From 91b103631b3639525c93afb4bf3e3aa74afc15b6 Mon Sep 17 00:00:00 2001
From: Richard T Bonhomme <tincantech@protonmail.com>
Date: Fri, 9 Aug 2024 12:18:56 +0100
Subject: [PATCH] Windows secure_session(): Minimize and document specific race
 conditon

mkdir.exe always retruns true, regardless of the result, under Windows 11,
unless Windows 11 UAC has granted FULL administrator privileges to Easy-RSA.

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
---
 easyrsa3/easyrsa | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
index fca04663..1c4e90e0 100755
--- a/easyrsa3/easyrsa
+++ b/easyrsa3/easyrsa
@@ -785,10 +785,18 @@ secure_session() {
 		secured_session="${EASYRSA_TEMP_DIR}/${session}"
 
 		# atomic:
+		# ONLY effects Windows 11 "broken" mkdir.exe
+		# The procedure now is a "poor man's" version
+		# of an atomic directory creation call.
+		# The "race condition" still exists but is minimized.
+		# What remains is equivalent to 32bit hash collision.
+		[ -d "$secured_session" ] && continue
 		if mkdir "$secured_session"; then
 			# Check mkdir.exe has created the directory
 			[ -d "$secured_session" ] || \
 				die "secure_session - mkdir FAILED"
+			[ -f "$secured_session"/temp.0.1 ] && \
+				die "secure_session - temp-file EXISTS"
 
 			# New session requires safe-ssl conf
 			unset -v OPENSSL_CONF safe_ssl_cnf_tmp \