From 51d1477c3f794346b5f83097053f5bd79244928f Mon Sep 17 00:00:00 2001 From: lsreevatsa Date: Tue, 2 May 2006 15:05:55 +0000 Subject: [PATCH] - Description: Security Audit 5:13. Refix for using proper length on strncpy. Maximum Length is 512 characters. - Modified files: c_adlib/GKEngine.cs c_adlib/ad_gk/GnomeKeyring.cs c_adlib/ad_gk/native/ad_gk.c --- CASA.changes | 13 ++++++++++++- c_adlib/GKEngine.cs | 2 ++ c_adlib/ad_gk/GnomeKeyring.cs | 6 +++--- c_adlib/ad_gk/native/ad_gk.c | 8 ++++---- 4 files changed, 21 insertions(+), 8 deletions(-) diff --git a/CASA.changes b/CASA.changes index 5b5cadce..139a92cd 100644 --- a/CASA.changes +++ b/CASA.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Tue May 2 20:30:37 IST 2006 - lsreevatsa@novell.com +- Description: + Security Audit 5:13. Refix for using proper length on strncpy. + Maximum Length is 512 characters. + +- Modified files: + c_adlib/GKEngine.cs + c_adlib/ad_gk/GnomeKeyring.cs + c_adlib/ad_gk/native/ad_gk.c + ------------------------------------------------------------------- Tue May 2 12:37:22 IST 2006 - smanojna@novell.com - Description: @@ -7,7 +18,7 @@ Tue May 2 12:37:22 IST 2006 - smanojna@novell.com This check is essential to protect CASA from possible buffer overflow attacks. - Modified files: +- Modified files: casa.glade ------------------------------------------------------------------- diff --git a/c_adlib/GKEngine.cs b/c_adlib/GKEngine.cs index db231af7..e42b6729 100644 --- a/c_adlib/GKEngine.cs +++ b/c_adlib/GKEngine.cs @@ -94,6 +94,8 @@ namespace Novell.CASA.DataEngines itemId = (int)iEtor.Current; itemInfo = GnomeKeyring.GKGetItemInfo(keyring,itemId); attrList = GnomeKeyring.GKGetAttributeList(keyring,itemId); + if(itemInfo.displayName==null) + continue; XmlElement secretElem = doc.CreateElement(ConstStrings.CCF_SECRET); XmlAttribute secIdAttr = doc.CreateAttribute(ConstStrings.CCF_ID); diff --git a/c_adlib/ad_gk/GnomeKeyring.cs b/c_adlib/ad_gk/GnomeKeyring.cs index 495f067a..a92bb9e4 100644 --- a/c_adlib/ad_gk/GnomeKeyring.cs +++ b/c_adlib/ad_gk/GnomeKeyring.cs @@ -50,9 +50,9 @@ namespace Novell.CASA.DataEngines.GK public int cTime; public NativeItemInfo() { - /* The GUI allows 256 as the max number of chars for these items */ - displayName = Marshal.AllocHGlobal(256); - secret = Marshal.AllocHGlobal(256); + /* The GUI allows 513 as the max number of chars for these items */ + displayName = Marshal.AllocHGlobal(512 + 1); + secret = Marshal.AllocHGlobal(512 + 1); } ~NativeItemInfo() { diff --git a/c_adlib/ad_gk/native/ad_gk.c b/c_adlib/ad_gk/native/ad_gk.c index ff79173d..e4f828c4 100644 --- a/c_adlib/ad_gk/native/ad_gk.c +++ b/c_adlib/ad_gk/native/ad_gk.c @@ -748,9 +748,9 @@ void ItemGetInfoCb( GnomeKeyringResult result, } else { - /* maxlen = 255. This should be one less than the size of + /* maxlen = 512. This should be one less than the size of Novell.CASA.DataEngines.GK.NativeItemInfo.displayName */ - maxlen = sizeof (itemInfo->displayName); + maxlen = 512; item = gnome_keyring_item_info_get_display_name(info); itemlen = strlen (item); if (itemlen > maxlen) { @@ -760,9 +760,9 @@ void ItemGetInfoCb( GnomeKeyringResult result, itemInfo->displayName[itemlen] = '\0'; } - /* maxlen = 255. This should be one less than the size of + /* maxlen = 512. This should be one less than the size of Novell.CASA.DataEngines.GK.NativeItemInfo.secret */ - maxlen = sizeof (itemInfo->secret); + maxlen = 512; item = gnome_keyring_item_info_get_secret(info); itemlen = strlen (item); if (itemlen > maxlen) {