From patchwork Mon Jan 8 17:13:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 3554 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7301:2791:b0:100:d2e5:60d with SMTP id hm17csp5382800dyb; Mon, 8 Jan 2024 09:14:27 -0800 (PST) X-Google-Smtp-Source: AGHT+IGuHNFc7BhWCjxXr0eYSpTPKOCMSgDfImRYS2xu2Ym2gIWMux8l5CP3oHFnosVqxN5FjzzL X-Received: by 2002:a17:902:d212:b0:1d5:82e:e95c with SMTP id t18-20020a170902d21200b001d5082ee95cmr7507634ply.4.1704734067158; Mon, 08 Jan 2024 09:14:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704734067; cv=none; d=google.com; s=arc-20160816; b=JupRbxvv0/7/UwlBD3fpYhIkR+3sMvPulDd23gARURFHD33pIdtdK7G1uAq3+YZn0g QEV//7Px/+PtQlADKyOPuG2SlLJAb50AVxXgWL4eFtY/Bgm89KcdTL4PfnhASbz7/nfb /4VC3bJXe8/jRxsOIkioNoGXg7iwv0Rk1DS8a9bnphrfZzWPh8a2dbq6sBmk4syCfXvZ c11R4lBShp083eYeuX0bxzf8c5LzIfH7IK4Yg8IQnDHvz8KXbmwrO3VZuhJkV6o8P1w7 rHBwj40DaropDlxt2auVgmy56mY77c45PUaifBxHNyTIhr6qMDv1V3GrYoKBZrvxfD3m ATsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=ADTVIFTdpd/WKkANM58WCXND99YeL2i1sg3TcLV1pJU=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=c7mXlQeLPONsLKoXbZV/ybCBfSts2LfReWgKrXyKjJF5WIwiUlyUbfV8ztxgmYdymq KOn35NtgZRZQSzQmXKB40PyCeXn7tX0KZOr69AKOkXpsvYL3Ge4NFVpuNKngeRpJR4tG bko1VrbMTSOb0hzeeH1lJiHyIlsK/PGGZ2WOTjatk9TgwhlHW2RdZa208NBNtbj9ln1P bSufn1WZQ/gFM3Eumb0/MZvuvXMULpGFlDH+hlZLJEfnhimYYZjzSH35GWqygvrBTyKJ 1/rCD/wdpJlFJRVPNNwt+pxRpgzzdThyrcyg6Q4+Oo0OS7sZx5UNm4i2Km04AUiTG2Sz U3cA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ld/t10jI"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iDUe33dO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id b5-20020a170902bd4500b001d4593a2e8bsi143366plx.570.2024.01.08.09.14.26 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 08 Jan 2024 09:14:27 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b="ld/t10jI"; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=iDUe33dO; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1rMtCP-0004Vu-BX; Mon, 08 Jan 2024 17:14:05 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1rMtCM-0004Vf-74 for openvpn-devel@lists.sourceforge.net; Mon, 08 Jan 2024 17:14:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=DN8lhAoIffEpJyfP27m1ai0IckeJcVNFw1Iv90feFis=; b=ld/t10jI9QDOvwjsl4bLjDFXTH C3IbyOv11BXiqyg2uIXy6qSfiTjEVeHiR/4HwUsrm8ayZ2uWpjrVskJILDSktpKm5mJU3vlm8GUia u/Fu257MZ7faDcpdEmdxf03QzNNSXGI4AAjhCeQbKcw1jtc6dDiAdh41mffOX8qdrass=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=DN8lhAoIffEpJyfP27m1ai0IckeJcVNFw1Iv90feFis=; b=iDUe33dO4iJI5aXO1P/9tsHQaR ajLNUOK+YW4aMa5FXisv3FW01i41a+J7XPYZ6bPrBsKEeQAUu3qIL35QOzjXfbmGBq//yqPxFEhu5 1zTw057ResAFG1Yeu8diyp1AmSyia/VNBspD9lxghAoU6sxZ/VIKjbO/ltGQl5MvNMfk=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1rMtCK-0002FK-5v for openvpn-devel@lists.sourceforge.net; Mon, 08 Jan 2024 17:14:01 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 408HDoBn015925 for ; Mon, 8 Jan 2024 18:13:50 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 408HDoot015924 for openvpn-devel@lists.sourceforge.net; Mon, 8 Jan 2024 18:13:50 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 8 Jan 2024 18:13:49 +0100 Message-ID: <20240108171349.15871-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: -0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe Currently we only warn in get_tmp_dir fails and set o->tmp_dir to a null pointer. This will not be caught by check_file_access_chroot either since that ignores NULL pointers but other parts of OpenVPN [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 T_SCC_BODY_TEXT_LINE No description available. X-Headers-End: 1rMtCK-0002FK-5v Subject: [Openvpn-devel] [PATCH v2] Move get_tmp_dir to win32-util.c and error out on failure X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1787543228893367524?