Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use GetTempPath2 API instead of GetTempPath #21

Closed
wants to merge 2 commits into from
Closed

Use GetTempPath2 API instead of GetTempPath #21

wants to merge 2 commits into from

Conversation

dhanalla
Copy link

@dhanalla dhanalla commented Aug 1, 2024
edited
Loading

https://bugs.openjdk.org/browse/JDK-8337408

Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code across the OpenJDK repository to retrieve the temporary directory path, as GetTempPath2 provides enhanced security. While GetTempPath may still function without errors, using GetTempPath2 reduces the risk of potential exploits for users.

The code is duplicated, and we cannot address this issue for the following reasons:

  1. The changes are in four different folders, and there is no shared code between the folders: java.base, jdk.package, jdk.attach, and hotspot.
  2. Some parts of the code use version A, while others use version W (ANSI vs. Unicode).

@dhanalla dhanalla marked this pull request as draft August 1, 2024 20:02
@macarte
Copy link

macarte commented Aug 1, 2024
edited
Loading

I recommend adding a sentence in the PR description acknowledging there is code duplication and the reasoning

JohnTortugo
JohnTortugo reviewed Aug 15, 2024
View reviewed changes
src/hotspot/os/windows/os_windows.cpp
@@ -1515,12 +1519,16 @@ int os::closedir(DIR *dirp) {
// directory not the java application's temp directory, ala java.io.tmpdir.
const char* os::get_temp_directory() {
static char path_buf[MAX_PATH];
if (GetTempPath(MAX_PATH, path_buf) > 0) {
if (_GetTempPath2A != nullptr) {
if (_GetTempPath2A(MAX_PATH, path_buf) > 0) {
return path_buf;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like the code indentation here is not correct. Is it?

src/hotspot/os/windows/os_windows.cpp Outdated
path_buf[0] = '\0';
}
}
else if (GetTempPath(MAX_PATH, path_buf) > 0) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: move "else if" to "}" line.

src/java.base/windows/native/libjava/java_props_md.c
@@ -321,6 +321,26 @@ SetupI18nProps(LCID lcid, char** language, char** script, char** country,
return TRUE;
}

// For dynamic lookup of GetTempPath2 API
typedef DWORD (WINAPI *GetTempPath2WFnPtr)(DWORD, LPWSTR);
static GetTempPath2WFnPtr _GetTempPath2W = NULL;
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the code should use "nullptr" instead of NULL? I'm OK with it being "NULL" if other places in the file also uses NULL.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why all these leading "_" ? Is that a coding guideline for that?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using NULL as it is C code and others are C++.

@dhanalla
Copy link
Author

Created an upstream PR.

@dhanalla dhanalla closed this Aug 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JohnTortugo JohnTortugo JohnTortugo left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dhanalla @macarte @JohnTortugo