未选中返回的值从而导致意外的状态和条件 [英] Unchecked returned value causing unexpected states and conditions

问题描述

我一直在寻找互联网了一个多小时，只能找到客户端的讨论我的最新扫描发现。我所接受的是，使用Read（）方法，方法和原因是读（）返回忽略可能会导致程序意外忽视状态和条件，发现价值。如果任何人都可以解释，在小细节，并可能建议修复的将是巨大的。功能如下：

在方法code的那一行：

  csEncrypt.Read（fromEncrypt，0，fromEncrypt.Length）;
 

调用方式：

 公共字符串DecryptMessage（字节[]加密）
    {
        ASCIIEncoding textConverter =新ASCIIEncoding（）;
        解密= aes.CreateDecryptor（键，IV）;
        MemoryStream的msDecrypt =新的MemoryStream（加密）;
        csEncrypt =新的CryptoStream（msDecrypt，解密，CryptoStreamMode.Read）;
        字节[] = fromEncrypt新的字节[encrypted.Length]
        csEncrypt.Read（fromEncrypt，0，fromEncrypt.Length）;
        返回textConverter.GetString（fromEncrypt）;
    }
 

解决方案

尽量不要忽略返回值：

 公共字符串DecryptMessage（字节[]加密）
{
    ASCIIEncoding textConverter =新ASCIIEncoding（）;
    解密= aes.CreateDecryptor（键，IV）;
    使用（MemoryStream的msDecrypt =新的MemoryStream（加密））
    {
        使用（VAR csEncrypt =新的CryptoStream（msDecrypt，解密，CryptoStreamMode.Read））
        {
            字节[] = fromEncrypt新的字节[encrypted.Length]
            变种读取动作= csEncrypt.Read（fromEncrypt，0，fromEncrypt.Length）;
            返回textConverter.GetString（fromEncrypt，0，读取动作）;
        }
    }
}
 

如果被送回较少的字节比你预期的在code，会发生什么？

I have been searching the internet for over an hour and can only find client side discussions the my latest scan finding. What I am receiving is method that uses the Read() method and because the Read() ignores the value returned could cause the program to overlook unexpected states and conditions finding. If anyone can explain, in small detail, and possibility recommend a fix the would be great. The function is below:

Offending line of code in the method:

csEncrypt.Read(fromEncrypt, 0, fromEncrypt.Length);

Calling method:

    public String DecryptMessage(byte[] encrypted)
    {
        ASCIIEncoding textConverter = new ASCIIEncoding();
        decryptor = aes.CreateDecryptor(key, IV);
        MemoryStream msDecrypt = new MemoryStream(encrypted);
        csEncrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
        byte[] fromEncrypt = new byte[encrypted.Length];
        csEncrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
        return textConverter.GetString(fromEncrypt);
    }

解决方案

Try not ignoring the return value:

public String DecryptMessage(byte[] encrypted)
{
    ASCIIEncoding textConverter = new ASCIIEncoding();
    decryptor = aes.CreateDecryptor(key, IV);
    using (MemoryStream msDecrypt = new MemoryStream(encrypted))
    {
        using (var csEncrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
        {
            byte[] fromEncrypt = new byte[encrypted.Length];
            var bytesRead = csEncrypt.Read(fromEncrypt, 0, fromEncrypt.Length);
            return textConverter.GetString(fromEncrypt, 0, bytesRead);
        }
    }
}

What would happen in your code if fewer bytes were returned than you expected?

这篇关于未选中返回的值从而导致意外的状态和条件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！