[reSIProcate] Timer vulnerability
Scott Godin
slgodin at icescape.com
Sat Apr 9 10:27:40 CDT 2005
I think it would be better to add some relative time functions to Timer and
have the timers use these, instead of redefining getSystemTime(). I was
considering do this a while back - but the consensus was to not worry about
it. Looks like you found another reason to do it - so maybe it's time! : )
Do Unix OSs have a function similar to GetTickCount()?
-----Original Message-----
From: Kenneth Ho [mailto:kenho at bluebottle.com]
Sent: Monday, April 04, 2005 2:16 AM
To: resiprocate-devel at list.sipfoundry.org
Subject: [reSIProcate] Timer vulnerability
We are experiencing users hacking our client software on windows. They
do so by manipulating windows system time. Which causes timers to be
fired prematurely and incur undesired behavior in the stack.
As a counter to these hacks, I plan to change Timer::getSystemTime() to
use GetTickCount() instead of GetSystemTime() for windows. The drawbacks
are:
1. The value returned would have less precision. From 1/million second
to 1/thousand second, but remain the same unit (1/million second). Which
should not be a big deal, at least on Windows anyhow.
2. The value returned would not be associated to calendar time anymore.
This worries me somewhat, I am not sure if anyone uses this function in
such a way.
Ken
_______________________________________________
resiprocate-devel mailing list
resiprocate-devel at list.sipfoundry.org
https://list.sipfoundry.org/mailman/listinfo/resiprocate-devel
More information about the resiprocate-devel
mailing list