1

Is there any reason paths are still limited to ~250 characters in Windows? I'm not asking about a solution here (since there isn't one, other than \\?\ perhaps), but about why this is still an issue in 2012.

Microsoft itself has failed to provide an explanation, so I'm hoping that maybe someone here, who has more insight into this than me, can provide an answer.

Also, if \\?\ is supposed to be the "cure" to this, why aren't paths implicitly converted to the \\?\ notation by Microsoft's own programs?

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
Dexter
  • 597
  • 1
  • 4
  • 5

1 Answers1

4

My guess is that since MAX_PATH has been well-defined for a number of years, changing it to a bigger value now would be potentially detrimental to a lot of software that relies on it.

There's a lot of ways they could attempt to "fix" this (including shim-libraries, and simply deprecating its use and changing it slowly over time), but they're not extremely trivial to implement. They do provide a work around, that you mention, and that is typically the Microsoft way to do things: don't break backwards compatibility, just add new features.

omghai2u
  • 315
  • 1
  • 6
  • 15
  • I'm not sure how that would break anything, considering that only Windows' API will have to actually "work" with the paths, since programs can't access the file system directly. – Dexter Jul 11 '12 at 12:58
  • Well, the size of MAX_PATH is an assumption programmers make. So, for example, if the programmer allocates memory like: `CHAR szPath[MAX_PATH] = {'\0'};` and later copies the path to the current executable into that buffer like: `strcpy(szPath, argv[0]`. We've got a buffer overflow that could lead to arbitrary code execution for an attacker. If this software runs as SYSTEM, then we've got an opportunity for privilege escalation. – omghai2u Jul 11 '12 at 17:58
  • IIRC, there are API functions that return "up to MAX_PATH" characters, or write "up to MAX_PATH characters" into a buffer. Changing this would indeed break any application using those functions as documented. – Harry Johnston Jul 13 '12 at 05:50
  • Good answer! "typically the Microsoft way to do things: don't break backwards compatibility, just add new features." -- Same reason we're into our third decade later, and we still have the 15 character hostname limit (NETBIOS) for Windows domains. – HopelessN00b Jul 15 '12 at 13:49