Prev: CHtmlView
Next: using MXXMLWriter to pretty print xml
From: Joseph M. Newcomer on 10 Jul 2007 09:55 See below... On Tue, 10 Jul 2007 01:32:09 -0700, karim <karim(a)discussions.microsoft.com> wrote: >Hi Joseph , >Thanks for your reply. The method E3Des takes "passwordToEncrypt" as input >and run some encryption algorithm and then store the result in encpwd8 and >encpwd16 parameters, during this process version number, which is in "i" gets >modified. thats why i passed i as int *.now i have provided input like > >char *passwordToEncrypt = "080000151F6ECF67"; >char encpwd8[1024] = ""; >char encpwd16[1024] = ""; **** These are actually pretty poor as well; it assumes that the encrypted output will fit into 1024 bytes, but since the characteristics of the subroutine are not known, there is no reason to assume that this is actually true. ***** >int i = 0605; > >here i am getting output in encpwd16 and some garbage value in encpwd8 and >i=389 with a return value of zero(Actually 1= success, differnt 1 = bad) > >can you help me on this please........ ***** Without COMPLETE AND ACCURATE documentation of the function, it is impossible to tell what it wants, what it does, what its parameters should be, or how to interpret its output. joe ***** > >Thanks and Regards, >karimulla. > >"Joseph M. Newcomer" wrote: > >> See below... >> On Fri, 6 Jul 2007 05:38:04 -0700, karim <karim(a)discussions.microsoft.com> wrote: >> >> >hi David, >> > >> >"David Wilkinson" wrote: >> > >> >> karim wrote: >> >> > Hi All, >> >> > i have the following code in my cpp file >> >> > ************************************************** >> >> > int i = 0; >> >> > >> >> > char *passwordToEncrypt = "080000151F6ECF67"; >> >> > char *encpwd8 = NULL; >> >> > char *encpwd16 = NULL; >> >> > >> >> > //if i uncomment below line,then it throwing access violation error during >> >> > runtime >> >> > //i = 0605; >> >> > >> >> > int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); >> >> > >> >> > **************************************************** >> >> > >> >> > the method "E3Des" is defined in a dll and it is linked. so no compilation >> >> > errors:-). i have only runtime error. >> >> > >> >> > can anybody help me out. >> >> >> >> karimulla: >> >> >> >> What is the declaration of E3Des()? Does it modify the first parameter? >> >see the declaration below >> >int E3Des(char *Passwd_en_Claro, char *Passwd_Encriptado8, char* >> >Passwd_Encriptado16, int *version); >> **** >> Of course, this actually says NOTHING about whether or not the first parameter is >> modified; far too many programmers are sloppy about the use of the word const in >> specifying parameters (generally, these are the same programmers who think 'char *' is >> still a data type that should be used for general-purpose programming, as opposed to >> LPTSTR or LPCTSTR). So it is entirely possible that a CORRECT declaration might have been >> >> int E3Des(const char * Passwd_en_Claro, char * Passwd_Encriptado8, char * >> Passwd_Encriptado16, int * version); >> >> I had hypothesized something about the last argument being a possible buffer count, but a >> key here is that we have not yet actually seen a specification of what is going on here, >> but my suspiction is that it expects that valid pointers are passed in for the second and >> third parameters, which is not happening here. If the version is given as 0, it probably >> rejects the operation and returns 0, quite possibly calling ::SetLastError, or >> alternatively, returning a negative number, but of course lacking any concept of what this >> function is really supposed to do to its arguments or what its return type is makes it >> difficult to infer what is going on or suggest alternative approaches. >> >> Why is the version number a pointer? Is it changed on completion of the function? What >> is it changed to, and why? I can see that you might have something that takes a (and >> shades of retrocomputing) an octal version number 0605 representing version 6.05, and >> returns an updated value, such as 0622, meaning the function could support features in the >> 6.22 release, but why octal? As far as I know, the last byte-oriented machine to use >> octal was the PDP-11. (Although the failure to use const and the assumption of 8-bit >> characters suggests the coder has not progressed beyond PDP-11 C) >> >> I suspect it is uninitialized pointers caused by someone who doesn't understand the C >> language trying to write code, and who is calling a function written by someone who >> doesn't understand either C or modern programming practice. In addition to the abuse of >> the data type 'char', as if characters are really only 8 bits wide all the time >> everywhere, and the likely omission of the 'const' on the first parameter, DO YOU SEE A >> BUFFER LENGTH BEING PASSED IN? Of course not! We have here a security function designed >> to create security holes! Buffer overrun! >> >> This looks like it was written by someone who learned C programming from the K&R book. >> ***** >> >and it doesn't modify the first parameter. >> **** >> So why is the first parameter not declared 'const'???? The function definition is, to put >> it mildly, the result of slovenly programming. >> **** >> >> It would seem that it does. In that case you must pass it a modifiable >> >> character string >> >> >> >> char passwordToEncrypt[1024] = "080000151F6ECF67"; >> >> >> >> (assuming that 1024 is long enough). >> >> >> >> Additional point: when you assign a string literal to a char pointer you >> >> should always write >> >> >> >> const char *passwordToEncrypt = "080000151F6ECF67"; >> >i don't have any problem with above parameter. i got error when i pass +ve >> >value to "i" variable. >> >> Then the compiler will stop you from passing it to a function that will >> >> modify the string (i.e. one that takes char* as argument). >> >> >> >> -- >> >> David Wilkinson >> >> Visual