RFR: 8337408: Use GetTempPath2 API instead of GetTempPath
Chris Plummer
cjplummer at openjdk.org
Thu Aug 15 18:37:49 UTC 2024
On Thu, 15 Aug 2024 16:23:18 GMT, Dhamoder Nalla <dhanalla at openjdk.org> wrote:
> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code across the OpenJDK repository to retrieve the temporary directory path, as GetTempPath2 provides enhanced security. While GetTempPath may still function without errors, using GetTempPath2 reduces the risk of potential exploits for users.
>
>
> The code to dynamically load GetTempPath2 is duplicated due to the following reasons. I would appreciate any suggestions to remove the duplication where possible:
>
> 1. The changes span across four different folders—java.base, jdk.package, jdk.attach, and hotspot—with no shared code between them.
> 2. Some parts of the code use version A, while others use version W (ANSI vs. Unicode).
> 3. Some parts of the code are written in C others in C++.
src/hotspot/os/windows/os_windows.cpp line 1522:
> 1520: const char* os::get_temp_directory() {
> 1521: static char path_buf[MAX_PATH];
> 1522: if (_GetTempPath2A != nullptr) {
Where does _GetTempPath2A get initialized?
src/hotspot/os/windows/os_windows.cpp line 1525:
> 1523: if (_GetTempPath2A(MAX_PATH, path_buf) > 0) {
> 1524: return path_buf;
> 1525: }
Need to indent line 1524.
src/hotspot/os/windows/os_windows.cpp line 1527:
> 1525: }
> 1526: }
> 1527: else if (GetTempPath(MAX_PATH, path_buf) > 0) {
Suggestion:
} else if (GetTempPath(MAX_PATH, path_buf) > 0) {
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718830564
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718831669
PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1718832664
More information about the core-libs-dev
mailing list