Re: [twsocket] Serious bug in TWSocket (AV or buffer overflow)Pleasehelp !
Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp !
Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp !
It is rather strange Delphi compiler does not give error on this! C compiler would I think. On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote: Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV orbufferoverflow)Pleasehelp !
Fastream Technologies wrote: It is rather strange Delphi compiler does not give error on this! C compiler would I think. It effects SOCKS connections only. It isn't a compiler specific bug but timing related. The buggy code wasn't called at all until I set a break point in TCustomSocksWSocket.TriggerDataAvailable, tested with TSmtpCli. That's probably why nobody hit it before. I applied the posted fix to the source base of both V6 and V7. It will be available with the next nightly built snapshot downloadable at: http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS -- Arno Garrels On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote: Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV orbufferoverflow)Pleasehelp !
I think a C compiler would complain if you pass a char instead of char* in compile time. That's what I meant. On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: It is rather strange Delphi compiler does not give error on this! C compiler would I think. It effects SOCKS connections only. It isn't a compiler specific bug but timing related. The buggy code wasn't called at all until I set a break point in TCustomSocksWSocket.TriggerDataAvailable, tested with TSmtpCli. That's probably why nobody hit it before. I applied the posted fix to the source base of both V6 and V7. It will be available with the next nightly built snapshot downloadable at: http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS -- Arno Garrels On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote: Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AVorbufferoverflow)Pleasehelp !
Fastream Technologies wrote: I think a C compiler would complain if you pass a char instead of char* in compile time. That's what I meant. Look at the declaration of Move() that makes it clear. -- Arno Garrels On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: It is rather strange Delphi compiler does not give error on this! C compiler would I think. It effects SOCKS connections only. It isn't a compiler specific bug but timing related. The buggy code wasn't called at all until I set a break point in TCustomSocksWSocket.TriggerDataAvailable, tested with TSmtpCli. That's probably why nobody hit it before. I applied the posted fix to the source base of both V6 and V7. It will be available with the next nightly built snapshot downloadable at: http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS -- Arno Garrels On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote: Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket(AVorbufferoverflow)Pleasehelp !
Hi Arno, I think all Move() calls in ICS code should be checked... Bugs maybe not only in this place --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 9:35 PM Subject: Re: [twsocket] Serious bug in TWSocket(AVorbufferoverflow)Pleasehelp ! Fastream Technologies wrote: I think a C compiler would complain if you pass a char instead of char* in compile time. That's what I meant. Look at the declaration of Move() that makes it clear. -- Arno Garrels On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de wrote: Fastream Technologies wrote: It is rather strange Delphi compiler does not give error on this! C compiler would I think. It effects SOCKS connections only. It isn't a compiler specific bug but timing related. The buggy code wasn't called at all until I set a break point in TCustomSocksWSocket.TriggerDataAvailable, tested with TSmtpCli. That's probably why nobody hit it before. I applied the posted fix to the source base of both V6 and V7. It will be available with the next nightly built snapshot downloadable at: http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS -- Arno Garrels On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote: Hi Arno, Yes, it's helps ! But I will perform some heavy tests for sure... Thanx for the fix !!! --- With best regards, Max Terentiev. Business Software Products. AMS Development Team. supp...@bspdev.com - Original Message - From: Arno Garrels arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM Subject: Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp ! Hello Max, I was able to reproduce the AV! Please try this change: function TCustomSocksWSocket.DoRecv() [..] {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // == {$ENDIF} Result:= FSocksRcvdCnt; FSocksRcvdCnt := 0; Exit; end; { User buffer is smaller, copy as much as possible } {$IFDEF CLR} for I := 0 to BufferSize - 1 do Buffer[I] := FRcvBuf[FSocksRcvdPtr + I]; {$ENDIF} {$IFDEF WIN32} //Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // == Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // == {$ENDIF} Does that help? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be