[Box Backup-dev] Win32 code review

Charles Lecklider boxbackup-dev at fluffy.co.uk
Mon Jan 30 01:59:58 GMT 2006 

Since we're coming up on 0.10 I thought I'd have a quick look through
the Win32 stuff in trunk; please note my use of the word "quick".

I only found one problem I'd call a show-stopper: no ACL on a pipe. As a
result, current beta testers should be told there's a potential security
problem with any pre-release based on this revision.

-C



Trunk at revision 350:


File: lib\win32\WinNamedPipeStream.cpp
General points: NULL isn't the same as INVALID_HANDLE_VALUE (0 vs.
0xFFFFFFFF). bool isn't the same as BOOL (0 or 1 vs. DWORD used to
return error codes). Yes, the people that did this need to be found and
executed slowly and painfully, but this is how it is....

Function: ctor

mSocketHandle should be INVALID_HANDLE_VALUE (see below).


Function: Accept

This is insecure - anyone can connect to the pipe both locally and
remotely. Since Box runs as LocalSystem (as a service) this is a Bad
Idea (tm).


Function: Connect

Tests for NULL, not INVALID_HANDLE_VALUE. Will throw SocketAlreadyOpen
if Connect fails and is retried.
The pipe mode isn't set to message; it defaults to byte. This may cause
interesting results.


Function: Read

Tests for NULL, not INVALID_HANDLE_VALUE.
bool is not BOOL. ReadFile returns BOOL.


Function: Write

Tests for NULL, not INVALID_HANDLE_VALUE.
bool is not BOOL. WriteFile returns BOOL.
Code style: IMO would be better as a for() loop.


Function: Close
Tests for NULL, not INVALID_HANDLE_VALUE.
Sets mSocketHandle to NULL, not INVALID_HANDLE_VALUE.



File: lib\win32\enu.cpp

Function: RunTimer

This is pretty gross.... How many timers will ever be needed at one go?
More than 31? If not, this can be _much_ better done with CreateEvent,
CreateWaitableTimer and WaitForMultipleObjectsEx.


Function: EnableBackupRights

hToken isn't closed before exit.


Function: openfile

Use of MAX_PATH is inconsistent with \\?\ Unicode syntax. Probably
better to call GetCurrentDirectory directly.


Function: ourfstat

Call to GetFileSizeEx. Only available from Win2k onwards, and file size
is provided by the preceding call to GetFileInformationByHandle anyway.


Function: OpenFileByNameUtf8

Use of MAX_PATH is inconsistent with \\?\ Unicode syntax. Probably
better to call GetCurrentDirectory directly.


Function: opendir

"delete dir->name" should be "delete [] dir->name"


Variable: tempbuff

Noted as not thread friendly. Prepend "__declspec(thread)" to make TLS.

More information about the Boxbackup-dev mailing list