Received: from MTLFS1.montreal.hcl.com ([132.216.79.3]) by krbdev.mit.edu (8.9.3p2) with ESMTP id UAA05762; Wed, 7 Jul 2004 20:31:50 -0400 (EDT) Content-Class: urn:content-classes:message Subject: RE: [krbdev.mit.edu #2622] Problem with LSH_DLGINFO_EX_V1_SZ MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 7 Jul 2004 20:30:54 -0400 X-Mimeole: Produced By Microsoft Exchange V6.5.6944.0 Message-Id: <88C8B14D74194F409F0E4AEC20DF228411EA89@MTLFS1.montreal.hcl.com> X-MS-Has-Attach: X-MS-Tnef-Correlator: Thread-Topic: [krbdev.mit.edu #2622] Problem with LSH_DLGINFO_EX_V1_SZ Thread-Index: AcRkgds42CAW8SWASReqe70eud5kwAAAF/Fw From: "Pierre Goyette" To: "Jeffrey Altman" Cc: Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by krbdev.mit.edu id UAA05762 RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 1419 You still have the problem that if the structure size were to increase in the future and someone built code using the new larger structure, it would not work with older client code. All instances of: if ( lpdi->size == sizeof(LSH_DLGINFO_EX) ) { Should read: if ( lpdi->size >= sizeof(LSH_DLGINFO_EX) ) { The checks done should verify that the structure is *at least* a given size. It does not need to check that it is an exact size. This is how many Windows APIs are coded. This allows newer programs to be backward compatible with older O/S'. The older O/S checks that the structure is large enough to handle its requirements. It doesn't care if a structure is larger. Pierre > -----Original Message----- > From: Jeffrey Altman [mailto:jaltman@columbia.edu] > Sent: Wednesday, July 07, 2004 8:24 PM > To: Pierre Goyette > Cc: rt-kfw-comment@krbdev.mit.edu > Subject: Re: [krbdev.mit.edu #2622] Problem with LSH_DLGINFO_EX_V1_SZ > > You have now described the intended behavior. > The test is now: > > if ((lpdi->size != LSH_DLGINFO_EX_V1_SZ && > lpdi->size < sizeof(LSH_DLGINFO_EX)) || > lpdi->dlgtype != DLGTYPE_PASSWD) { > > MessageBox(hDialog, "An incorrect initialization > data structure was provided.", > "AuthenticateProc()", > MB_OK | MB_ICONSTOP); > return FALSE; > } > > >