On Wed, Jul 18, 2012 at 4:34 PM, Alon Bar-Lev <alon.bar...@gmail.com> wrote: > Hi! > > On Wed, Jul 18, 2012 at 2:44 PM, Heiko Hund <heiko.h...@sophos.com> wrote: >> Hi Alon >> >> On Tuesday 26 June 2012 20:05:02 Alon Bar-Lev wrote: >>> Currently openvpn requires/endorses specifying full path in plugin >>> parameter. >> >> Specifying a custom full path is probably something we need to ban in the >> (near) future, as it imposes an attack vector for privilege escalation by >> code >> injection when openvpn is not running as another user or has access to >> privilege escalation by other means (like the yet to be submitted Windows >> interactive service). >> >> This patch is a step towards this so I think it's absolutely worth a feature >> ACK. >> >>> AM_CFLAGS = \ >>> + -DOPENVPN_PLUGINDIR="\"$(plugindir)\"" \ >> >> Couldn't OPENVPN_PLUGINDIR be an AC_DEFINE in config.h instead? Would keep >> the >> command line shorter and more readable.
No... autoconf has issues with *dir during its run, automake is the one that actually resolve the directories into something usable. >> >>> + if (ExpandEnvironmentStringsW(plugindir, _plugindir_expanded, >> SIZE(_plugindir_expanded)) != 0) >> >> There's _countof defined in the Windows headers that could replace the >> non-std >> SIZE here. I had to look SIZE() up. It does the right thing, though. Oh... I just wanted to be consistent with openvpn styles. >>> + _snwprintf(_abs_so_pathname, SIZE(_abs_so_pathname), L"%s%C%s", >>> plugindir, OS_SPECIFIC_DIRSEP, wide_string(p->so_pathname, &gc)); >> >> You need to make sure _abs_so_pathname is zero terminated here. However, I >> found that _snwprintf does not return a negative value when the buffer is too >> small. Contrary to http://msdn.microsoft.com/en-us/library/2ts7cx93.aspx >> So, this could need more research to get right. > > Thank you so much! > I did not know sn*printf of MS are not C99 complaint! > > Alon.
