search

RNCryptor / RNCryptor-cpp

C++ implementation of Rob Napier's RNCryptor
MIT License
13 stars 9 forks source link

Bug of `RNEncryptor::generateIv` #3

Closed gekailin closed 8 years ago

gekailin commented 8 years ago

I found a bug of RNEncryptor::generateIv.

Because GenerateBlock may produce bytes with value '\0', the length of ivString may less than length.

string RNEncryptor::generateIv(int length)
{
    AutoSeededRandomPool prng;

    byte iv[length + 1];
    prng.GenerateBlock(iv, length);

        iv[length] = '\0';

    string ivString = string((char *)iv);
    return ivString;
}

I suggest using the following code:

string RNEncryptor::generateIv(int length)
{
    AutoSeededRandomPool prng;

    byte iv[length];
    prng.GenerateBlock(iv, length);

    return string((char *)iv, length);
}
curtisdf commented 8 years ago

Thanks @gekailin. C++ isn't really my area. I just built this as an exploratory exercise. Pull requests are welcome, particularly if they come with tests demonstrating that the problem is fixed. Thanks!