[sword-devel] Major Sword bug found -- buffer overflow
Manfred Bergmann
bergmannmd at yahoo.de
Wed Mar 1 14:29:41 MST 2006
Hi Martin.
Although the flow of events is incorrect, a buffer overflow
nevertheless should not occur.
If you compress the encrypted text or the normal text should not
matter in my general understanding.
Best regards,
Manfred
Am 01.03.2006 um 23:59 schrieb DM Smith:
> Martin,
> You have the flow of events incorrect. Compression is last on
> building. Decompression is first on reading.
>
> It could be that it is experiencing the same bug I encountered in
> JSword. I'll check (as it is a one line change)
>
> Martin Gruner wrote:
>> Hi,
>>
>> when testing the new GerHfa2002 module, I discovered a major bug
>> in sword. I tried to open the locked module without having the key
>> yet. In some chapters garbage text shows up which clearly belongs
>> not to the module, but to other parts of the address space of
>> BibleTime.
>>
>> IIRC, in Sword, module encryption works like this
>>
>> raw text -> compression -> encryption
>>
> raw text -> encryption -> compression
> encryption does not change the size of the file.
>> This is supposed to strengthen the encryption. But if you don't
>> have the encryption key, then the decryption can't work:
>>
>> decryption -> decompression -> raw text
>>
> decompression -> decryption -> raw text
>
> Actually, if anyone cares to know, there is no difference between
> encryption and decryption.
>
>> Since decryption does not work, decompression tries to uncompress
>> the encrypted text (that's what I guess here). This sometimes
>> leads to buffer overflows (not deterministic). For example, I had
>> this text in Joshua 1 in BibleTime:
>>
>> 1 2 3 b 4 5 6 o 7 8 r-Verlag" and "Friedrich Reinhardt
>> Verlag", we are able to distribute (for missionary purposes) the
>> text of the LOSUNG ("Watchwords" -selected Old and New Testamtent
>> texts-) as freeware. I am very glad about this opportunity, and
>> with all my heart I give thanks to our great God. I am also
>> grateful to all those sustaining this missionary opportunity 9 in
>> prayer. Their part is crucial.\par\parThis free version on disk
>> displays only the Old and New Testament verses. The publisher
>> "H�nssler-Verlag" in Germany offers a disk version 10 for sale
>> (in German), which displays additional text from the printed
>> booklet.\par\parEach user and distributor of this disk must adhere
>> to the license agreement below:\par\par You may distribute the
>> content of this disk or program package only in unmodified form.
>> You must not remove, modify, or pass along any files separately.
>> \par\par Via BBS you m 12 ay distribute individual program
>> packets, such as: \par\par winlos99.exe \par doslos99.exe \par
>> os2los99.zip \par atalsg99.zip \par etc.. \par\par The same
>> restriction applies here, as well: \par\par Distribution of the
>> LOSUNG ("Watchwords") texts without their respective display
>> programs is not permitted. You must not alter the content of the
>> texts.\par\par The programs themselves are copyrighted (German
>> "Urheberrecht") for the benefit of their progr 13 am authors. See
>> program documentation for details.\par\parAdditionally, the
>> following applies:
>> \par\par the LOSUNG ("Watchwords") may be used exclusively by the
>> name "LOSUNG" with the freeware programs provided, and may only be
>> distributed free of charge. \par advertisement, distribution for
>> profit, and distribution through commercial companies, is
>> prohibited. \par you must not use or incorporate the freeware
>> LOSUNG ("Watchwords") texts in any other software program (e.g. an
>> or 15 ganizer program), unless the sole function of the program is
>> to display the LOSUNG ("Watchwords") text on the screen. \par
>> \parImportant Copyright Information regarding the English Bible
>> Texts:
>> \par\par The Text of the "AUTHORIZED VERSION" (popularly known as
>> the "King Jam 16 es Version") is in the Public Domain.\par\par The
>> NEW INTERNATIONAL VERSION (often abbreviated as "NIV")\par
>> "Scripture t 17 aken from the HOLY BIBLE, NEW INTERNATIONAL
>> VERSION (R)\par Copyright (C) 1973, 1978, 1984\par 18 by
>> International Bible Society.\par Used by permission of Zondervan
>> Publishing House.\par All rights reserved."\par\par T
>>
>> This obviously comes from other parts of BibleTime's address
>> space. Try "mod2imp GerHfa2002" and you might see places where
>> this happens. The GerHfaLex2002 module crashes BibleTime on my
>> system, perhaps because the decompressor tries to access memory
>> that is outside of BibleTime's address space.
>> The console always spits out warnings like:
>>
>> no room in outbuffer to during decompression. see zipcomp.cpp
>> no room in outbuffer to during decompression. see zipcomp.cpp
>>
>> I don't know how the decompression algorithms and Sword's design
>> in this regard work. Perhaps somebody wants to investigate? This
>> is both a stability and a security problem.
>>
>> Martin
>> _______________________________________________
>> sword-devel mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>>
>>
>>
>
> _______________________________________________
> sword-devel mailing list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel
> Instructions to unsubscribe/change your settings at above page
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
More information about the sword-devel
mailing list