Does the run-time license change?
17 posts • Page 2 of 2 • 1, 2
Re: Does the run-time license change?
I'm getting closer to thinking its an issue in the ExportImage call. In my app, when I pass this string (again, no quotes or linefeeds), the image is generated correctly : "[)>~d03006~d029JKUSMAW0DA45$PS0A3E0XX~d029N5180007540731~d0292Q0~d02913Q1/1~d03007~d029120~d02935NO LINE ITEM DATA.~d02938TOOL KT CANVAS~d03006~d030~d004>".
When I pass this string, I get a zero length image file and my application shuts down with no exception trace -> "[)>~d03006~d029JKUSMAW0DA45$PS0A3E0XX~d029N5180007540731~d0292Q0~d02913Q1/1~d03007~d02905W0DA45~d02909TOOL KIT,CANVAS WORKER S~d029120~d02938TOOL KT CANVAS WORKER~d030~d004>".
Having been able to determine some cases where the new dll will work and some where it will crash, I swapped back in the 3.3 version of the dll, and it worked for all cases.
When I pass this string, I get a zero length image file and my application shuts down with no exception trace -> "[)>~d03006~d029JKUSMAW0DA45$PS0A3E0XX~d029N5180007540731~d0292Q0~d02913Q1/1~d03007~d02905W0DA45~d02909TOOL KIT,CANVAS WORKER S~d029120~d02938TOOL KT CANVAS WORKER~d030~d004>".
Having been able to determine some cases where the new dll will work and some where it will crash, I swapped back in the 3.3 version of the dll, and it worked for all cases.
- paulggardner
- Posts: 9
- Joined: Thu Jul 24, 2014 11:46 am
Re: Does the run-time license change?
>>When I pass this string, I get a zero length image file and my application shuts down with no exception trace
I opened a ticket on this and our programmer will look into it shortly. I will update the post by then.
I opened a ticket on this and our programmer will look into it shortly. I will update the post by then.
The information above is provided "AS IS", with no warranties, and confers no rights.
-
glitch - Support Engineer
- Posts: 198
- Joined: Wed May 14, 2008 2:42 pm
Re: Does the run-time license change?
Our programmer has confirmed that this is a bug inside our code. The ticket is 925 and we will work out a release to address the bug.
The information above is provided "AS IS", with no warranties, and confers no rights.
-
glitch - Support Engineer
- Posts: 198
- Joined: Wed May 14, 2008 2:42 pm
Re: Does the run-time license change?
Is there a possibility for the release to be soon? The IT dept at our customer's site found the security issue fixed in 3.6, if I read everything correctly, and is threatening to remove the dll from their systems, which would render part of my application non-functional. Unfortunately, they use that part almost daily, and so there's a certain amount of angst about this.
- paulggardner
- Posts: 9
- Joined: Thu Jul 24, 2014 11:46 am
Re: Does the run-time license change?
There are some time needed to release because we have to change the build system. The code base is too old to get it work on the current compiler platform.
I also want to explain the "security vulnerability" reported a little bit further - you can convey it to your customer:
Prior to 3.6, ExportImage can write to any file in the system, as long as the security is permitted. So a theoretical attack case is:
[/list]
In order for the attack to happen, you have to browse an external web site with malicious code with IE under system administrator account. Even with all these settings, ExportImage overwrites system files with an image file but wont' inject any malicious code. This kind of behavior (writing a file without checking the file attributes) exist in many other ActiveX components.
I also want to explain the "security vulnerability" reported a little bit further - you can convey it to your customer:
Prior to 3.6, ExportImage can write to any file in the system, as long as the security is permitted. So a theoretical attack case is:
- [list=]Hacker embeds script code in his web site. With calls to BarcodeActiveX and set ExportImage to write to a system file
[/list]
In order for the attack to happen, you have to browse an external web site with malicious code with IE under system administrator account. Even with all these settings, ExportImage overwrites system files with an image file but wont' inject any malicious code. This kind of behavior (writing a file without checking the file attributes) exist in many other ActiveX components.
The information above is provided "AS IS", with no warranties, and confers no rights.
-
glitch - Support Engineer
- Posts: 198
- Joined: Wed May 14, 2008 2:42 pm
Re: Does the run-time license change?
I tested 3.7 release and it worked fine with your string. Version 3.8 addresses datamatrix encoding only. If you can't wait, email support@morovia.com with your order number to request a copy of 3.7 release.
The information above is provided "AS IS", with no warranties, and confers no rights.
-
glitch - Support Engineer
- Posts: 198
- Joined: Wed May 14, 2008 2:42 pm
Re: Does the run-time license change?
Thank you! I'll get and test the older version.
- paulggardner
- Posts: 9
- Joined: Thu Jul 24, 2014 11:46 am
17 posts • Page 2 of 2 • 1, 2
Return to Barcode ActiveX Control
Who is online
Users browsing this forum: No registered users and 2 guests