= X-GMAIL-MSGID: =?utf-8?q?1787543228893367524?= From: Arne Schwabe Currently we only warn in get_tmp_dir fails and set o->tmp_dir to a null pointer. This will not be caught by check_file_access_chroot either since that ignores NULL pointers but other parts of OpenVPN will assume that tmp_dir is set to a non-NULL string. Also move get_tmp_dir to ssl-utils.c to use it in unit tests. Change-Id: I525ccf7872880367b248ebebb0ddc83551498042 Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/481 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/options.c b/src/openvpn/options.c index e498114..79958db 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -885,7 +885,15 @@ #ifdef _WIN32 /* On Windows, find temp dir via environment variables */ o->tmp_dir = win_get_tempdir(); -#else + + if (!o->tmp_dir) + { + /* Error out if we can't find a valid temporary directory, which should + * be very unlikely. */ + msg(M_USAGE, "Could not find a suitable temporary directory." + " (GetTempPath() failed). Consider using --tmp-dir"); + } +#else /* ifdef _WIN32 */ /* Non-windows platforms use $TMPDIR, and if not set, default to '/tmp' */ o->tmp_dir = getenv("TMPDIR"); if (!o->tmp_dir) diff --git a/src/openvpn/win32-util.c b/src/openvpn/win32-util.c index 81e504a..c5e7505 100644 --- a/src/openvpn/win32-util.c +++ b/src/openvpn/win32-util.c @@ -147,4 +147,26 @@ } return true; } + +const char * +win_get_tempdir(void) +{ + static char tmpdir[MAX_PATH]; + WCHAR wtmpdir[MAX_PATH]; + + if (!GetTempPathW(_countof(wtmpdir), wtmpdir)) + { + return NULL; + } + + if (WideCharToMultiByte(CP_UTF8, 0, wtmpdir, -1, NULL, 0, NULL, NULL) > sizeof(tmpdir)) + { + msg(M_WARN, "Could not get temporary directory. Path is too long." + " Consider using --tmp-dir"); + return NULL; + } + + WideCharToMultiByte(CP_UTF8, 0, wtmpdir, -1, tmpdir, sizeof(tmpdir), NULL, NULL); + return tmpdir; +} #endif /* _WIN32 */ diff --git a/src/openvpn/win32-util.h b/src/openvpn/win32-util.h index ac37979..98bf74b 100644 --- a/src/openvpn/win32-util.h +++ b/src/openvpn/win32-util.h @@ -40,5 +40,8 @@ /* return true if filename is safe to be used on Windows */ bool win_safe_filename(const char *fn); +/* Find temporary directory */ +const char *win_get_tempdir(void); + #endif /* OPENVPN_WIN32_UTIL_H */ #endif /* ifdef _WIN32 */ diff --git a/src/openvpn/win32.c b/src/openvpn/win32.c index e998d90..6b7ba5e 100644 --- a/src/openvpn/win32.c +++ b/src/openvpn/win32.c @@ -1137,34 +1137,6 @@ set_win_sys_path(buf, es); } - -const char * -win_get_tempdir(void) -{ - static char tmpdir[MAX_PATH]; - WCHAR wtmpdir[MAX_PATH]; - - if (!GetTempPathW(_countof(wtmpdir), wtmpdir)) - { - /* Warn if we can't find a valid temporary directory, which should - * be unlikely. - */ - msg(M_WARN, "Could not find a suitable temporary directory." - " (GetTempPath() failed). Consider using --tmp-dir"); - return NULL; - } - - if (WideCharToMultiByte(CP_UTF8, 0, wtmpdir, -1, NULL, 0, NULL, NULL) > sizeof(tmpdir)) - { - msg(M_WARN, "Could not get temporary directory. Path is too long." - " Consider using --tmp-dir"); - return NULL; - } - - WideCharToMultiByte(CP_UTF8, 0, wtmpdir, -1, tmpdir, sizeof(tmpdir), NULL, NULL); - return tmpdir; -} - static bool win_block_dns_service(bool add, int index, const HANDLE pipe) { diff --git a/src/openvpn/win32.h b/src/openvpn/win32.h index 3605966..aa8513b 100644 --- a/src/openvpn/win32.h +++ b/src/openvpn/win32.h @@ -286,9 +286,6 @@ /* call self in a subprocess */ void fork_to_self(const char *cmdline); -/* Find temporary directory */ -const char *win_get_tempdir(void); - bool win_wfp_block_dns(const NET_IFINDEX index, const HANDLE msg_channel); bool win_wfp_uninit(const NET_IFINDEX index, const HANDLE msg_channel);