Security Audit 5.6: Check length of ssNameLen < 256 before allocating buffer.

2006-04-26 17:03:11 +00:00 · 2006-04-26 17:03:11 +00:00 · 315e2cecc1
commit 315e2cecc1
parent 43a64f3df3
2 changed files with 12 additions and 3 deletions
--- a/CASA.changes
+++ b/CASA.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com
+- Security Audit 5.6: Check length of ssNameLen < 256
+  before allocating buffer
+    
 -------------------------------------------------------------------
 Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com
 - Security Audit 5.4: Issue Garbage Collect after loading persistence.
--- a/c_micasad/verbs/OpenSecretStore.cs
+++ b/c_micasad/verbs/OpenSecretStore.cs
@ -49,6 +49,8 @@ namespace sscs.verbs
        
        private byte[] outBuf;
        int retCode = 0;
+
+		private static int MAX_SS_NAME_LEN = 256;
        
        /*
        * This method sets the class member with the byte array received.
@ -80,12 +82,14 @@ namespace sscs.verbs

            ssVersion = BitConverter.ToUInt32(inBuf,6);
            ssNameLen = BitConverter.ToUInt32(inBuf,10);
- 
+
+			if (ssNameLen > MAX_SS_NAME_LEN)
+				throw new FormatException(" SecretStore Name length exceeds length allowed");
+
            byte[] tempArr = new byte[ssNameLen];
            Array.Copy(inBuf,14,tempArr,0,ssNameLen);
-            ssName = Encoding.UTF8.GetString(tempArr);
+            ssName = Encoding.UTF8.GetString(tempArr);        	

-        
            try
            {
                SecretStore ss = SessionManager.CreateUserSession(userId);