EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Please use SafeLoadLibrary() instead of LoadLibrary()

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#3241
Posted: 06/28/2007 11:49:52
by Andrew Fiddian-Green (Standard support level)
Joined: 01/08/2007
Posts: 14

In SecureBlackbox you make a lot of calls to LoadLibrary(), whereas you should be using SafeLoadLibrary() instead.

Excerpt from D2007 Help:
SafeLoadLibrary loads a Windows DLL or Linux shared object file, as specified by Filename. SafeLoadLibrary preserves the current FPU control word, preventing library initialization code from permanently overwriting precision and exception masks.

Regards,
AndrewFG
#3242
Posted: 06/28/2007 12:01:11
by Eugene Mayevski (EldoS Corp.)

Not sure that I understand you. First of all, SecureBlackbox doesn't load external libraries other than PKCS#11 modules. Next, what would be the reason to change the current code?


Sincerely yours
Eugene Mayevski
#3243
Posted: 06/28/2007 15:14:38
by Andrew Fiddian-Green (Standard support level)
Joined: 01/08/2007
Posts: 14

>> what would be the reason to change the current code?

Well it seems that if a DLL contains initialization code then when you call LoadLibrary the initialization code can change the state of the x087 Floating Point Unit control word. And in particular many of the Microsoft DLLs shipped with the OS are "guilty" of changing FPU control word. This means that -- depending on when a DLL is actually loaded -- the accuracy of floating point operations may be altered in un-predictable ways. The people at Borland / CodeGear realised this problem many years ago, and created SafeLoadLibrary which basically wraps the normal LoadLibrary between a sandwich as follows:

SaveFPUControlWord;
try
LoadLibrary;
finally
RestoreFPUControlWord;
end;

Regards,
AndrewFG

PS I have an application (using SBB) that provably suffers from LoadLibrary's "tampering" with the FPU control word.
#3245
Posted: 06/29/2007 00:18:16
by Eugene Mayevski (EldoS Corp.)

Thank you for the detailed explanation. SecureBlackbox doesn't use LoadLibrary (unless you load PKCS11 modules) so we can't fix anything there .


Sincerely yours
Eugene Mayevski
#3247
Posted: 06/29/2007 01:16:36
by Andrew Fiddian-Green (Standard support level)
Joined: 01/08/2007
Posts: 14

I dont have the full SBB package and I found 11 instances where you use LoadLibrary ;-)

SBWinCrypt.pas(1155)
SBPKCS11Base.pas(532)
SBPKCS11Base.pas(899)
SBSystemStoreEditor.pas(203)
SBWinCertStorage.pas(596)
SBHTTPAuth.pas(777)
SBHTTPAuth.pas(779)

Reagrds,
AndrewFG
#3248
Posted: 06/29/2007 11:04:15
by Eugene Mayevski (EldoS Corp.)

None of them are critical or even widely used. What package / module do you suspect to influence your application?


Sincerely yours
Eugene Mayevski
#3251
Posted: 06/30/2007 02:43:17
by Andrew Fiddian-Green (Standard support level)
Joined: 01/08/2007
Posts: 14

Eugene, It should not be a question of whetehr the calls are "critical" or "widely used"; the point is that you have no knowledge of what is happening inside the initialization code of somebody else's DLL, and it is therefore just "good hygiene" to use SafeLoadLibrary to avoid any possible risk that the DLL will leave the FPU in an indeterminate state.

Regards,
AndrewFG
#3252
Posted: 06/30/2007 03:07:51
by Eugene Mayevski (EldoS Corp.)

The question is whether it makes sense for us to change the code. So far I don't see any sense.
SafeLoadLibrary is Borland's invention which appeared only in recent versions of the library, so we need to re-implement it in our code rather than use it directly. And this is certain amount of work which must be motivated in some way.


Sincerely yours
Eugene Mayevski
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 5390 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!