From xemacs-m  Thu Sep 25 01:02:26 1997
Received: from altair.xemacs.org (steve@xemacs.miranova.com [206.190.83.19])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id BAA14206
	for <xemacs-beta@xemacs.org>; Thu, 25 Sep 1997 01:02:25 -0500 (CDT)
Received: (from steve@localhost)
	by altair.xemacs.org (8.8.7/8.8.7) id XAA26497;
	Wed, 24 Sep 1997 23:08:31 -0700
Mail-Copies-To: never
To: xemacs-beta@xemacs.org
Subject: Fatal serious (security) flaw in XEmacs 19.16/20.3
X-Face: (:YAD@JS'&Kz'M}n7eX7gEvPR6U1mJ-kt;asEc2qAv;h{Yw7ckz<7+X_SYeTNAaPui:e~x$
 ,A=gkt*>UPL/}\a/#C~v2%ETiAY_sx;xve0yL??JWTtX_-NUzXyP38UdW#cmN1\4(X!c3m#%IbtB-3
 Z-!xpZi!`E.s{(;aP=b11"!3wQu]1j@^V|;n=B|{l<bZV1.AI`zWV%kPCnUhcgEe\(}/_kNd6,*3ZJ
 Q3o<YQ3^u;7jS=:p0--u3msQO
X-Attribution: sb
From: SL Baur <steve@xemacs.org>
Mime-Version: 1.0 (generated by tm-edit 7.108)
Content-Type: text/plain; charset=US-ASCII
Date: 24 Sep 1997 23:08:30 -0700
Message-ID: <m2zpp22ae9.fsf@altair.xemacs.org>
Lines: 21
X-Mailer: Quassia Gnus v0.10/XEmacs 20.3(beta24) - "Ljubljana"

Please evaluate this function (in a separate invocation if you are
reading mail in XEmacs) and report back if you *do not* see an error
message or check to see what your system #defines MAXNAMLEN to.

(directory-files "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa")

I see:

Opening directory: File name too long, #<EMACS BUG: ILLEGAL DATATYPE (#o  7) Save your buffers immediately and please report this bug>

This is actually a stack overrun, and it exists in 19.16[1].  

The problem is due to using an ancient variable (MAXNAMLEN) as a limit 
to path length and not checking the length of passed in filenames
before stuffing them into auto variables.

What is the correct POSIX way to get max file name length?

Footnotes: 
[1]  A unit definition of `show stopper' if there ever was one.

