You still have the problem that if the structure size were to increase in the future and someone built code using the new larger structure, it would not work with older client code. All instances of: if ( lpdi->size == sizeof(LSH_DLGINFO_EX) ) { Should read: if ( lpdi->size >= sizeof(LSH_DLGINFO_EX) ) { The checks done should verify that the structure is *at least* a given size. It does not need to check that it is an exact size. This is how many Windows APIs are coded. This allows newer programs to be backward compatible with older O/S'. The older O/S checks that the structure is large enough to handle its requirements. It doesn't care if a structure is larger. Pierre > -----Original Message----- > From: Jeffrey Altman [mailto:jaltman@columbia.edu] > Sent: Wednesday, July 07, 2004 8:24 PM > To: Pierre Goyette > Cc: rt-kfw-comment@krbdev.mit.edu > Subject: Re: [krbdev.mit.edu #2622] Problem with LSH_DLGINFO_EX_V1_SZ > > You have now described the intended behavior. > The test is now: > > if ((lpdi->size != LSH_DLGINFO_EX_V1_SZ && > lpdi->size < sizeof(LSH_DLGINFO_EX)) || > lpdi->dlgtype != DLGTYPE_PASSWD) { > > MessageBox(hDialog, "An incorrect initialization > data structure was provided.", > "AuthenticateProc()", > MB_OK | MB_ICONSTOP); > return FALSE; > } > > >