Hi Martin.
Although the flow of events is incorrect, a buffer overflow
nevertheless should not occur.
If you compress the encrypted text or the normal text should not
matter in my general understanding.
Best regards,
Manfred
Am 01.03.2006 um 23:59 schrieb DM Smith:
Martin,
You have the flow of events incorrect. Compression is last on
building. Decompression is first on reading.
It could be that it is experiencing the same bug I encountered in
JSword. I'll check (as it is a one line change)
Martin Gruner wrote:
Hi,
when testing the new GerHfa2002 module, I discovered a major bug
in sword. I tried to open the locked module without having the key
yet. In some chapters garbage text shows up which clearly belongs
not to the module, but to other parts of the address space of
BibleTime.
IIRC, in Sword, module encryption works like this
raw text -> compression -> encryption
raw text -> encryption -> compression
encryption does not change the size of the file.
This is supposed to strengthen the encryption. But if you don't
have the encryption key, then the decryption can't work:
decryption -> decompression -> raw text
decompression -> decryption -> raw text
Actually, if anyone cares to know, there is no difference between
encryption and decryption.
Since decryption does not work, decompression tries to uncompress
the encrypted text (that's what I guess here). This sometimes
leads to buffer overflows (not deterministic). For example, I had
this text in Joshua 1 in BibleTime:
1 2 3 b 4 5 6 o 7 8 r-Verlag" and "Friedrich Reinhardt
Verlag", we are able to distribute (for missionary purposes) the
text of the LOSUNG ("Watchwords" -selected Old and New Testamtent
texts-) as freeware. I am very glad about this opportunity, and
with all my heart I give thanks to our great God. I am also
grateful to all those sustaining this missionary opportunity 9 in
prayer. Their part is crucial.\par\parThis free version on disk
displays only the Old and New Testament verses. The publisher
"H�nssler-Verlag" in Germany offers a disk version 10 for sale
(in German), which displays additional text from the printed
booklet.\par\parEach user and distributor of this disk must adhere
to the license agreement below:\par\par You may distribute the
content of this disk or program package only in unmodified form.
You must not remove, modify, or pass along any files separately.
\par\par Via BBS you m 12 ay distribute individual program
packets, such as: \par\par winlos99.exe \par doslos99.exe \par
os2los99.zip \par atalsg99.zip \par etc.. \par\par The same
restriction applies here, as well: \par\par Distribution of the
LOSUNG ("Watchwords") texts without their respective display
programs is not permitted. You must not alter the content of the
texts.\par\par The programs themselves are copyrighted (German
"Urheberrecht") for the benefit of their progr 13 am authors. See
program documentation for details.\par\parAdditionally, the
following applies:
\par\par the LOSUNG ("Watchwords") may be used exclusively by the
name "LOSUNG" with the freeware programs provided, and may only be
distributed free of charge. \par advertisement, distribution for
profit, and distribution through commercial companies, is
prohibited. \par you must not use or incorporate the freeware
LOSUNG ("Watchwords") texts in any other software program (e.g. an
or 15 ganizer program), unless the sole function of the program is
to display the LOSUNG ("Watchwords") text on the screen. \par
\parImportant Copyright Information regarding the English Bible
Texts:
\par\par The Text of the "AUTHORIZED VERSION" (popularly known as
the "King Jam 16 es Version") is in the Public Domain.\par\par The
NEW INTERNATIONAL VERSION (often abbreviated as "NIV")\par
"Scripture t 17 aken from the HOLY BIBLE, NEW INTERNATIONAL
VERSION (R)\par Copyright (C) 1973, 1978, 1984\par 18 by
International Bible Society.\par Used by permission of Zondervan
Publishing House.\par All rights reserved."\par\par T
This obviously comes from other parts of BibleTime's address
space. Try "mod2imp GerHfa2002" and you might see places where
this happens. The GerHfaLex2002 module crashes BibleTime on my
system, perhaps because the decompressor tries to access memory
that is outside of BibleTime's address space.
The console always spits out warnings like:
no room in outbuffer to during decompression. see zipcomp.cpp
no room in outbuffer to during decompression. see zipcomp.cpp
I don't know how the decompression algorithms and Sword's design
in this regard work. Perhaps somebody wants to investigate? This
is both a stability and a security problem.
Martin
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
_______________________________________________
sword-devel mailing list: sword-devel@crosswire.org
http://www.crosswire.org/mailman/listinfo/sword-devel
Instructions to unsubscribe/change your settings at above page
