You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by Mladen Turk <mt...@apache.org> on 2009/09/10 21:02:52 UTC

[WIN32] utf8_to_unicode_path conversion errors

Hi,

I suppose Bill will give some more insight into this
cause it's only win related.

I came into edge case where utf8_to_unicode_path fails
for apr_stat on NT pipes.
NT pipes have maximum name length of 256 chars, and
utf8_to_unicode_path starts mangling paths longer
then 248 chars.

code from file_io/win32/open.c :
if (srcremains > 248) {
  ...
  else if ((srcstr[0] == '/' || srcstr[0] == '\\')
           && (srcstr[1] == '/' || srcstr[1] == '\\')
           && (srcstr[2] != '?')) {
  ...
  wcscpy (retstr, L"\\\\?\\UNC\\");


Now this will for pipe names that always start
with '\\.\pipe\' or  '\\server\pipe\' and are longer
then 248 chars produce something like
\\?\UNC\.\pipe\... leading to ERROR_PATH_NOT_FOUND.
Further more GetFileAttributesW in apr_stat blocks for 30+
seconds leading to potential DoS attack.

The solution is to add "&& (srcstr[2] != '.')" to the
upper check, but dunno if that would break something else

Comments?

Regards
-- 
^TM