0005403: JvJCLUtils.pas vulnerable to a buffer overflow that allows malicious code execution - JEDI Issue Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0005403	JEDI VCL	00 JVCL Components	public	2010-11-16 11:28	2012-02-29 16:55

Reporter	x_art	Assigned To	AHUser
Priority	normal	Severity	minor	Reproducibility	always
Status	resolved	Resolution	fixed
Product Version	3.40
Target Version		Fixed in Version	3.45

Summary	0005403: JvJCLUtils.pas vulnerable to a buffer overflow that allows malicious code execution
Description	JvJCLUtils.pas function GetParamStr(P: PChar; var Param: string): PChar; Buffer: array [Byte] of Char; The Buffer array is too small for modern OS and should be: Buffer: array [0..MAX_PATH] of Char; As result, the program is crashed when a path is longer than 256 bytes.
Additional Information	Fixes are below: function GetParamStr(P: PChar; var Param: string): PChar; var Len: Integer; Buffer: array [0..MAX_PATH] of Char; //!!! aggsoft.com begin while True do begin while (P[0] <> #0) and (P[0] <= ' ') do Inc(P); if (P[0] = '"') and (P[1] = '"') then Inc(P, 2) else Break; end; Len := 0; while P[0] > ' ' do if P[0] = '"' then begin Inc(P); while (P[0] <> #0) and (P[0] <> '"') do begin if Len>MAX_PATH then raise EOverflow.Create('ParamStr buffer overflow!'); //!!! aggsoft.com Buffer[Len] := P[0]; Inc(Len); Inc(P); end; if P[0] <> #0 then Inc(P); end else begin Buffer[Len] := P[0]; Inc(Len); Inc(P); end; SetString(Param, Buffer, Len); Result := P; end;
Tags	No tags attached.

Date Modified	Username	Field	Change
2010-11-16 11:28	x_art	New Issue
2010-11-16 15:12	outchy	Note Added: 0018112
2010-11-27 20:36	AHUser	Note Added: 0018188
2010-11-27 20:36	AHUser	Status	new => resolved
2010-11-27 20:36	AHUser	Fixed in Version	=> Daily / SVN
2010-11-27 20:36	AHUser	Resolution	open => fixed
2010-11-27 20:36	AHUser	Assigned To	=> AHUser
2012-02-29 16:55	obones	Fixed in Version	Daily / SVN => 3.45