[ActiveLock-Development] CVS: activelock2/src modActiveLock.bas,1.6,1.7

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/activelock/activelock2/src
In directory sc8-pr-cvs1:/tmp/cvs-serv2203

Modified Files:
	modActiveLock.bas 
Log Message:
wizzardme2000 found a security breach associated with using md5_hash() function in ALCrypto.dll from the client app.
So I'm switching to using CRC checksum as a (hopefully) better alternative.
The MD5 checksum bit inside ActiveLock2.dll is still safe, however, since it is using its own self-contained implementation.

Index: modActiveLock.bas
===================================================================
RCS file: /cvsroot/activelock/activelock2/src/modActiveLock.bas,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7

--- modActiveLock.bas	31 Jul 2003 07:04:53 -0000	1.6
+++ modActiveLock.bas	2 Aug 2003 07:16:03 -0000	1.7
@@ -50,7 +50,10 @@
 '
 '   07.07.03 - mcrute - Updated the header comments for this file.
 '   07.30.03 - th2tran - New routines to do MD5 hashes of TypeLibs.
-'
+'   08.02.03 - th2tran - wizzardme2000 found a gaping security hole with using md5_hash().
+'                        So now I'm using CRC checksums and MapFileAndCheckSum() API call
+'                        instead.  This approach was suggested by Peter Young (vbclassicforever)
+'                        in the forum and mailing list a while back.
 '
 '  ///////////////////////////////////////////////////////////////////////
 '  /                MODULE CODE BEGINS BELOW THIS LINE                   /
@@ -128,7 +131,7 @@
 
 Private Declare Sub CopyMem Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)
 Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
-
+Private Declare Function MapFileAndCheckSum Lib "imagehlp" Alias "MapFileAndCheckSumA" (ByVal FileName As String, HeaderSum As Long, CheckSum As Long) As Long
 
 Public Sub Init()
     If fInit Then Exit Sub
@@ -276,17 +279,34 @@
 ' Computes an MD5 hash of the type library containing the object.
 '
 Public Function MD5HashTypeLib(obj As IUnknown) As String
-    ' Retrieve DLL Path of self
+    Dim strDllPath As String
+    strDllPath = GetTypeLibPathFromObject(obj)
+    MD5HashTypeLib = MD5HashFile(strDllPath)
+End Function
+
+Private Function GetTypeLibPathFromObject(obj As IUnknown) As String
+    ' Retrieve TypeLib info using TLI library (tlbinfo.dll)
     ' Use late-binding so that the user doesn't have to add it to their project reference
     Dim tliApp As Object
     Set tliApp = CreateObject("TLI.TLIApplication")
     Dim ti As Object ' actually TLI.TypeInfo
     Set ti = tliApp.ClassInfoFromObject(obj)
     Dim strDllPath As String
-    strDllPath = ti.Parent.ContainingFile
-    MD5HashTypeLib = MD5HashFile(strDllPath)
+    GetTypeLibPathFromObject = ti.Parent.ContainingFile
+End Function
+
+''
+' Performs CRC checksum on the type library containing the object.
+'
+Public Function CRCCheckSumTypeLib(obj As IUnknown) As Long
+    Dim strDllPath As String
+    strDllPath = GetTypeLibPathFromObject(obj)
+    Dim HeaderSum As Long, RealSum As Long
+    MapFileAndCheckSum strDllPath, HeaderSum, RealSum
+    CRCCheckSumTypeLib = RealSum
 End Function
 
+
 ''
 ' Computes an MD5 hash of the specified file.
 '
@@ -304,7 +324,7 @@
 
 ''
 ' Check if we're running inside the VB6 IDE
-Private Function IsRunningInIde() As Boolean
+Public Function IsRunningInIde() As Boolean
           Dim strFileName As String
           Dim lngCount As Long
     
@@ -313,4 +333,3 @@
 30        strFileName = Left(strFileName, lngCount)
 40        IsRunningInIde = UCase(Right(strFileName, 7)) = "VB6.EXE"
 End Function
-



