Vulnerability Development mailing list archives
Re: Buffer overflow?
From: "Disco Jonny" <discojonny () gmail com>
Date: Thu, 18 May 2006 10:47:06 +0100
Hi, I am using xp sp2 english and 2k sp 4 english and I cannot reproduce this issue, can you provide a little more detail? It might be worth noting that the maximum file name size in NTFS is FF (255) chars now when you create a file the directory names are included. so if i go to the root dos prompt c:\ and type in echo rar > aaaa..aaaa (255 times) it will allow me to create this file. if i try to move this file to another directory i cannot. if i now type md 1 and switch to that directory the maximum file name size i can create is 254 chars. so potentially there is an integer overflow on the length under certain circumstances, maybe. but it would seem that explorer.exe is coping with this (so probably not exploitable). does it put anything in the error log? are you using any special chars (non english) in the file name? how do you have your folder options set? are you creating the file in dos or windows? oh yeah, if i create a file with 254 chars in c:\1\ then rename the folder 1 to be something like 12345678 then the file is inaccessible and if i right click on it i dont get the options up, if i try to delete it i cant, if i try to open it i cant - all with no errors (xp). 2k is slightly different.. but it all seems to amount to the same (but you get the options like create shortcut, etc up - they just give error messages). cheers dj. On 13 May 2006 07:38:10 -0000, Ivancool2003 () yahoo com ar <Ivancool2003 () yahoo com ar> wrote:
I have windows xp service pack 2 and if i create a file with a 253 Characters long and i press it with the right button, the shell is stopped; explorer.exe and another aplications are reinitiated. What has happened? (sorry my bad english)
Current thread:
- Buffer overflow? Ivancool2003 (May 17)
- Re: Buffer overflow? Alexander Sotirov (May 18)
- Re: Buffer overflow? GulfTech Security Research (May 18)
- Re: Buffer overflow? 3APA3A (May 18)
- Re: Buffer overflow? Disco Jonny (May 18)
- <Possible follow-ups>
- Re: Buffer overflow? john . fellers (May 18)
- Re: Re: Buffer overflow? ivancool2003 (May 18)
- RE: Re: Buffer overflow? Silcock, Stephen (May 18)
- Re: Re: Buffer overflow? Mike Sues (May 18)
- Re: Re: Re: Buffer overflow? ivancool2003 (May 18)
- Re: Buffer overflow? Alexander Sotirov (May 18)