Security Audit 5.5: Check length of message to be within range.

This commit is contained in:
Jim Norman 2006-04-26 16:29:13 +00:00
parent d8ad2aab45
commit 8230adb2d6
3 changed files with 160 additions and 158 deletions

View File

@ -1,3 +1,7 @@
-------------------------------------------------------------------
Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com
- Security Audit 5.5: Check length of message to be within range.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com
- Security Audit 5.13: Ensure that string lengths are within limits - Security Audit 5.13: Ensure that string lengths are within limits

View File

@ -145,7 +145,7 @@ namespace sscs.init
} }
catch (Exception e) catch (Exception e)
{ {
Console.WriteLine(e.ToString()); System.Diagnostics.Debug.WriteLine(e.ToString());
} }
} }
@ -177,7 +177,7 @@ namespace sscs.init
} }
catch (Exception e) catch (Exception e)
{ {
Console.WriteLine(e.ToString()); System.Diagnostics.Debug.WriteLine(e.ToString());
} }
} }

View File

@ -79,16 +79,15 @@ namespace sscs.verbs
msgId = BitConverter.ToUInt16(inBuf,0); msgId = BitConverter.ToUInt16(inBuf,0);
inMsgLen = BitConverter.ToUInt32(inBuf,2); inMsgLen = BitConverter.ToUInt32(inBuf,2);
//Console.WriteLine("Serialization verb: msgId is " + msgId + " inMsgLen = " + inMsgLen + "inBuf.Length is " + inBuf.Length); // check inMsgLen
if ((inMsgLen < 6) || (inMsgLen > 65535))
// if( inMsgLen != inBuf.Length ) {
// Console.WriteLine("inMsgLen != inBuf.Length"); throw new FormatException(" MsgLen invalid.");
// throw new FormatException(" MsgLen sent does not match the length of the message received."); }
// deserialize the data // deserialize the data
BinaryFormatter formatter = new BinaryFormatter(); BinaryFormatter formatter = new BinaryFormatter();
MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen - 6); MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen - 6);
// MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen);
WrappedObject request; WrappedObject request;
WrappedObject reply; WrappedObject reply;
@ -121,7 +120,6 @@ namespace sscs.verbs
internal WrappedObject ProcessMessage(WrappedObject wo, UserIdentifier userId) internal WrappedObject ProcessMessage(WrappedObject wo, UserIdentifier userId)
{ {
//Console.WriteLine("ObjectSerialization Called");
SecretStore ssStore = SessionManager.CreateUserSession(userId); SecretStore ssStore = SessionManager.CreateUserSession(userId);
try try