cpencrypt, in out parameters

On 16 Nov 2003 23:34:23 -0800, se****@uekae.tubitak.gov.tr (p_hose)
wrote in comp.lang.c:

Note that non-standard, third party libraries like CPEncrypt, whatever
the heck it is, and DLLs, which are a part of the Windows operating
system and not part of the C language, are off-topic here, but I did
spot at least one genuine C coding mistake.

hi
I'm trying to write CPEncrypt function. but i don't change the
content's of the pbData. First it contained the plaintext. But after
encryption i did not write the ciphertext value on it. Actually it
change in the CSP dll but pbData which is in the cryptencrypt function
didn't change. how could i write the value on pbData? when i used
"strcpy((char* )pbData,(char *)tempData);" the progmram send
error.(tempdata is carrying ciphertext value)
Mycode(smaple program which is using my own CSP) is below.
thanks.
[snip]
BYTE *outdata;
outdata=(BYTE *)malloc(100);
Don't cast the return value of malloc() in C. It is not necessary and
can prevent the compiler from warning you about a potentially serious
error if you neglected to include <stdlib.h> and don't have a
prototype in scope.

And always test the pointer value returned by malloc() for NULL. If
the allocation failed and you don't test it, you will be dereferencing
a null pointer and generating undefined behavior.

In any case, the call to malloc(), if it succeeded, returned a pointer
to the newly allocated space.
outdata=(unsigned char *)"selami uekae tubitak\0";
Now you immediately throw away that pointer by coping the address of a
string literal into it. You have just leaked the memory you
allocated.
DWORD len = strlen((const char *)outdata);
strlen() returns a value of type size_t. Why cast it to anything
else?
if(!CryptEncrypt(hKey, 0,TRUE,0,outdata,&len,(DWORD)100 ))
If the CryptEncrypt() function tries to modify the data passed to in
via the outdata pointer, you have undefined behavior by attempting to
modify a string literal.

[snip]
if i used below code instead of "outdata=(BYTE *)malloc(100)" and
encrypted the hash value the program work properly.
BYTE outdata[100];
outdata[0]=(char)"s";
outdata[1]=(char)"e";
outdata[2]=(char)"l";
outdata[3]=(char)"a";
outdata[4]=(char)"m";
outdata[5]=(char)"i";
outdata[6]=(char)"h";
outdata[7]=(char)"o";
outdata[8]=(char)"z";
outdata[9]=(char)"b";
outdata[10]=(char)"e";
outdata[11]=(char)"f";
outdata[12]=(char)"b";
outdata[13]=(char)"y";
outdata[14]='\0';

Here you are not losing the pointer returned by malloc(), and for sure
you are not attempting to modify a string literal.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://www.eskimo.com/~scs/C-faq/top.html
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.learn.c-c++ ftp://snurse-l.org/pub/acllc-c++/faq

hi
sorry my problem is how could i change the content's of pbData in my
CSP dll? First it contained the plaintext. But after
encryption i did not write the ciphertext value on it.could you send
me code for this problem?
thanks.
BOOL WINAPI
CPEncrypt(
IN HCRYPTPROV hProv,
IN HCRYPTKEY hKey,
IN HCRYPTHASH hHash,
IN BOOL fFinal,
IN DWORD dwFlags,
IN OUT LPBYTE pbData,
IN OUT LPDWORD pcbDataLen,
IN DWORD cbBufLen)
{
char *tempData;
tempData=(PBYTE)malloc(strlen(outData));
..
..//pbData (plaintext) is encrypted
..//and ciphertext is written on tempData
..
printf("tempdata degeri %s %d \n",tempData,strlen((char *)tempData));
//in mysample program i can see these values
memcpy(pbData,tempData,strlen(tempData));//and in this line
//CSP send error 0x57 but if i //use hashed data for encryption
//the program is working properly

return true;
}
my sample program code
..
..
..
BYTE *outdata;
outdata=(BYTE *)malloc(100);
size_t size;
size=_msize(outdata);
outdata=(unsigned char*)"selami uekae tubitak";
DWORD len = strlen((const char *)outdata);
if(!CryptEncrypt(hKey, 0,TRUE,0,outdata,&len,(DWORD)size ))
printf("Error %x during CryptEncrypt!\n", GetLastError());
else printf("CryptEncrypt succeed\n");

p_hose wrote:

sorry my problem is how could i change the content's of pbData
in my CSP dll? First it contained the plaintext. But after
encryption i did not write the ciphertext value on it.could
you send me code for this problem?

.... snip ...

What part of Jack Kleins "off-topic" message was too complicated
for you to understand? Google for "reading for comprehension
classes".

--
Chuck F (cb********@yahoo.com) (cb********@worldnet.att.net)
Available for consulting/temporary embedded and systems.
<http://cbfalconer.home.att.net> USE worldnet address!