diff --git a/CASA.changes b/CASA.changes index 5b5cadce..139a92cd 100644 --- a/CASA.changes +++ b/CASA.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue May 2 20:30:37 IST 2006 - lsreevatsa@novell.com +- Description: + Security Audit 5:13. Refix for using proper length on strncpy. + Maximum Length is 512 characters. + +- Modified files: + c_adlib/GKEngine.cs + c_adlib/ad_gk/GnomeKeyring.cs + c_adlib/ad_gk/native/ad_gk.c + ------------------------------------------------------------------- Tue May 2 12:37:22 IST 2006 - smanojna@novell.com - Description: @@ -7,7 +18,7 @@ Tue May 2 12:37:22 IST 2006 - smanojna@novell.com This check is essential to protect CASA from possible buffer overflow attacks. - Modified files: +- Modified files: casa.glade ------------------------------------------------------------------- diff --git a/c_adlib/GKEngine.cs b/c_adlib/GKEngine.cs index db231af7..e42b6729 100644 --- a/c_adlib/GKEngine.cs +++ b/c_adlib/GKEngine.cs @@ -94,6 +94,8 @@ namespace Novell.CASA.DataEngines itemId = (int)iEtor.Current; itemInfo = GnomeKeyring.GKGetItemInfo(keyring,itemId); attrList = GnomeKeyring.GKGetAttributeList(keyring,itemId); + if(itemInfo.displayName==null) + continue; XmlElement secretElem = doc.CreateElement(ConstStrings.CCF_SECRET); XmlAttribute secIdAttr = doc.CreateAttribute(ConstStrings.CCF_ID); diff --git a/c_adlib/ad_gk/GnomeKeyring.cs b/c_adlib/ad_gk/GnomeKeyring.cs index 495f067a..a92bb9e4 100644 --- a/c_adlib/ad_gk/GnomeKeyring.cs +++ b/c_adlib/ad_gk/GnomeKeyring.cs @@ -50,9 +50,9 @@ namespace Novell.CASA.DataEngines.GK public int cTime; public NativeItemInfo() { - /* The GUI allows 256 as the max number of chars for these items */ - displayName = Marshal.AllocHGlobal(256); - secret = Marshal.AllocHGlobal(256); + /* The GUI allows 513 as the max number of chars for these items */ + displayName = Marshal.AllocHGlobal(512 + 1); + secret = Marshal.AllocHGlobal(512 + 1); } ~NativeItemInfo() { diff --git a/c_adlib/ad_gk/native/ad_gk.c b/c_adlib/ad_gk/native/ad_gk.c index ff79173d..e4f828c4 100644 --- a/c_adlib/ad_gk/native/ad_gk.c +++ b/c_adlib/ad_gk/native/ad_gk.c @@ -748,9 +748,9 @@ void ItemGetInfoCb( GnomeKeyringResult result, } else { - /* maxlen = 255. This should be one less than the size of + /* maxlen = 512. This should be one less than the size of Novell.CASA.DataEngines.GK.NativeItemInfo.displayName */ - maxlen = sizeof (itemInfo->displayName); + maxlen = 512; item = gnome_keyring_item_info_get_display_name(info); itemlen = strlen (item); if (itemlen > maxlen) { @@ -760,9 +760,9 @@ void ItemGetInfoCb( GnomeKeyringResult result, itemInfo->displayName[itemlen] = '\0'; } - /* maxlen = 255. This should be one less than the size of + /* maxlen = 512. This should be one less than the size of Novell.CASA.DataEngines.GK.NativeItemInfo.secret */ - maxlen = sizeof (itemInfo->secret); + maxlen = 512; item = gnome_keyring_item_info_get_secret(info); itemlen = strlen (item); if (itemlen > maxlen) {