Does the run-time license change?

Anything related to Barcode ActiveX programming

Re: Does the run-time license change?

Postby paulggardner on Mon Jul 28, 2014 7:57 am

I'm getting closer to thinking its an issue in the ExportImage call. In my app, when I pass this string (again, no quotes or linefeeds), the image is generated correctly : "[)>~d03006~d029JKUSMAW0DA45$PS0A3E0XX~d029N5180007540731~d0292Q0~d02913Q1/1~d03007~d029120~d02935NO LINE ITEM DATA.~d02938TOOL KT CANVAS~d03006~d030~d004>".

When I pass this string, I get a zero length image file and my application shuts down with no exception trace -> "[)>~d03006~d029JKUSMAW0DA45$PS0A3E0XX~d029N5180007540731~d0292Q0~d02913Q1/1~d03007~d02905W0DA45~d02909TOOL KIT,CANVAS WORKER S~d029120~d02938TOOL KT CANVAS WORKER~d030~d004>".

Having been able to determine some cases where the new dll will work and some where it will crash, I swapped back in the 3.3 version of the dll, and it worked for all cases.
paulggardner
 
Posts: 9
Joined: Thu Jul 24, 2014 11:46 am

Re: Does the run-time license change?

Postby glitch on Mon Jul 28, 2014 4:40 pm

>>When I pass this string, I get a zero length image file and my application shuts down with no exception trace

I opened a ticket on this and our programmer will look into it shortly. I will update the post by then.
The information above is provided "AS IS", with no warranties, and confers no rights.
User avatar
glitch
Support Engineer
 
Posts: 196
Joined: Wed May 14, 2008 2:42 pm

Re: Does the run-time license change?

Postby glitch on Tue Jul 29, 2014 11:28 am

Our programmer has confirmed that this is a bug inside our code. The ticket is 925 and we will work out a release to address the bug.
The information above is provided "AS IS", with no warranties, and confers no rights.
User avatar
glitch
Support Engineer
 
Posts: 196
Joined: Wed May 14, 2008 2:42 pm

Re: Does the run-time license change?

Postby paulggardner on Wed Jul 30, 2014 9:09 am

Is there a possibility for the release to be soon? The IT dept at our customer's site found the security issue fixed in 3.6, if I read everything correctly, and is threatening to remove the dll from their systems, which would render part of my application non-functional. Unfortunately, they use that part almost daily, and so there's a certain amount of angst about this. :(
paulggardner
 
Posts: 9
Joined: Thu Jul 24, 2014 11:46 am

Re: Does the run-time license change?

Postby glitch on Wed Jul 30, 2014 10:03 am

There are some time needed to release because we have to change the build system. The code base is too old to get it work on the current compiler platform.

I also want to explain the "security vulnerability" reported a little bit further - you can convey it to your customer:

Prior to 3.6, ExportImage can write to any file in the system, as long as the security is permitted. So a theoretical attack case is:

    [list=]Hacker embeds script code in his web site. With calls to BarcodeActiveX and set ExportImage to write to a system file
[list=]Someone browses the hacker's site with IE. Because he has the BarcodeActiveX installed, the ExportImage overwrites a system file.[/list]
[/list]

In order for the attack to happen, you have to browse an external web site with malicious code with IE under system administrator account. Even with all these settings, ExportImage overwrites system files with an image file but wont' inject any malicious code. This kind of behavior (writing a file without checking the file attributes) exist in many other ActiveX components.
The information above is provided "AS IS", with no warranties, and confers no rights.
User avatar
glitch
Support Engineer
 
Posts: 196
Joined: Wed May 14, 2008 2:42 pm

Re: Does the run-time license change?

Postby glitch on Wed Jul 30, 2014 1:55 pm

I tested 3.7 release and it worked fine with your string. Version 3.8 addresses datamatrix encoding only. If you can't wait, email support@morovia.com with your order number to request a copy of 3.7 release.
The information above is provided "AS IS", with no warranties, and confers no rights.
User avatar
glitch
Support Engineer
 
Posts: 196
Joined: Wed May 14, 2008 2:42 pm

Re: Does the run-time license change?

Postby paulggardner on Wed Jul 30, 2014 3:08 pm

Thank you! I'll get and test the older version.
paulggardner
 
Posts: 9
Joined: Thu Jul 24, 2014 11:46 am

Previous

Return to Barcode ActiveX Control

Who is online

Users browsing this forum: No registered users and 1 guest