Security Audit 5.6: Check length of ssNameLen < 256 before allocating buffer.

CASA.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 26 11:02:00 MST 2006 - jnorman@novell.com
+- Security Audit 5.6: Check length of ssNameLen < 256
+  before allocating buffer
+    
 -------------------------------------------------------------------
 Wed Apr 26 10:55:20 MST 2006 - jnorman@novell.com
 - Security Audit 5.4: Issue Garbage Collect after loading persistence.

c_micasad/verbs/OpenSecretStore.cs

@@ -49,6 +49,8 @@ namespace sscs.verbs
         
         private byte[] outBuf;
         int retCode = 0;
+
+		private static int MAX_SS_NAME_LEN = 256;
         
         /*
         * This method sets the class member with the byte array received.
@@ -80,12 +82,14 @@ namespace sscs.verbs
 
             ssVersion = BitConverter.ToUInt32(inBuf,6);
             ssNameLen = BitConverter.ToUInt32(inBuf,10);
- 
+
+			if (ssNameLen > MAX_SS_NAME_LEN)
+				throw new FormatException(" SecretStore Name length exceeds length allowed");
+
             byte[] tempArr = new byte[ssNameLen];
             Array.Copy(inBuf,14,tempArr,0,ssNameLen);
-            ssName = Encoding.UTF8.GetString(tempArr);
+            ssName = Encoding.UTF8.GetString(tempArr);        	
 
-        
             try
             {
                 SecretStore ss = SessionManager.CreateUserSession(userId);