Re: Buffer overflow?

["Disco Jonny" <discojonny () gmail com>]

Hi,

I am using xp sp2 english and 2k sp 4 english and I cannot reproduce
this issue, can you provide a little more detail?

It might be worth noting that the maximum file name size in NTFS is FF
(255) chars now when you create a file the directory names are
included.
so if i go to the root dos prompt c:\ and type in

echo rar > aaaa..aaaa (255 times) it will allow me to create this
file.  if i try to move this file to another directory i cannot.

if i now type md 1 and switch to that directory the maximum file name
size i can create is 254 chars.

so potentially there is an integer overflow on the length under
certain circumstances, maybe.  but it would seem that explorer.exe is
coping with this (so probably not exploitable).  does it put anything
in the error log? are you using any special chars (non english) in the
file name? how do you have your folder options set? are you creating
the file in dos or windows?

oh yeah, if i create a file with 254 chars in c:\1\ then rename the
folder 1 to be something like 12345678 then the file is inaccessible
and if i right click on it i dont get the options up, if i try to
delete it i cant, if i try to open it i cant - all with no errors
(xp). 2k is slightly different.. but it all seems to amount to the
same (but you get the options like create shortcut, etc up - they just
give error messages).

cheers

dj.

On 13 May 2006 07:38:10 -0000, Ivancool2003 () yahoo com ar
<Ivancool2003 () yahoo com ar> wrote:
> I have windows xp service pack 2 and if i create a file with a 253
>
> Characters long and i press it with the right button, the shell is stopped;
>
> explorer.exe and another aplications are reinitiated. What has
>
> happened?
>
>
> (sorry my bad english)