From 57bed7923e32c031983496795bb12d4d77cf8d15 Mon Sep 17 00:00:00 2001
From: Richard Stanway <r.stanway@gmail.com>
Date: Fri, 30 Oct 2020 17:07:57 +0100
Subject: [PATCH] UI/installer: Use random temp directory for security

Using a fixed path would allow malware on a compromised system to
perform a DLL planting attack. Reported by Erik Wynter.
---
 UI/installer/mp-installer.nsi | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/UI/installer/mp-installer.nsi b/UI/installer/mp-installer.nsi
index 56006b4a3..d2c5a3b11 100644
--- a/UI/installer/mp-installer.nsi
+++ b/UI/installer/mp-installer.nsi
@@ -106,11 +106,10 @@ Function PreReqCheck
 !ifdef INSTALL64
 	; 64 bit Visual Studio 2017 runtime check
 	ClearErrors
-	SetOutPath "$TEMP\OBS"
+	SetOutPath "$PLUGINSDIR"
 	File check_for_64bit_visual_studio_2017_runtimes.exe
-	ExecWait "$TEMP\OBS\check_for_64bit_visual_studio_2017_runtimes.exe" $R0
-	Delete "$TEMP\OBS\check_for_64bit_visual_studio_2017_runtimes.exe"
-	RMDir "$TEMP\OBS"
+	ExecWait "$PLUGINSDIR\check_for_64bit_visual_studio_2017_runtimes.exe" $R0
+	Delete "$PLUGINSDIR\check_for_64bit_visual_studio_2017_runtimes.exe"
 	IntCmp $R0 126 vs2017Missing_64 vs2017OK_64
 	vs2017Missing_64:
 		MessageBox MB_YESNO|MB_ICONEXCLAMATION "Your system is missing runtime components that ${APPNAME} requires. Would you like to download them?" IDYES vs2017true_64 IDNO vs2017false_64