You're right, that code causes a dangling pointer if you pass it an IV using ConstByteArrayParameter with deepCopy = true, which I hadn't considered that someone might do. I can add a check for that and throw an error if deepCopy = true, or do you need that to be supported for some reason?
-------------------------------------------------- From: "Mark Millard" <[email protected]> Sent: Thursday, November 05, 2009 10:16 AM To: "Crypto++ Users" <[email protected]> Subject: Dangling pointer in SimpleKeyingInterface::GetIVAndThrowIfInvalid > > For Crypto++ V5.6.0 in... > > const byte * SimpleKeyingInterface::GetIVAndThrowIfInvalid(const > NameValuePairs ¶ms, size_t &size) > { > ConstByteArrayParameter ivWithLength; > const byte *iv; > bool found = false; > > try {found = params.GetValue(Name::IV(), ivWithLength);} > catch (const NameValuePairs::ValueTypeMismatch &) {} > > if (found) > { > iv = ivWithLength.begin(); > ThrowIfInvalidIV(iv); > size = ThrowIfInvalidIVLength((int)ivWithLength.size()); > return iv; > > when ivWithLength ends up with a SecDlock from a deep copy, the > ivWithLength destruction at the return means that the iv pointer is > dangling to unowned memory after the return. This was noticed from the > initialization vector value being wrong under a debugger and watching > the pointer to value change during the destruction. > > --~--~---------~--~----~------------~-------~--~----~ > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to > [email protected]. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > -~----------~----~----~----~------~----~------~--~--- > > -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
