search

npp-plugins / mimetools

Other
44 stars 12 forks source link

Access violation in URL decoding #8

Closed vah13 closed 5 years ago

vah13 commented 5 years ago

photo_2019-01-28_19-46-37

sample.txt

   aaaaa aaaaaa &aaaaa;
   &aaaaa = aaaaaaaaaaaaaaaaaaaaaaaaaa(%maaaaa, %maaaa, aaaaaaaa.aaaaa_aaaaaaa, %maaaaaa, m.m_m, "", "")"?a_a=m.m_m&mmmmm=" | mmm_mmm_mmmmm.mmm_mmmm_mmmm_mm.mmmmm;

   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
donho commented 5 years ago

Works (w/o crash) to me. Which version of MimeTools plugin are you using?

vah13 commented 5 years ago

the last one, from github release

On Tue, Jan 29, 2019 at 4:45 PM Don HO notifications@github.com wrote:

Works (w/o crash) to me. Which version of MimeTools plugin are you using?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/npp-plugins/mimetools/issues/8#issuecomment-458544920, or mute the thread https://github.com/notifications/unsubscribe-auth/AHm15XCgLpNzegzvJ7gp8ExjX9wDcmBhks5vIFCQgaJpZM4aWVQF .

-- Best regards, Vahagn Vardanyan

donho commented 5 years ago

The version number please?

vah13 commented 5 years ago

image

vah13 commented 5 years ago

@donho

donho commented 5 years ago

Could you check if DSpellCheck plugin is enabled?

vah13 commented 5 years ago

image

donho commented 5 years ago

@vah13 No, it's not what I asked. To see if DSpellCheck plugin is enabled, see if (menu) Plugins->DSpellCheck->Spell Check Document Automatically` item is checked. Could you tell me if this menu item is checked?

vah13 commented 5 years ago

nope image

vah13 commented 5 years ago

@donho I think I understood why the bug is present. In the https://github.com/npp-plugins/mimetools/blob/master/src/mimeTools.cpp#L339 line, you have "encoded" and "decoded" strings as the same size. But decoded need to have longer length then encoded.

you can test using this code

char *encodedText  = "   aaaaa aaaaaa &aaaaa;"
        "& aaaaa = aaaaaaaaaaaaaaaaaaaaaaaaaa(%maaaaa, %maaaa, aaaaaaaa.aaaaa_aaaaaaa, %maaaaaa, m.m_m, " " , " ")" ? a_a = m.m_m& mmmmm = " | mmm_mmm_mmmmm.mmm_mmmm_mmmm_mm.mmmmm;"
""
"   aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";

    int bufLength = strlen(encodedText) +1;
    char *DecodedText = new char[bufLengtt];
    UrlToAscii(DecodedText, encodedText, bufLength);
vah13 commented 5 years ago

image

donho commented 5 years ago

@vah13 Sorry for the late reply. We have tried some fix for this issue, could you replace your mimetools with the following one: https://notepad-plus-plus.org/temp/mimeTools.zip

If you use 64 bit of Notepad++, please download this one: https://notepad-plus-plus.org/temp/mimeTools.x64.zip

Let me know if the crash is fixed for you.

vah13 commented 5 years ago

Hi @donho, yes, fixed!

Cool, thank you

vah13 commented 1 year ago

CVE-2020-18307