Jump to content

bug in win32 API file creation RE: long filepaths being let in, causes apps to crash


Guest Jim Michaels

Recommended Posts

Guest Jim Michaels

I think the crashes have been caused by some files in some very popular applications which have very long filepaths. they show up worst on XP boxes,which have a very long APPDATA.

 

some file trees in APPDATA are extremely long, and including the username, exceed 260 characters maximum filepath length for a file (MAX_PATH in the C++ compiler). one file I was looking at was 264 characters. this has been causing crashes in anything that walks a directory tree which uses char arrays for filepaths. so this is a security issue.

Apps this problem can cause to crash or work incorrectly are:


  • [ ]backup.
    [ ]disk cloning.
    [ ]file finding/locating (like whereis or file counting for backup or software testing purposes).
    [ ]file tree copying.
    [ ]disc burning.
    [ ]file compression, since it does entire trees (should someone wish to use that on a filepath that long - they might).
    [ ]any code that walks or touches a directory tree.
    [ ]chkdsk.
    [ ]autochk.
    [ ]defrag.
    [ ]virus scanners, malware scanners.
    [ ]anything that touches the affected part of the filesystem could crash.
    [ ]anything that walks the directory tree.
    [ ]in Win32 API, anything file related or directory related regarding creating files, CreateFile(), I think have filepath length leaks, as well as other functions less nicely named like _open(), etc. which are more likely used by installers... I am sure I am missing some.

I can almost bet that windows vista, 7, 98, 2000, and 8 have this problem as well.

 

windows XP via its win32 API lets these too-long-filepaths into NTFS, FAT32, and the mac might let that in too into HPFS (an NTFS clone) if their OS API is bad enough...

 

this causes crashes (access violations, error 0xc0000005) in any application that walks a directory tree that is not coded for variable-length filepath/directory strings. this means that an attempt was made to access memory that was out-of-bounds for the array.

 

a workaround is instead of using

char sFilePath[MAX_PATH+1];

 

 

to use variable-length

 

string sFilePath;

 

 

and whenever you need to grab a C string for Win32 calls, use

 

sFilePath.c_str()

 

 

that's the easy way of doing it. don't know about UNICODE yet.

 

I have proper source code for walking a directory tree, but it is GPL'd, and I suspect that this will not suit your needs. the above information is only a workaround for application coders.

 

the win32 API's filepath encoding

I have already experienced issues with my antivirus crashing after 2 weeks worth of scan of 2.6TB of data because of a popular app which is causing this. and I will bet that this was the cause.

to see if there are such files in your system, in a cmd shell, do

 

dir/ah /a-h /as /a-s /a-d /s/b \ > files

 

dir/ah /a-h /as /a-s /ad /s/b \ > dirs

 

 

You will need a programmer's editor like The Semware Editor. it has a macro in utilities->potpourri->longstln with the capability of showing the longest line. Really that's what you are shooting for, you can write a simple C/C++ program to do that too. if you need source code which can do that, I can throw something together in a couple of minutes which is cross-platform.

 

//longestline.cpp - takes as arguments the filepaths to read and figure out which is the longest line.

#include <iostream>

#include <ifstream>

#include <string>

using namespace std;

char line[128000+1];

uint64_t linecount;

int main(int argc, char argv[]) {

int i;

string sLine;

for (i=1; i < argc; i++) {

linecount=0;

ifstream f;

f.open(argv, ifstream::in);

if (!f.good()) {

f.close();

continue;

}

while (!f.good()) {

f.getline(line, 128000);

linecount++;

if (!f.good()) {

f.close();

continue;

}

}

f.close();

cout<<"\""<<argv<<"\" has "<<linecount<<" lines."<<endl;

}

return 0;

}

 

Continue reading...

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...