Re: Entropy sources under WinXP

---

• From: Mark Nudelman <markn@xxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 23 May 2007 14:36:30 -0700

---

On 5/23/2007 1:30 PM, Karl Malbrain wrote:

<michael.spath@xxxxxxxxx> wrote in message
news:1179948814.886698.280790@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

On May 22, 8:52 pm, "Karl Malbrain" <malbr...@xxxxxxxxx> wrote:

The compiled code cannot do this unless the source code
is written this way, which would be absurd and is not the
case in vanilla Win2K and WinXP as shown by the
disassembled code.

absurd???

// test for overflow

if( regentry->size > *userbuffersize )
goto buffer_overflow;

//copy data to user buffer and return number of bytes copied

memcpy (userbufferaddress, regentry->data, regentry->size);
*userbuffersize = regentry->size;

is hardly absurd!!!

But if regentry points to shared data and it's not protected by a mutex,
that *is* absurd. Any CS major fresh out of college would know enough
to avoid that problem. I can't believe that a piece of code as
important and heavily used as the registry APIs would have such an
elementary error, and one which has never been noticed until now.

--Mark
.

---

• Follow-Ups:
  • Re: Entropy sources under WinXP
    • From: Karl Malbrain

• References:
  • Entropy sources under WinXP
    • From: keith
  • Re: Entropy sources under WinXP
    • From: Mark Nudelman
  • Re: Entropy sources under WinXP
    • From: Sebastian G.
  • Re: Entropy sources under WinXP
    • From: Mark Nudelman
  • Re: Entropy sources under WinXP
    • From: Sebastian G.
  • Re: Entropy sources under WinXP
    • From: Mark Nudelman
  • Re: Entropy sources under WinXP
    • From: Sebastian G.
  • Re: Entropy sources under WinXP
    • From: michael . spath
  • Re: Entropy sources under WinXP
    • From: Karl Malbrain
  • Re: Entropy sources under WinXP
    • From: michael . spath
  • Re: Entropy sources under WinXP
    • From: Karl Malbrain
  • Re: Entropy sources under WinXP
    • From: michael . spath
  • Re: Entropy sources under WinXP
    • From: Karl Malbrain

• Prev by Date: Re: Hint for users of Google Groups
• Next by Date: Re: fixed block size
• Previous by thread: Re: Entropy sources under WinXP
• Next by thread: Re: Entropy sources under WinXP
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Damn you, FEDEX! or Nikon D40 lost in Springfield, MO blackhole. ... the 2 mp Mavica he had been using with a Nikon D40. ... After shopping around, he got me to order one for him. ... The shipper had it insured, but from what I have read it could take weeks to sort this crap out. ... You may get your insurance from FedEx and a couple weeks later they find it and deliver it. ... (alt.photography) Re: 3 ... "Alphonse" kirjoitti viestissä ... >> Uncle Al ... Practice is when it works but you don't know why. ... (sci.physics) Re: 3 ... "Alphonse" kirjoitti viestissä ... >> Uncle Al ... Practice is when it works but you don't know why. ... (sci.physics.relativity) Re: The Sci-Fi Rejection Letter That Time Forgot ... nations have stockpiled arsenals of these incredible bombs and the time the story is set. ... (rec.arts.sf.written) RE: copied music cds have a skip in last 18 seconds ... If installing all missing Windows Updates doesn't fix your problem ... xiowan.......in tucson ... (microsoft.public.windows.mediacenter)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2007-05