Spot the Bug
Results 1 to 5 of 5

Thread: Spot the Bug

  1. #1
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,914

    Spot the Bug

    Hey Hey,

    I get a lot of newsletters daily, some of them from Microsoft (just their standard newsletters)...

    This weeks contained a link to Spot the Bug... I haven't seen it nor seen it posted before, however some of you may have...

    It's actually pretty cool... I'm gonna use it to kill my boredom later

    My Only request at this point is that if you spot the bug... keep your post hidden for the rest of us that aren't programmers and wanna give it a try..

    http://blogs.msdn.com/rsamona/archive/2006/01.aspx

    Code:
    class CUserManager
    {
    public:
      void   CreateLogin(String * strUserName, String * strPassword);
      void   AddLoginToDB(String * strUserName, Byte bytePasswordHash[]);
    };
     
    int _tmain()
    {
      CUserManager objUsrMgr;
     
      String * struser = S"newuser";
      String * struserpass = S"password";
     
      objUsrMgr.CreateLogin(struser, struserpass);
     
      return 0;
    }
     
    void CUserManager::CreateLogin(String * strUserName, String * strPassword)
    {
      System::Text::ASCIIEncoding *pAscii = new System::Text::ASCIIEncoding();
     
      Byte bytePassword[] = pAscii->GetBytes(strPassword);
     
      SHA1CryptoServiceProvider *pSha1 = new SHA1CryptoServiceProvider();
      Byte byteHash[] = pSha1->ComputeHash(bytePassword);  
     
      AddLoginToDB(strUserName, byteHash);
     
      return;
    }
     
    void CUserManager::AddLoginToDB(String * strUserName, Byte bytePasswordHash [])
    {
      //Add the user name and the password hash to the database
      return;
    }
    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  2. #2
    Senior Member ShippMA's Avatar
    Join Date
    Oct 2002
    Posts
    165
    Well i don't know what language that was programmed in, but heres my stab at it:

    CUserManager objUsrMgr;

    String * struser = S"newuser";
    String * struserpass = S"password";

    objUsrMgr.CreateLogin(struser, struserpass);
    Here it looks like they are creating two strings, struser and struserpass

    But at the start and after this they have strUserName and strPassword

    void CreateLogin(String * strUserName, String * strPassword);
    void CUserManager::CreateLogin(String * strUserName, String * strPassword)
    However also near the end with the Password Hash they call it byteHash, but then it looks like they are trying to then add to the DB as bytePasswordHash

    Byte byteHash[] = pSha1->ComputeHash(bytePassword);
    void CUserManager::AddLoginToDB(String * strUserName, Byte bytePasswordHash [])
    Well is any of it close?

    Like i said i don't even recognise the language, so i'm just looking at it and using my knowledge of other languages to try and understand what is happening...

    Edit: Oh also did notice what looks like an eroneous ; on the sixth line down, the ine that reads:



    );
    www.simpleits.co.uk
    www.tazforum.**********.com
    Google is god ....... of the Internet

  3. #3
    Custom User
    Join Date
    Oct 2001
    Posts
    503
    ShippMA, if you're still wondering, the language looks like C++ to me.

    Here it looks like they are creating two strings, struser and struserpass

    But at the start and after this they have strUserName and strPassword
    That doesn't matter because the strUserName, etc are arguments to functions. The }; is also standard C++ syntax for the end of a class definition.

    My guess is that it's the following lines which are the problem:
    String * struser = S"newuser";
    String * struserpass = S"password";
    I've never seen a string declared like that - I would have expected them to use some kind of constructor or malloc or something like that (I'm not a C++ programmer so I don't know exactly how it works). I would have imagined that you could do String struser = String("newuser") or just String struser = "newuser", but I don't know.

    [edit]In fact, strike that about my previous guess, I meant to actually say that the empty function "void CUserManager::AddLoginToDB(...)" is empty apart from a return;. The fact that it doesn't do anything seems like quite a big bug to me :P[/edit]

    ac

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Posts
    557
    Hi

    The code itself is valid C++.NET syntax. Simply compile with the
    /clr:oldSyntax flag, if you have newer editions.

    There are two problems I see here (I just checked the msdn-description
    of one function after the other):
    1. no salt is used
    2. characters like , , , , charset:gb2312 etc. are translated to ascii-63 ('?'),
    enhancing the probability of a collision[1]


    Cheers :)

    [1] http://msdn.microsoft.com/library/de...classtopic.asp
    If the only tool you have is a hammer, you tend to see every problem as a nail.
    (Abraham Maslow, Psychologist, 1908-70)

  5. #5
    Banned
    Join Date
    Jul 2004
    Posts
    119
    ---does'nt code require headers?----


    class CUserManager
    {
    public:
    void CreateLogin(String * strUserName, String * strPassword);
    void AddLoginToDB(String * strUserName, Byte bytePasswordHash[]);


    }; <----does not make sense



    int _tmain() <-----never seen tmain before


    {
    CUserManager objUsrMgr;

    String * struser = S"newuser";
    String * struserpass = S"password";

    objUsrMgr.CreateLogin(struser, struserpass);

    return 0;
    }

    void CUserManager::CreateLogin(String * strUserName, String * strPassword)
    {
    System::Text::ASCIIEncoding *pAscii = new System::Text::ASCIIEncoding();

    Byte bytePassword[] = pAscii->GetBytes(strPassword);

    SHA1CryptoServiceProvider *pSha1 = new SHA1CryptoServiceProvider();
    Byte byteHash[] = pSha1->ComputeHash(bytePassword);

    AddLoginToDB(strUserName, byteHash);

    return;
    }

    void CUserManager::AddLoginToDB(String * strUserName, Byte bytePasswordHash [])
    {
    //Add the user name and the password hash to the database
    return;
    }




    hopefully im not an idiot for guessing with my experience in c++ (which isnt a whole hell of a lot)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •