odk/source/unoapploader/win/unoapploader.c | 18 ++++++------------
sal/osl/w32/process.cxx | 6 ++----
2 files changed, 8 insertions(+), 16 deletions(-)
New commits:
commit 7e5a704e7c57f499e6f232b1a346d207f271430b
Author: Mike Kaganski <mike.kagan...@collabora.com>
AuthorDate: Sun Mar 30 10:45:15 2025 +0100
Commit: Mike Kaganski <mike.kagan...@collabora.com>
CommitDate: Sun Mar 30 14:38:05 2025 +0200
Use _wputenv_s instead of _wputenv
Avoids unneeded concatenations; also it's documented as "more secure".
Change-Id: Idbe0bd330992833bc70231a069ddbd808ea94b62
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/183502
Tested-by: Jenkins
Reviewed-by: Mike Kaganski <mike.kagan...@collabora.com>
diff --git a/odk/source/unoapploader/win/unoapploader.c
b/odk/source/unoapploader/win/unoapploader.c
index 67c684b86d8a..e0c32cf1b459 100644
--- a/odk/source/unoapploader/win/unoapploader.c
+++ b/odk/source/unoapploader/win/unoapploader.c
@@ -204,22 +204,16 @@ int WINAPI wWinMain( HINSTANCE hInstance, HINSTANCE
hPrevInstance,
* note that this only affects the environment variable of the current
* process, the command processor's environment is not changed
*/
- size_t size = wcslen( ENVVARNAME ) + wcslen( L"=" ) + wcslen( path ) +
1;
- if ( value != NULL )
- size += wcslen( PATHSEPARATOR ) + wcslen( value );
- wchar_t* envstr = (wchar_t*) malloc( size*sizeof(wchar_t) );
- assert(envstr);
- wcscpy( envstr, ENVVARNAME );
- wcscat( envstr, L"=" );
- wcscat( envstr, path );
if ( value != NULL )
{
- wcscat( envstr, PATHSEPARATOR );
- wcscat( envstr, value );
+ size_t size = wcslen(path) + wcslen(PATHSEPARATOR) + wcslen(value)
+ 1;
+ path = (wchar_t*)realloc(path, size * sizeof(wchar_t));
+ assert(path);
+ wcscat(path, PATHSEPARATOR);
+ wcscat(path, value);
}
/* coverity[tainted_data : FALSE] */
- _wputenv( envstr );
- free( envstr );
+ _wputenv_s(ENVVARNAME, path);
free( path );
}
else
diff --git a/sal/osl/w32/process.cxx b/sal/osl/w32/process.cxx
index 756ae5f4dbac..259e18c2f781 100644
--- a/sal/osl/w32/process.cxx
+++ b/sal/osl/w32/process.cxx
@@ -443,8 +443,7 @@ oslProcessError SAL_CALL osl_setEnvironment(rtl_uString
*ustrVar, rtl_uString *u
// set Windows environment variable
if (SetEnvironmentVariableW(o3tl::toW(ustrVar->buffer),
o3tl::toW(ustrValue->buffer)))
{
- OUString sAssign = OUString::unacquired(&ustrVar) + "=" +
OUString::unacquired(&ustrValue);
- _wputenv(o3tl::toW(sAssign.getStr()));
+ _wputenv_s(o3tl::toW(ustrVar->buffer), o3tl::toW(ustrValue->buffer));
return osl_Process_E_None;
}
return osl_Process_E_Unknown;
@@ -456,8 +455,7 @@ oslProcessError SAL_CALL osl_clearEnvironment(rtl_uString
*ustrVar)
// by setting SetEnvironmentVariable's second parameter to NULL
if (SetEnvironmentVariableW(o3tl::toW(ustrVar->buffer), nullptr))
{
- OUString sAssign = OUString::unacquired(&ustrVar) + "=";
- _wputenv(o3tl::toW(sAssign.getStr()));
+ _wputenv_s(o3tl::toW(ustrVar->buffer), L"");
return osl_Process_E_None;
}
return osl_Process_E_Unknown;
