David Colliver napisał(a):
> I just happened to come across the vulnerability as someone has reported it
> on many security websites. They have described it as this and have test
> code, but the code they use to test is not something I understand. I know of
> vulnerabilities, but as I am more a web developer than a windows developer,
> my security experience on windows is limited.
> It certainly looks like email addresses. I know that 4000 bytes are unusual
> but this is how a lot of software tends to suffer from exploits like this,
> as 4000 bytes is not regularly tested for.
It's not just "not regularly tested for", but in most cases - "wrongly
designed". That's right.
> I am going through my code. It may be where I am saving email address to the
> database... I have a field length of 100. I am going through all the code
> looking for where the commandtail (the second part of the email command) is
> saved and using Copy(commandtail, 1, 100) to ensure its length is less than
> the field length.
Use
if length(commandtail)>100 then
setlength(commandtail, 100);
-- faster and does the same thing.
And by the way, although I've seen some DB drivers that fail on specific
kinds of data error (like overlonged field values), some "100% CPU
usage" errors come from enormous amounts of memory reallocation (like
writing 160MB file to TMemoryStream in 4096byte chunks). You can see
this by checking whether your program "page faults" count skyrockets
(like, say, 10000 or more per second). Anyway - you have your code, you
have debugger, you have exploit, you have to find out what's wrong.
> I do know what year it is :-P.
:)
> I know it is old, but I did say in my
> original email that I have not really had the opportunity to work with ICS
> or Delphi for a few years. It is just as I have found this vulnerability,
> that I have re-installed everything to find out what is happening. It took
> me a while to work out how to install the ICS package in the IDE.
> Downloading latest ICS, attempting to install it, uninstall if it doesn't
> work, re-install old version etc. etc. find that my laptop has said "i've
> had enough..."
Do something like this: having installed one version of ICS, DO NOT
uninstall it. Instead, close Delphi, backup the directory where ICS is
stored, delete all .dcu files made during ICS installation (and .exe
file generation, if applicable), extract another version to the ICS
directory, run delphi and then recompile your program (NOT ICS PACKAGE)
and check it. This method will fail if there are changes to published
declarations (and you have dropped any ICS components on any form), but
if not, this is the quick and easy way to go. After all, you can restore
original ICS version from backup and, if it's the solution, reinstall
new version properly.
> I was asking about potential problems with ICS that I may come up with. Not
> having used it, or delphi for a while, I was looking for tips to watch out
> for.It wasn't meant to come across as a "will you test it for me". It was
> more a sort of "if there are problems that are known, can you let me know as
> that could be the deciding factor as to wether I upgrade my ICS (as my
> current version appears to work, except for this problem that I am
> experiencing), as I may not have the knowledge to fix any issues that come
> up."
As I said before - just upgrade and see it for yourself. If there are
any (known) vulnerabilities - someone will try to fix it ASAP, so
staying with current version is the way to go. Some changes required
breaking backward compatibility (what's unacceptable for some, no matter
what profit it would give), some not - if you're upgrading from 2002
version, it's more than just "possible" that something won't work, so
first try to find where whole thing loops and try to find out why. It
may be not because of ICS.
--
.oooO /~) (~\ Oooo. "Programowanie to | Piotr Dałek
( ) / ( ) \ ( ) *najprzyjemniejsza* | [EMAIL PROTECTED]
\ ( ( ) ( ) ) / rzecz, jaką można | http://www.hcm.prv.pl/
\_)'oooO Oooo'(_/ robić w ubraniu" |
----------------------------------------------------------------------
Jestes kierowca? To poczytaj! >>> http://link.interia.pl/f199e
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
