lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200409250226.i8P2QJc32589@pop-3.dnv.wideopenwest.com>
From: mvp at joeware.net (joe)
Subject: Windoze almost managed to 200x repeat 9/11

Again, there are valid uses of GetTickCount and there are safe ways of doing
so. If there is concern, I do recommend testing functionality associated
with each of the DLLs. You might find a bug you can report for kudos.

On the incident, I would guess the vendor never had a clue it would do that.


That function can't return more than 49.7 days without breaking every app
that currently uses it. MS can not do that. That is why there is another
function to get the info with a different datatype. See my other posts.

  joe


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of bashis
Sent: Friday, September 24, 2004 5:47 PM
To: joe
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Windoze almost managed to 200x repeat 9/11

> 
> > C:\WINDOWS\system32>find "GetTickCount" kernel32.dll
> > 
> > ---------- KERNEL32.DLL
> > GetTickCount
> 
> Umm yeah. That would be the DLL that exports the function. :o)
Yes, perhaps, but do a search in \windows and \windows\system32 and you will
find several program using (or exporting;) this function. ;-)

> Anyway, even if it is used, if used with understanding of the data 
> value range it can used safely. I have used it safely (as have many 
> coders) many times in the past when manipulating 64 bit numbers 
> associated with QueryPerformanceCounter would have been overkill.
Yes, offcores it can be used safely.

My wild guess about that "incident" is that the programmer(s) who coded the
application didn't get that it will wrap to zero after 49.7 days, and as
workaround they told the customer to reboot their servers with the reason
"Windows, it's crappy.. you know.."

We can argue about if the return is right or wrong from "GetTickCount()",
even if the function was well documented and the coders was missing the
magic word "49.7 days", i realy don't care.

But, my personally opinion is that a "The return value is the number of
milliseconds that have elapsed since the system was started." function
should return more than 49.7 days, but hey.. M$ perhaps dont expect more
uptime on their OS'es.. ;-)

Well, i dont know if the "GetTickCount()" is the cause to the "incident", it
was only a notice when i was searching and reading about functions/bugs with
the magic word "49.7 days" ;-)

I am glad that the "incident" was turned out w/o any human losses.

Have a nice day
/bashis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