Charteris Community Server

Welcome to the Charteris plc Community
Welcome to Charteris Community Server Sign in | Join | Help
in Search

Chris Dickson's Blog

.NET Framework 2.0 KB928365 Patch problems

The build process for the project I am currently working on just got hosed by Microsoft Security Update for Microsoft .NET Framework 2.0 (KB928365). A hundred-odd projects which had been building correctly for weeks or months suddenly started to error during solution build, with post-build event failures complaining of file paths not found.

The failing post-build events all contained constructs like:

msbuild /v:m "$(ProjectDir)\..\Common\postbuild.proj" ...

the error was happening because these events were now being executed as though it was

msbuild /v:m "<project folder>\Common\postbuild.proj" ...  i.e. looking for the Common folder as a child of the project folder rather than its sibling.

The eagle-eyed may have spotted that the expression in our project file generates a superfluous backslash after the project folder, because the $(ProjectDir) macro is expanded by VS to include a trailing backslash.

It turns out that this security patch changes behaviour at the operating system level concerning the interpretation of file system paths containing duplicated backslash characters. Whereas the OS was previously forgiving of duplicates, treating them just as single backslash characters, the new behaviour somewhat bizarrely treats '\\..\' as though it were just '\' .

I'm wondering whether this change in behaviour is intentional, and somehow related to a security issue, or whether it is an unintentional side effect of something MS have patched. I'm also wondering how many latent defects there are out there in deployed applications, which are going to be exposed by this.  

 

Comments

 

Dmitry said:

Looks like the problem is MSBuild-specific. System.IO.FileInfo works as expected (\\..\ = \..\) when 928365 is installed, while MSBuild does not (\\..\ = \)

:)

August 22, 2007 10:52 AM
 

David Gray said:

I suspect it's uglier than that. Please see the comment that I just left at blogs.msdn.com/.../Finally_2E002E002E00_-Real-Content.aspx

April 21, 2009 4:49 AM

Leave a Comment

(required) 
(optional)
(required) 
Submit
Powered by Community Server (Commercial Edition), by Telligent Systems