View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006696JEDI VCL00 JVCL Componentspublic2020-06-04 07:012023-11-11 19:16
ReporterthayalanAssigned ToAHUser 
PriorityhighSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
Platformx64OSWindowsOS Version2019
Product Version3.48 
Target VersionFixed in VersionDaily / GIT 
Summary0006696: Incorrect pointer arithmatic in JvNTEventLog.pas
DescriptionJvNTEventLog.pas uses pointer arithmetic to access the variables in a event record.

It is currently coded, in multiple places as:

 Result := PChar(FCurrentRecord) + SizeOf(TEventLogRecord); // Line 552.

This does not work, as the PChar is now multibyte. As a result, even though SizeOf(TEventLogRecord) = 56 ($38), but the above adds $70 every time, and leads to wrong string values & SIDs.


Steps To ReproduceJust run the sample NtEventLog Demo and check the output for Source, UserName etc.
Additional Information This happens in multiple places. In Version 3.49 @ lines 552, 559, 582

SOLUTION seems straight forward:
e.g. in line 552:
 Result := PChar(NativeInt(FCurrentRecord) + SizeOf(TEventLogRecord));

I have attached two screen shots of the demo program with and without the solution applied. (See the original file does not show username, computer name & shows incorrect source.

Thank you for all your work on JEDI.
TagsNo tags attached.

Activities

thayalan

2020-06-04 07:01

reporter  

Original_NTEventLog.pas.jpg (54,147 bytes)
Solution_Applied.jpg (67,993 bytes)
Solution_Applied.jpg (67,993 bytes)

mh

2020-08-09 10:44

reporter   ~0021950

Are you able to create a GIT pull request containing your changes?
IOf not, can you post the line numbers and changes you made to those lines here?

obones

2021-06-04 12:06

administrator   ~0021975

Any news on this?

thayalan

2021-07-19 16:11

reporter   ~0021988

Sorry folks. didn't see the comments till now. I do not use GIT, but these two changes fix the errors I encountered.

(In Line 552 of JvNTEventLog.pas)
function TJvNTEventLogRecord.GetSource: string;
begin
  Result := PChar(FCurrentRecord) + SizeOf(TEventLogRecord); // This is wrong
  Result := PChar(NativeInt(FCurrentRecord) + SizeOf(TEventLogRecord)); // Corrected
end;

(In Line 555 of JvNTEventLog.pas)
function TJvNTEventLogRecord.GetComputer: string;

var
  P: PChar;

begin
  P := PChar(FCurrentRecord) + SizeOf(TEventLogRecord); // This is wrong
  P := PChar(NativeInt(FCurrentRecord) + SizeOf(TEventLogRecord)); // Corrected
  P := P + StrLen(P) + 1;
  Result := P;
end;

thayalan

2021-07-19 16:19

reporter   ~0021989

I believe these also need to be corrected. (Same file Lines 584, 594)

function TJvNTEventLogRecord.GetSID: PSID;
begin
  Result := nil;
  if PEventLogRecord(FCurrentRecord)^.UserSidLength > 0 then Result := PSID(PChar(FCurrentRecord) + PEventLogRecord(FCurrentRecord)^.UserSidOffset); // This is wrong ?
  if PEventLogRecord(FCurrentRecord)^.UserSidLength > 0 then Result := PSID(NativeInt(FCurrentRecord) + PEventLogRecord(FCurrentRecord)^.UserSidOffset); //CORRECTED
end;

function TJvNTEventLogRecord.GetString(Index: Cardinal): string;
var
  P: PChar;
begin
  Result := '';
  if Index < StringCount then
  begin
    P := PChar(FCurrentRecord) + PEventLogRecord(FCurrentRecord)^.StringOffset; // This is wrong ?
    P := PChar(NativeInt(FCurrentRecord)) + PEventLogRecord(FCurrentRecord)^.StringOffset); // CORRECTED
    while Index > 0 do
    begin
      Inc(P, StrLen(P) + 1);
      Dec(Index);
    end;
    Result := StrPas(P);
  end;
end;

AHUser

2023-11-11 19:16

developer   ~0022050

Fixed in git main branch.

Issue History

Date Modified Username Field Change
2020-06-04 07:01 thayalan New Issue
2020-06-04 07:01 thayalan File Added: Original_NTEventLog.pas.jpg
2020-06-04 07:01 thayalan File Added: Solution_Applied.jpg
2020-08-09 10:44 mh Note Added: 0021950
2021-06-04 12:06 obones Status new => feedback
2021-06-04 12:06 obones Note Added: 0021975
2021-07-19 16:11 thayalan Note Added: 0021988
2021-07-19 16:11 thayalan Status feedback => new
2021-07-19 16:19 thayalan Note Added: 0021989
2023-11-11 19:16 AHUser Assigned To => AHUser
2023-11-11 19:16 AHUser Status new => resolved
2023-11-11 19:16 AHUser Resolution open => fixed
2023-11-11 19:16 AHUser Fixed in Version => Daily / GIT
2023-11-11 19:16 AHUser Note Added: 0022050