Ticket UUID: | 3574004 | |||
Title: | decrypt/encrypt fails for data beginning with '-' | |||
Type: | Bug | Version: | None | |
Submitter: | samoconnor | Created on: | 2012-10-03 02:28:14 | |
Subsystem: | aes | Assigned To: | andreas_kupries | |
Priority: | 5 Medium | Severity: | ||
Status: | Closed | Last Modified: | 2013-01-09 05:38:04 | |
Resolution: | Fixed | Closed By: | andreas_kupries | |
Closed on: | 2013-01-08 22:37:21 | |||
Description: |
% set data_block -[string repeat \\0 15] -\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0 % aes::aes -hex -mode cbc -dir encrypt -key $nil_block $data_block bad option "-\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0": must be one of -chunksize, -dir, -hex, -in, -iv, -key, -mode, -out The last item in the args list is always the data (or the in stream name). It is never a "-" option and should not be treated as one even if it starts with a "-". I have a server system that has been running for more than a year before happening to have some data beginning with a "-". Very hard to test for unless you already know what the problem is. Suggested fix: terminate argument processing when the args list length gets to 1... --- tcllib-1.14.orig/modules/aes/aes.tcl2012-07-25 10:53:21.000000000 +1000 +++ tcllib-1.14/modules/aes/aes.tcl2012-10-03 12:19:44.000000000 +1000 @@ -519,7 +519,7 @@ set opts(-iv) [string repeat \0 16] set modes {ecb cbc} set dirs {encrypt decrypt} - while {[string match -* [set option [lindex $args 0]]]} { + while {[llength $args] > 1 && [string match -* [set option [lindex $args 0]]]} { switch -exact -- $option { -mode { set opts(-mode) [SetOneOf $modes [Pop args 1]] } -dir { set opts(-dir) [SetOneOf $dirs [Pop args 1]] } | |||
User Comments: |
andreas_kupries added on 2013-01-09 05:38:04:
Committed revision is [57b5f729ca]. andreas_kupries added on 2013-01-09 05:37:21: allow_comments - 1 Decided to accept the change, as it should be pretty much backward compatible. Additionally documented the option -- also. Version bumped to 1.1. (Visible API change). I am lucky that this package does not have C accelerator code requiring the change also. That said, getting some C code here for speed would be nice. andreas_kupries added on 2013-01-09 05:22:40: The aes::aes command already accepts a (currently undocumented) option -- (double-dash) which stops option processing and forces interpretation of data, even if starting with a dash. See line 532, about 10 lines after where you patched. Is that good enough for your case (plus documenting this option) ? |