0

我正在编写一个密码,其密钥文件为 256 位长。其中 128 位必须输入密钥,128 位必须输入 IV。我明确定义了这些数组的大小,然后读取,我得到的输出仍然是 Key 设置了 148 位,而 IV 则更少。最后它给出了堆栈粉碎错误。

int main(int argc,char *argv[]) {

    if(argc < 4 || !argv[1] || !argv[2]) {
        cout << "Usage: Encoding: " << argv[0] << " [plaintext-file] [key-file] [cipher-file]" << endl;
        cout << "Usage: Decoding: " << argv[0] << " [cipher-file] [key-file] [plaintext-file]" << endl;
        return 0;
    }

    unsigned char key[16], iv[16];
    unsigned long i;

    // read input file and size etc
    FILE* in_file = fopen(argv[1],"rb");
    if(!in_file) {
        cout << "Error opening read file" << endl;
        return 0;
    }

    fseek(in_file,0,SEEK_END);
    unsigned int msglength = ftell(in_file);
    cout << "Msglength:" << msglength << endl;

    unsigned char * mem_ptr =  (unsigned char*)malloc(msglength);
    if(!mem_ptr) {
        cout << "Error allocating memory" << endl;
        fclose(in_file);
        return 0;
    }

    rewind(in_file);
    fread(mem_ptr,1,msglength,in_file);
    fclose(in_file);

    // read keyfile etc
    FILE* key_file = fopen(argv[2],"rb");
    if(!key_file) {
        cout << "Error opening key file" << endl;
        return 0;
    }

    fseek(key_file,0,SEEK_END);
    unsigned int key_size = ftell(key_file);
    cout << "Key Size:" << key_size << endl;
    unsigned char * key_ptr = (unsigned char*)malloc(key_size);
    if(!key_ptr) {
        cout << "Error allocating memory" << endl;
        fclose(key_file);
        return 0;
    }

    rewind(key_file);
    fread(key_ptr,1,key_size,key_file);

    cout << "sizeof key"<<sizeof(key)<<"  sizeof iv" << sizeof(iv) << endl;
    for (i=0; i<256; i++) {
        if (i<128) key[i] = key_ptr[i];
        else iv[i-128] = key_ptr[i];
    }
    cout << key_ptr << endl;
    cout << "Key:" << key << endl << "IV:" << iv << endl;
}

输出

Msglength:15
Key Size:257
sizeof key16  sizeof iv16
abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678

Key:abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678
IV:abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678abcdefgh12345678

*** stack smashing detected ***: ./a.out terminated
Segmentation fault (core dumped)

知道我哪里错了吗?

4

3 回答 3

0

key和的大小iv都是 16。

unsigned char key[16], iv[16];

所以这不好。

for (i=0; i<256; i++) {
    if (i<128) key[i] = key_ptr[i];
    else iv[i-128] = key_ptr[i];
}

通过写超出这两个数组的末尾,您会出错。

于 2013-05-16T15:01:05.123 回答
0

您有缓冲区溢出:您定义keyand ivasunsigned char[16]但在for循环中您尝试访问它们,就好像它们是unsigned char[128].

您是否在某些时候混淆了位和字节?

于 2013-05-16T15:01:14.180 回答
0

根据这篇文章 Stack Smashing 实际上是 gcc 用来检测缓冲区溢出攻击的一种保护机制

我可以看到

unsigned char key[16], iv[16];

未初始化可能是您可以考虑将它们初始化为零或NULL

  for (i=0;i<256;i++) {
      if (i<128) key[i] = key_ptr[i];
      else iv[i-128] = key_ptr[i];
    }

在这种情况下没有 NULL 终止,也许您可​​以查看这些以获得更多想法

于 2013-05-16T15:02:05.927 回答