EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Critical fault in OAuth2 implementation with respect to leap year date

Posted: 02/29/2016 15:30:38
by Ken Ivanov (Team)


Thank you for the good points.

Indeed those functions would throw exceptions if bad time values are supplied to them, yet the exceptions would be caught somewhere down the stack and handled appropriately.

The unfortunate coincidence about the 29/02 issue was not only about the conversion problem itself, but also about the fact that there does exist a mechanism in SecureBlackbox of intervening into exception flow control (by providing an alternative exception handler), yet this mechanism was not attached to the class in problem and therefore the problem was only solvable by making changes to the code.

Posted: 03/01/2016 02:40:28
by Mr.Pavel (Basic support level)
Joined: 03/01/2016
Posts: 1

Please, also add next 2 lines:

procedure TElHTTPSClient.FreeSentStreams(ForceSent: Boolean {$ifdef HAS_DEF_PARAMS}=  false {$endif});
  i: Integer;
  DS: TElDataStream;
->>  if FDataStreams <> nil then
->>  begin
    i := 0;
    while i < FDataStreams.Count do

method FreeSentStreams may be called from destructor raising nested exception because FDataStreams is not created yet



Topic viewed 9504 times

Number of guests: 3, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!