Bugtraq mailing list archives
Re: Bug in WinNT 4.0 SP4
From: dleblanc () MINDSPRING COM (David LeBlanc)
Date: Tue, 20 Apr 1999 07:12:23 -0700
At 03:15 PM 4/19/99 +-200, Alvaro Gilabert wrote:
Hi, I supose it is a bug and I will explain why do I think so You can exceed the limit in the number of chars allowed in a filename.
WinNT does allow it. You can move a folder to a deeper one exceeding it. That's because the limit isn't where you think it is. From the documentation on CreateFile in the SDK: Windows NT: You can use paths longer than MAX_PATH characters by calling the wide (W) version of CreateFile and prepending \\?\ to the path. The \\?\ tells the function to turn off path parsing. This lets you use paths that are nearly 32,000 Unicode characters long. You must use fully-qualified paths with this technique. This also works with UNC names. The \\?\ is ignored as part of the path. For example, \\?\C:\myworld\private is seen as C:\myworld\private, and \\?\UNC\tom_1\hotstuff\coolapps is seen as \\tom_1\hotstuff\coolapps. =============================== So it seems that if you use the APIs properly, you can deal with extremely long paths. When you move things around, it is very likely that you are dealing with relative names, not absolute names. David LeBlanc dleblanc () mindspring com
Current thread:
- Re: Netscape 4.5 vulnerability Jon Schlegel (Apr 08)
- <Possible follow-ups>
- Re: Netscape 4.5 vulnerability Wojtek Kaniewski (Apr 08)
- Re: Netscape 4.5 vulnerability Dima Volodin (Apr 09)
- Re: Netscape 4.5 vulnerability Juha Jäykkä (Apr 15)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)
- Re: stored credentials was: Netscape 4.5 vulnerability Bernd Eckenfels (Apr 20)
- Bug in WinNT 4.0 SP4 Alvaro Gilabert (Apr 19)
- Re: Bug in WinNT 4.0 SP4 David LeBlanc (Apr 20)
- Security Bulletins Digest aleph1 () UNDERGROUND ORG (Apr 20)
- stored credentials was: Netscape 4.5 vulnerability Russell Fulton (Apr 18)