0026913: Vulnerable mechanism in Standard_Type leads to assert

diff --git a/src/Standard/Standard_Type.cxx b/src/Standard/Standard_Type.cxx
index 06f6ac3..db12772 100644 (file)
--- a/src/Standard/Standard_Type.cxx
+++ b/src/Standard/Standard_Type.cxx
@@ -23,6 +23,27 @@ IMPLEMENT_STANDARD_RTTIEXT(Standard_Type,Standard_Transient)
 
 //============================================================================
 
 
 //============================================================================
 

+namespace {
+static Standard_CString copy_string (const char* theString)
+{
+  size_t aLength = strlen (theString);
+  char* aResult = static_cast<char*> (Standard::Allocate (aLength + 1));
+  strncpy (aResult, theString, aLength + 1); //including null-character
+  return aResult;
+}
+}
+
+Standard_Type::Standard_Type (const char* theSystemName,
+                              const char* theName,
+                              Standard_Size theSize,
+                              const Handle(Standard_Type)& theParent) :
+  mySystemName (copy_string (theSystemName)),
+  myName(theName), mySize(theSize), myParent(theParent)
+{
+}
+
+//============================================================================
+

 Standard_Boolean Standard_Type::SubType (const Handle(Standard_Type)& theOther) const
 {
   return ! theOther.IsNull() && (theOther == this || (! myParent.IsNull() && myParent->SubType (theOther)));
 Standard_Boolean Standard_Type::SubType (const Handle(Standard_Type)& theOther) const
 {
   return ! theOther.IsNull() && (theOther == this || (! myParent.IsNull() && myParent->SubType (theOther)));


@@ -91,7 +112,7 @@ Standard_Type* Standard_Type::Register (const char* theSystemName, const char* t
   aType = new Standard_Type (theSystemName, theName, theSize, theParent);
 
   // then add it to registry and return (the reference to the handle stored in the registry)
   aType = new Standard_Type (theSystemName, theName, theSize, theParent);
 
   // then add it to registry and return (the reference to the handle stored in the registry)

-  aRegistry.Bind (theSystemName, aType);
+  aRegistry.Bind (aType->mySystemName, aType);

 
 //  cout << "Registering " << theSystemName << ": " << aRegistry.Extent() << endl;
 
 
 //  cout << "Registering " << theSystemName << ": " << aRegistry.Extent() << endl;
 


@@ -105,4 +126,5 @@ Standard_Type::~Standard_Type ()
   Standard_ASSERT(aRegistry.UnBind (mySystemName), "Standard_Type::~Standard_Type() cannot find itself in registry",);
 
 //  cout << "Unregistering " << mySystemName << ": " << aRegistry.Extent() << endl;
   Standard_ASSERT(aRegistry.UnBind (mySystemName), "Standard_Type::~Standard_Type() cannot find itself in registry",);
 
 //  cout << "Unregistering " << mySystemName << ": " << aRegistry.Extent() << endl;

+  Standard::Free (mySystemName);

 }
 }

diff --git a/src/Standard/Standard_Type.hxx b/src/Standard/Standard_Type.hxx
index 283d0a6..5cb49b2 100644 (file)
--- a/src/Standard/Standard_Type.hxx
+++ b/src/Standard/Standard_Type.hxx
@@ -143,10 +143,7 @@ private:
 
   //! Constructor is private
   Standard_Type (const char* theSystemName, const char* theName,
 
   //! Constructor is private
   Standard_Type (const char* theSystemName, const char* theName,

-                 Standard_Size theSize, const Handle(Standard_Type)& theParent)
-  : mySystemName(theSystemName), myName(theName), mySize(theSize), myParent(theParent)
-  {
-  }
+                 Standard_Size theSize, const Handle(Standard_Type)& theParent);

 
 private:
   Standard_CString mySystemName;  //!< System name of the class (typeinfo.name)
 
 private:
   Standard_CString mySystemName;  //!< System name of the class (typeinfo.name)