Security Audit 5.5: Check length of message to be within range.
This commit is contained in:
parent
d8ad2aab45
commit
8230adb2d6
@ -1,3 +1,7 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com
|
||||||
|
- Security Audit 5.5: Check length of message to be within range.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com
|
Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com
|
||||||
- Security Audit 5.13: Ensure that string lengths are within limits
|
- Security Audit 5.13: Ensure that string lengths are within limits
|
||||||
|
@ -145,7 +145,7 @@ namespace sscs.init
|
|||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (Exception e)
|
||||||
{
|
{
|
||||||
Console.WriteLine(e.ToString());
|
System.Diagnostics.Debug.WriteLine(e.ToString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -177,7 +177,7 @@ namespace sscs.init
|
|||||||
}
|
}
|
||||||
catch (Exception e)
|
catch (Exception e)
|
||||||
{
|
{
|
||||||
Console.WriteLine(e.ToString());
|
System.Diagnostics.Debug.WriteLine(e.ToString());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -79,16 +79,15 @@ namespace sscs.verbs
|
|||||||
msgId = BitConverter.ToUInt16(inBuf,0);
|
msgId = BitConverter.ToUInt16(inBuf,0);
|
||||||
inMsgLen = BitConverter.ToUInt32(inBuf,2);
|
inMsgLen = BitConverter.ToUInt32(inBuf,2);
|
||||||
|
|
||||||
//Console.WriteLine("Serialization verb: msgId is " + msgId + " inMsgLen = " + inMsgLen + "inBuf.Length is " + inBuf.Length);
|
// check inMsgLen
|
||||||
|
if ((inMsgLen < 6) || (inMsgLen > 65535))
|
||||||
// if( inMsgLen != inBuf.Length )
|
{
|
||||||
// Console.WriteLine("inMsgLen != inBuf.Length");
|
throw new FormatException(" MsgLen invalid.");
|
||||||
// throw new FormatException(" MsgLen sent does not match the length of the message received.");
|
}
|
||||||
|
|
||||||
// deserialize the data
|
// deserialize the data
|
||||||
BinaryFormatter formatter = new BinaryFormatter();
|
BinaryFormatter formatter = new BinaryFormatter();
|
||||||
MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen - 6);
|
MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen - 6);
|
||||||
// MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen);
|
|
||||||
|
|
||||||
WrappedObject request;
|
WrappedObject request;
|
||||||
WrappedObject reply;
|
WrappedObject reply;
|
||||||
@ -121,7 +120,6 @@ namespace sscs.verbs
|
|||||||
internal WrappedObject ProcessMessage(WrappedObject wo, UserIdentifier userId)
|
internal WrappedObject ProcessMessage(WrappedObject wo, UserIdentifier userId)
|
||||||
{
|
{
|
||||||
|
|
||||||
//Console.WriteLine("ObjectSerialization Called");
|
|
||||||
SecretStore ssStore = SessionManager.CreateUserSession(userId);
|
SecretStore ssStore = SessionManager.CreateUserSession(userId);
|
||||||
|
|
||||||
try
|
try
|
||||||
|
Loading…
Reference in New Issue
Block a user