Security Audit 5.6: Check length of ssNameLen < 256 before allocating buffer.

CASA.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com
+- Security Audit 5.6: Check length of ssNameLen < 256
+  before allocating buffer
+    
 -------------------------------------------------------------------
 Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com
 - Security Audit 5.4: Issue Garbage Collect after loading persistence.

c_micasad/verbs/OpenSecretStore.cs

@@ -50,6 +50,8 @@ namespace sscs.verbs
         private byte[] outBuf;
         int retCode = 0;
 
+		private static int MAX_SS_NAME_LEN = 256;
+        
         /*
         * This method sets the class member with the byte array received.
         */
@@ -81,11 +83,13 @@ namespace sscs.verbs
             ssVersion = BitConverter.ToUInt32(inBuf,6);
             ssNameLen = BitConverter.ToUInt32(inBuf,10);
 
+			if (ssNameLen > MAX_SS_NAME_LEN)
+				throw new FormatException(" SecretStore Name length exceeds length allowed");
+
             byte[] tempArr = new byte[ssNameLen];
             Array.Copy(inBuf,14,tempArr,0,ssNameLen);
             ssName = Encoding.UTF8.GetString(tempArr);        	
 
-        
             try
             {
                 SecretStore ss = SessionManager.CreateUserSession(userId);