Hi Alon On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: > Currently openvpn requires/endorses specifying full path in plugin > parameter.
Specifying a custom full path is probably something we need to ban in the (near) future, as it imposes an attack vector for privilege escalation by code injection when openvpn is not running as another user or has access to privilege escalation by other means (like the yet to be submitted Windows interactive service). This patch is a step towards this so I think it's absolutely worth a feature ACK. > AM_CFLAGS = \ > + -DOPENVPN_PLUGINDIR="\"$(plugindir)\"" \ Couldn't OPENVPN_PLUGINDIR be an AC_DEFINE in config.h instead? Would keep the command line shorter and more readable. > + if (ExpandEnvironmentStringsW(plugindir, _plugindir_expanded, SIZE(_plugindir_expanded)) != 0) There's _countof defined in the Windows headers that could replace the non-std SIZE here. I had to look SIZE() up. It does the right thing, though. > + _snwprintf(_abs_so_pathname, SIZE(_abs_so_pathname), L"%s%C%s", > plugindir, OS_SPECIFIC_DIRSEP, wide_string(p->so_pathname, &gc)); You need to make sure _abs_so_pathname is zero terminated here. However, I found that _snwprintf does not return a negative value when the buffer is too small. Contrary to http://msdn.microsoft.com/en-us/library/2ts7cx93.aspx So, this could need more research to get right. Heiko
