LGTM on the MAX_PATH extension. I guess it's up to the other patch to actually prevent the exploit though, since AFAICT this will only make it so the attacker needs to craft a longer file name to cause the same behavior? (Not that I think it affects anything, but it's worth noting that `MAX_PATH` is not always the maximum path length on Windows -- Windows 10 can have this limit removed in the registry, and thus many Windows API functions would still allow it. And also windows allows the "\\?\really\really\really\long\path" extended path syntax that can be up to 32,767 chars long. ([link](https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation))
Bug 1746139 Comment 32 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
LGTM on the `MAX_PATH` extension. I guess it's up to the other patch to actually prevent the exploit though, since AFAICT this will only make it so the attacker needs to craft a longer file name to cause the same behavior? (Not that I think it affects anything, but it's worth noting that `MAX_PATH` is not always the maximum path length on Windows -- Windows 10 can have this limit removed in the registry, and thus many Windows API functions would still allow it. And also windows allows the "\\?\really\really\really\long\path" extended path syntax that can be up to 32,767 chars long. ([link](https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation))
LGTM on the `MAX_PATH` extension. I guess it's up to the other patch to actually prevent the exploit though, since AFAICT this will only make it so the attacker needs to craft a longer file name to cause the same behavior? (Not that I think it affects anything, but it's worth noting that `MAX_PATH` is not always the maximum path length on Windows -- Windows 10 can have this limit removed in the registry, and thus many Windows API functions would still allow it. And also windows allows the "\\?\really\really\really\long\path" extended path syntax that can be up to 32,767 chars long. ([link](https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation) )
LGTM on the `MAX_PATH` extension. I guess it's up to the other patch to actually prevent the exploit though, since AFAICT this will only make it so the attacker needs to craft a longer file name to cause the same behavior? (Not that I think it affects anything, but it's worth noting that `MAX_PATH` is not always the maximum path length on Windows -- Windows 10 can have this limit removed in the registry, and thus many Windows API functions would still allow it. And also windows allows the "\\?\really\really\really\long\path" extended path syntax that can be up to 32,767 chars long. ([link](https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation)))