Thread: buffer overflow problems

  1. #1
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640

    buffer overflow problems

    I have a small project to make a simple program that uses SHA-1 to hash a file. I'm using SHA-1 classes/code from codeproject (http://www.codeproject.com/cpp/csha1.asp) (SHA1.cpp and SHA1.h). All I'm trying to do is show the hash code of any file. I'm getting an error right when the program exits (only if the file exists and it gets hashed)

    Code:
    Error:
    Run-Time Check Failure #2 - Stack around the variable 'lpszHash' was corrupted.
    The code isn't hard to understand, not alot of it either, I would really appreciate the help on this. The error is a Native error and only is reported when using debug mode (I found this out in the help file). How can I fix my program? Obviously I want to practice good programming.

    PS - I changed the code, it used to check for a file specified in parameters to running the program, but I got sick of having to mess with that at the moment, so I specified for it to hash main.obj
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  2. #2
    Registered User Codeplug's Avatar
    Join Date
    Mar 2003
    Posts
    4,981
    The usage looks find to me. Notice what is "around the variable 'lpszHash'":
    Code:
        CSHA1 shaFile;
        char lpszHash[50];
    Perhaps CSHA1 is corrupting itself and mabye lpszHash as well.
    Use the debugger and see if any bytes within lpszHash change when you call a method of shaFile.

    gg

  3. #3
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    I guess 50 bytes isn't enough for all those strcat() in void CSHA1::ReportHash(char *szReport, unsigned char uReportType)
    A quick calc suggests at least 60 bytes is needed
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  4. #4
    Registered User Codeplug's Avatar
    Join Date
    Mar 2003
    Posts
    4,981
    Yeah, don't forget about that space like I did
    Code:
        sprintf(szTemp, " %02X", m_digest[i]);
        //               ^here
    gg

  5. #5
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    right! doh! you use it too? works fine now, thanks.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  6. #6
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    Now that it works, how can I add it to the right-click menu of every file type? Is there some registry key I need to modify? I just want to be able to right click any file and get the hash. Thanks.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  7. #7
    and the hat of int overfl Salem's Avatar
    Join Date
    Aug 2001
    Location
    The edge of the known universe
    Posts
    39,660
    > Now that it works, how can I add it to the right-click menu of every file type?
    If you put a link to your executable in the "Send to" folder, then it should invoke your program with argv[] set to the filename(s) you've selected.
    If you dance barefoot on the broken glass of undefined behaviour, you've got to expect the occasional cut.
    If at first you don't succeed, try writing your phone number on the exam paper.

  8. #8
    Registered User Codeplug's Avatar
    Join Date
    Mar 2003
    Posts
    4,981
    Originally posted by Codeplug
    Yeah, don't forget about that space like I did
    Originally posted by neandrake
    you use it too?
    No. I just did in my head: 20*2=40 is less than 50.
    I figured you did the same thing.

    gg

  9. #9
    Skunkmeister Stoned_Coder's Avatar
    Join Date
    Aug 2001
    Posts
    2,572
    read on msdn about extending shortcut menus in the windows shell.
    Free the weed!! Class B to class C is not good enough!!
    And the FAQ is here :- http://faq.cprogramming.com/cgi-bin/smartfaq.cgi

  10. #10
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    thanks stoner, but, I didn't find anything about adding it for all files. I once found a program (not really a program) that used an INI file (right click, select Install) to register a new command for all files. Any idea how to do something similar, or at least accomplish the same goal?
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  11. #11
    Registered User
    Join Date
    May 2003
    Posts
    1,619
    Here's one way: Put the following as a text file:

    REGEDIT4

    [HKEY_CLASSES_ROOT\*\shell\Open with Notepad\command]
    @="notepad.exe \"%1\""
    and change it to end in .reg.

    Then, you can double-click and it would create those keys for you. Of course, replace "open with notepad" with your program, and "notepad.exe" with the full path to your file. %1 means the filename will be passed as the first parameter to your program. You can specify any other command line params, if you feel like it.

    So, if you wanted to throw some switches in (this example also shows how to handle pathnames that may have spaces, via the quotes, and the need for double \\ just like with strings in C:

    REGEDIT4

    [HKEY_CLASSES_ROOT\*\shell\Use my program\command]
    @="\"C:\\program files\\my program.exe\" -open -shell \"%1\""
    The above string inserted into the registry actually works out to be:
    "C:\program files\my program.exe" -open -shell "%1"
    after the escape characters are handled.

    You can do pretty much the exact same with an .INI, same idea (making a reg key). I forget the INI syntax offhand, though.
    Last edited by Cat; 12-04-2003 at 01:54 AM.
    You ever try a pink golf ball, Wally? Why, the wind shear on a pink ball alone can take the head clean off a 90 pound midget at 300 yards.

  12. #12
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    Here's a complete shell COM object I wrote that adds functionality to all files.

    Adapt it to your needs.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

  13. #13
    Skunkmeister Stoned_Coder's Avatar
    Join Date
    Aug 2001
    Posts
    2,572
    Well I managed to find thisin about 1 second..... Extending shortcut menus
    Free the weed!! Class B to class C is not good enough!!
    And the FAQ is here :- http://faq.cprogramming.com/cgi-bin/smartfaq.cgi

  14. #14
    Cat without Hat CornedBee's Avatar
    Join Date
    Apr 2003
    Posts
    8,895
    But it doesn't handle the * file class, which, I believe, is not as simple as the others.
    All the buzzt!
    CornedBee

    "There is not now, nor has there ever been, nor will there ever be, any programming language in which it is the least bit difficult to write bad code."
    - Flon's Law

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. system() vulnerable to a buffer overflow?
    By Loic in forum C Programming
    Replies: 19
    Last Post: 08-12-2008, 05:33 PM
  2. Few problems with my program
    By kzar in forum C Programming
    Replies: 6
    Last Post: 06-22-2005, 07:58 AM
  3. buffer contents swapping
    By daluu in forum C++ Programming
    Replies: 7
    Last Post: 10-14-2004, 02:34 PM
  4. Problems posting a message from the buffer
    By josh_d in forum Windows Programming
    Replies: 3
    Last Post: 03-31-2004, 08:39 AM
  5. DirectSound - multiple sounds
    By Magos in forum Game Programming
    Replies: 9
    Last Post: 03-03-2004, 04:33 PM