.
> This is, after all, a security program. In other words, I did not want
> to see CERT publishing "race condition bug in GnuPG leads to crash
> with potential data leak" or whatever one year from now, due to my
> additions to the code.

I do not believe there is a race there, and the multiple passes are
needless complexity. GetTempDir is documented to return:

   1. The path specified by the TMP environment variable.
   2. The path specified by the TEMP environment variable.
   3. The path specified by the USERPROFILE environment variable.
   4. The Windows directory.

On Win98, it goes a bit further and may return the current directory
in some cases.

Unless Windows can change environment variables out from under a
running process, I don't see how any of these change in between

> > I'm sorry you interpret someone disagreeing with you as an
> > argument.
> That is a straw man assertion... I do not interpret someone
> disagreeing with me as an argument.

Equally as much as the old and tired "Free Software people hate
Windows" thing?

> It is simply that I had made the report, worked on the patch and
> offered the solution, with the best of intents, wanting to help by
> fixing a bug and improving a given piece of code to make it more
> robust.

This is the problem.  I don't agree with your solution.  I don't think
you need multiple passes.  I do question just how useful it is to
allow arbitrarily large temporary directories when every other piece
of directory fetching code for Win32 has a MAX_PATH limit anyway, but
don't really care much either way about this.

Either way, my disagreeing with you doesn't mean I hate Windows, don't
follow Free Software ideals, or any such thing.  It just means I don't
agree with you.


More information about the Gnupg-devel mailing list