C++ MVP >> >> >> >-karimulla. >> Joseph M. Newcomer [MVP] >> email: newcomer(a)flounder.com >> Web: http://www.flounder.com >> MVP Tips: http://www.flounder.com/mvp_tips.htm >> Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: Joseph M. Newcomer on 10 Jul 2007 10:00 I'm a bit suspicious; you have an undocumented and probably poorly-written function with no source code that is supposed to do something, and it isn't doing what you want. Sounds to me like it is time to throw that DLL away and use something that IS documented, such as the crypto API. The reason I suspect this is that someone who doesn't understand const, or how to specify the sizes of output buffers, who has coded a DLL that is supposed to do something, but which has ill-defined behavior, is likely to have written a subroutine that has many more problems. In the absence of any documentation, there is no way I can advise as to how to use a function I've never seen before. joe On Tue, 10 Jul 2007 03:16:01 -0700, karim <karim(a)discussions.microsoft.com> wrote: >Hi David, > >"David Wilkinson" wrote: > >> karim wrote: >> > Hi Joseph , >> > Thanks for your reply. The method E3Des takes "passwordToEncrypt" as input >> > and run some encryption algorithm and then store the result in encpwd8 and >> > encpwd16 parameters, during this process version number, which is in "i" gets >> > modified. thats why i passed i as int *.now i have provided input like >> > >> > char *passwordToEncrypt = "080000151F6ECF67"; >> > char encpwd8[1024] = ""; >> > char encpwd16[1024] = ""; >> > int i = 0605; >> > >> > here i am getting output in encpwd16 and some garbage value in encpwd8 and >> > i=389 with a return value of zero(Actually 1= success, differnt 1 = bad) >> >> Karim: >> >> Mihajlo Cvetanovic gave you the correct answer to this several days ago. >i have tried it, but the encpwd8 parameter is getting only garbage value. >Actually i don't have source code for that dll(which has function defination) >to debug. is there any way to get the error correct. >> You have to provide a buffer with enough space for the encrypted >> information: >> >> const char *passwordToEncrypt = "080000151F6ECF67"; >> char encpwd8[LARGE_ENOUGH_8]; >> char encpwd16[LARGE_ENOUGH_16]; >> int i = 0605; >> >> int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); >> >> Actually, because the prototype of your function is not const-correct >> you must do: >> >> int l = E3Des((char*)passwordToEncrypt, encpwd8, encpwd16, &i); >> >> or supply an actual buffer for the input array: >> >> char passwordToEncrypt[] = "080000151F6ECF67"; >> >> -- >> David Wilkinson >> Visual C++ MVP > >Thanks, >karimulla . Joseph M. Newcomer [MVP] email: newcomer(a)flounder.com Web: http://www.flounder.com MVP Tips: http://www.flounder.com/mvp_tips.htm
From: kalpesh on 12 Jul 2007 06:24
On Jul 10, 7:00 pm, Joseph M. Newcomer <newco...(a)flounder.com> wrote: > I'm a bit suspicious; you have an undocumented and probably poorly-written function with > no source code that is supposed to do something, and it isn't doing what you want. Sounds > to me like it is time to throw that DLL away and use something that IS documented, such as > the crypto API. > > The reason I suspect this is that someone who doesn't understand const, or how to specify > the sizes of output buffers, who has coded a DLL that is supposed to do something, but > which has ill-defined behavior, is likely to have written a subroutine that has many more > problems. > > In the absence of any documentation, there is no way I can advise as to how to use a > function I've never seen before. > joe > > > > > > On Tue, 10 Jul 2007 03:16:01 -0700, karim <k...(a)discussions.microsoft.com> wrote: > >Hi David, > > >"David Wilkinson" wrote: > > >> karim wrote: > >> > Hi Joseph , > >> > Thanks for your reply. The method E3Des takes "passwordToEncrypt" as input > >> > and run some encryption algorithm and then store the result in encpwd8 and > >> > encpwd16 parameters, during this process version number, which is in "i" gets > >> > modified. thats why i passed i as int *.now i have provided input like > > >> > char *passwordToEncrypt = "080000151F6ECF67"; > >> > char encpwd8[1024] = ""; > >> > char encpwd16[1024] = ""; > >> > int i = 0605; > > >> > here i am getting output in encpwd16 and some garbage value in encpwd8 and > >> > i=389 with a return value of zero(Actually 1= success, differnt 1 = bad) > > >> Karim: > > >> Mihajlo Cvetanovic gave you the correct answer to this several days ago. > >i have tried it, but the encpwd8 parameter is getting only garbage value. > >Actually i don't have source code for that dll(which has function defination) > >to debug. is there any way to get the error correct. > >> You have to provide a buffer with enough space for the encrypted > >> information: > > >> const char *passwordToEncrypt = "080000151F6ECF67"; > >> char encpwd8[LARGE_ENOUGH_8]; > >> char encpwd16[LARGE_ENOUGH_16]; > >> int i = 0605; > > >> int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); > > >> Actually, because the prototype of your function is not const-correct > >> you must do: > > >> int l = E3Des((char*)passwordToEncrypt, encpwd8, encpwd16, &i); > > >> or supply an actual buffer for the input array: > > >> char passwordToEncrypt[] = "080000151F6ECF67"; > > >> -- > >> David Wilkinson > >> Visual C++ MVP > > >Thanks, > >karimulla . > > Joseph M. Newcomer [MVP] > email: newco...(a)flounder.com > Web:http://www.flounder.com > MVP Tips:http://www.flounder.com/mvp_tips.htm- Hide quoted text - > > - Show quoted text - Declare your varialble like this ::: char *passwordToEncrypt = "080000151F6ECF67"; char encpwd8[1024] = "\0" ; char encpwd16[1024 = "\0" ; int i = 0605; and pass it to your funciton; int l = E3Des(passwordToEncrypt, encpwd8, encpwd16, &i); Not inside function use strcpy command to assing any value to this argument encpwd8, encpwd16 Try it... |