On Thu, 15 Aug 2024 20:28:28 GMT, Dhamoder Nalla <dhana...@openjdk.org> wrote:
>> Use the GetTempPath2 APIs instead of the GetTempPath APIs in native code >> across the OpenJDK repository to retrieve the temporary directory path, as >> GetTempPath2 provides enhanced security. While GetTempPath may still >> function without errors, using GetTempPath2 reduces the risk of potential >> exploits for users. >> >> >> The code to dynamically load GetTempPath2 is duplicated due to the following >> reasons. I would appreciate any suggestions to remove the duplication where >> possible: >> >> 1. The changes span across four different folders—java.base, jdk.package, >> jdk.attach, and hotspot—with no shared code between them. >> 2. Some parts of the code use version A, while others use version W (ANSI >> vs. Unicode). >> 3. Some parts of the code are written in C others in C++. > > Dhamoder Nalla has updated the pull request incrementally with one additional > commit since the last revision: > > fix missing code src/java.base/windows/native/libjava/java_props_md.c line 327: > 325: typedef DWORD (WINAPI *GetTempPath2WFnPtr)(DWORD, LPWSTR); > 326: static GetTempPath2WFnPtr _GetTempPath2W = NULL; > 327: static BOOL _GetTempPath2WInitialized = FALSE; GetJavaProperties should only be used once so I don't think you need to cache it. Also I'm wondering if we can link to the function rather than using GetProcAddress. It looks like GetTempPath2 was added in Windows 8 + Windows Server 2012. I wonder if there is anyone building main line to older SDKs or Windows releases where linking to GetTempPath2 would fail. ------------- PR Review Comment: https://git.openjdk.org/jdk/pull/20600#discussion_r1723600551
