Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

Finding bugs is definitely a valid concern. But there is, of course, a version that addresses both problems: NT_VERIFY(NT_SUCCESS(RtlStringCbPrintfW(...))); This will assert in case the buffer is too small, while still never causing an overflow. We could provide wrappers to require less typing or

Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a user-mode hard-error BSOD.

So to be clear, while the kernel still has tons of incompatible code and issues to barely run as a Win2003-compatible kernel, whenever there's an NT design decision you disagree with, you're going to be rewriting the little bit of code that _does work well_ to work contrary to how NT works? Did I g

Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

Eric, the thing is, buffer overflows don't just crash the program unless you have some really nifty guard pages, but overwrite other things in memory. This means an attacker can, in certain situations, use it to create something that not just crashes, but with a nifty input create an exploit. Havin

Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

Hello Hermès, you can use a maximum timeout value of 31536999 seconds (that's 1 second shy of 10 years). If the timeout value is larger or equal 1 day (>=86400 seconds), winlogon will use the "%d days" format. It will just show a maximum of "3649 days". No buffer overflow here! :-) Regards Eric

Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

Hello Thomas, you're right, using the run-time size checks are a good way to keep application from crashing because of buffer overflows. They'll just keep on using corrupt data instead! If you want to fix this problem: Don't use C! Use C++, C#, Java etc. instead! I prefer to see an application cr

Re: [ros-dev] [ros-diffs] 02/08: [NTOSKRNL] Forbid processes without the Tcb prvilege to perform a user-mode hard-error BSOD.

Yes, to only allow programs that REALLY REALLY REALLY REALLY ….. need to do so to trigger the hard-error “shutdown” BSOD from user-mode to do so, and these programs would better be only those that run only in SYSTEM rights, and more exactly these include CSRSS, WINLOGON and SMSS when something v

Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

If I remember correctly you can make shutdowns delayed of many days on Windows (using the InitiateSystemShutdown(Ex) function), in which case the 2-digit hour won't work at all. Best, Hermès > -Message d'origine- > De : Ros-dev [mailto:ros-dev-boun...@reactos.org] De la part de Thomas >

Re: [ros-dev] [ros-diffs] 01/01: [WINLOGON] Clean up part 2 - Replace the UNICODE_STRING usMessage by a PWSTR pszMessage. - Use the "%02d:%02d:%02d" time format and get rid of the safe string printf b

Hey Eric, On 2018-04-02 12:58, Eric Kohl wrote: -RtlStringCbPrintfW(strbuf, sizeof(strbuf), L"%d:%d:%d", hours, minutes, seconds); +swprintf(szBuffer, L"%02d:%02d:%02d", iHours, iMinutes, iSeconds); Unfortunately I must disagree with this change. Buffer overflows are a big enough thr