RFR: 8337408: Use GetTempPath2 API instead of GetTempPath [v2]

[Alan Bateman]

On Thu, 15 Aug 2024 20:28:28 GMT, Dhamoder Nalla <dhanalla at openjdk.org> wrote:

>> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code across the OpenJDK repository to retrieve the temporary directory path, as GetTempPath2 provides enhanced security. While GetTempPath may still function without errors, using GetTempPath2 reduces the risk of potential exploits for users.
>> 
>> 
>> The code to dynamically load GetTempPath2 is duplicated due to the following reasons.  I would appreciate any suggestions to remove the duplication where possible:
>> 
>> 1. The changes span across four different folders—java.base, jdk.package, jdk.attach, and hotspot—with no shared code between them.
>> 2. Some parts of the code use version A, while others use version W (ANSI vs. Unicode).
>> 3. Some parts of the code are written in C others in C++.
>
> Dhamoder Nalla has updated the pull request incrementally with one additional commit since the last revision:
> 
>   fix missing code

src/java.base/windows/native/libjava/java_props_md.c line 327:

> 325: typedef DWORD (WINAPI *GetTempPath2WFnPtr)(DWORD, LPWSTR);
> 326: static GetTempPath2WFnPtr _GetTempPath2W = NULL;
> 327: static BOOL _GetTempPath2WInitialized = FALSE;

GetJavaProperties should only be used once so I don't think you need to cache it.

Also I'm wondering if we can link to the function rather than using GetProcAddress. It looks like GetTempPath2 was added in Windows 8 + Windows Server 2012. I wonder if there is anyone building main line to older SDKs or Windows releases where linking to GetTempPath2 would fail.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1723600551