Re: [twsocket] Serious bug in TWSocket (AV or buffer overflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // ==
{$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp !
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message -
From: Arno Garrels arno.garr...@gmx.de
To: ICS support mailing twsocket@elists.org
Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // ==
{$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV or bufferoverflow)Pleasehelp !
It is rather strange Delphi compiler does not give error on this! C compiler
would I think.
On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru wrote:
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message - From: Arno Garrels arno.garr...@gmx.de
To: ICS support mailing twsocket@elists.org
Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // ==
{$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV orbufferoverflow)Pleasehelp !
Fastream Technologies wrote:
It is rather strange Delphi compiler does not give error on this! C
compiler would I think.
It effects SOCKS connections only. It isn't a compiler specific bug
but timing related. The buggy code wasn't called at all until I set a
break point in TCustomSocksWSocket.TriggerDataAvailable, tested with
TSmtpCli. That's probably why nobody hit it before.
I applied the posted fix to the source base of both V6 and V7.
It will be available with the next nightly built snapshot
downloadable at:
http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS
--
Arno Garrels
On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru
wrote:
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message - From: Arno Garrels
arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org
Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // ==
{$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our
website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AV orbufferoverflow)Pleasehelp !
I think a C compiler would complain if you pass a char instead of char* in
compile time. That's what I meant.
On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de wrote:
Fastream Technologies wrote:
It is rather strange Delphi compiler does not give error on this! C
compiler would I think.
It effects SOCKS connections only. It isn't a compiler specific bug
but timing related. The buggy code wasn't called at all until I set a
break point in TCustomSocksWSocket.TriggerDataAvailable, tested with
TSmtpCli. That's probably why nobody hit it before.
I applied the posted fix to the source base of both V6 and V7.
It will be available with the next nightly built snapshot
downloadable at:
http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS
--
Arno Garrels
On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev maxterent...@mail.ru
wrote:
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message - From: Arno Garrels
arno.garr...@gmx.de To: ICS support mailing twsocket@elists.org
Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt); // ==
{$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our
website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket (AVorbufferoverflow)Pleasehelp !
Fastream Technologies wrote:
I think a C compiler would complain if you pass a char instead of
char* in compile time. That's what I meant.
Look at the declaration of Move() that makes it clear.
--
Arno Garrels
On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de
wrote:
Fastream Technologies wrote:
It is rather strange Delphi compiler does not give error on this! C
compiler would I think.
It effects SOCKS connections only. It isn't a compiler specific bug
but timing related. The buggy code wasn't called at all until I set a
break point in TCustomSocksWSocket.TriggerDataAvailable, tested with
TSmtpCli. That's probably why nobody hit it before.
I applied the posted fix to the source base of both V6 and V7.
It will be available with the next nightly built snapshot
downloadable at:
http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS
--
Arno Garrels
On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev
maxterent...@mail.ru wrote:
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message - From: Arno Garrels
arno.garr...@gmx.de To: ICS support mailing
twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); //
== Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt);
// == {$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
Re: [twsocket] Serious bug in TWSocket(AVorbufferoverflow)Pleasehelp !
Hi Arno,
I think all Move() calls in ICS code should be checked...
Bugs maybe not only in this place
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message -
From: Arno Garrels arno.garr...@gmx.de
To: ICS support mailing twsocket@elists.org
Sent: Sunday, November 01, 2009 9:35 PM
Subject: Re: [twsocket] Serious bug in
TWSocket(AVorbufferoverflow)Pleasehelp !
Fastream Technologies wrote:
I think a C compiler would complain if you pass a char instead of
char* in compile time. That's what I meant.
Look at the declaration of Move() that makes it clear.
--
Arno Garrels
On Sun, Nov 1, 2009 at 8:07 PM, Arno Garrels arno.garr...@gmx.de
wrote:
Fastream Technologies wrote:
It is rather strange Delphi compiler does not give error on this! C
compiler would I think.
It effects SOCKS connections only. It isn't a compiler specific bug
but timing related. The buggy code wasn't called at all until I set a
break point in TCustomSocksWSocket.TriggerDataAvailable, tested with
TSmtpCli. That's probably why nobody hit it before.
I applied the posted fix to the source base of both V6 and V7.
It will be available with the next nightly built snapshot
downloadable at:
http://wiki.overbyte.be/wiki/index.php/FAQ#How_to_get_ICS
--
Arno Garrels
On Sun, Nov 1, 2009 at 12:29 PM, Max Terentiev
maxterent...@mail.ru wrote:
Hi Arno,
Yes, it's helps ! But I will perform some heavy tests for sure...
Thanx for the fix !!!
---
With best regards, Max Terentiev.
Business Software Products.
AMS Development Team.
supp...@bspdev.com
- Original Message - From: Arno Garrels
arno.garr...@gmx.de To: ICS support mailing
twsocket@elists.org Sent: Sunday, November 01, 2009 12:01 PM
Subject: Re: [twsocket] Serious bug in TWSocket (AV or
bufferoverflow)Pleasehelp !
Hello Max,
I was able to reproduce the AV!
Please try this change:
function TCustomSocksWSocket.DoRecv()
[..]
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, FSocksRcvdCnt); //
== Move(FRcvBuf[FSocksRcvdPtr], Buffer^, FSocksRcvdCnt);
// == {$ENDIF}
Result:= FSocksRcvdCnt;
FSocksRcvdCnt := 0;
Exit;
end;
{ User buffer is smaller, copy as much as possible }
{$IFDEF CLR}
for I := 0 to BufferSize - 1 do
Buffer[I] := FRcvBuf[FSocksRcvdPtr + I];
{$ENDIF}
{$IFDEF WIN32}
//Move(FRcvBuf[FSocksRcvdPtr], Buffer, BufferSize); // ==
Move(FRcvBuf[FSocksRcvdPtr], Buffer^, BufferSize); // ==
{$ENDIF}
Does that help?
--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto
http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit
our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
