geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit 5.5: Check length of message to be within range.

Browse Source
This commit is contained in:
Jim Norman 2006-04-26 16:29:13 +00:00
parent d8ad2aab45
commit 8230adb2d6
3 changed files with 160 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CASA.changes
View File

@ -1,3 +1,7 @@
-------------------------------------------------------------------
Wed Apr 26 10:26:20 MST 2006 - jnorman@novell.com
- Security Audit 5.5: Check length of message to be within range.
-------------------------------------------------------------------
Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com
- Security Audit 5.13: Ensure that string lengths are within limits

4
c_micasad/init/WinSecretStoreClientService.cs
View File

@ -145,7 +145,7 @@ namespace sscs.init
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}
@ -177,7 +177,7 @@ namespace sscs.init
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
System.Diagnostics.Debug.WriteLine(e.ToString());
}
}

12
c_micasad/verbs/ObjectSerialization.cs
View File

@ -79,16 +79,15 @@ namespace sscs.verbs
msgId = BitConverter.ToUInt16(inBuf,0);
inMsgLen = BitConverter.ToUInt32(inBuf,2);
//Console.WriteLine("Serialization verb: msgId is " + msgId + " inMsgLen = " + inMsgLen + "inBuf.Length is " + inBuf.Length);
// if( inMsgLen != inBuf.Length )
// Console.WriteLine("inMsgLen != inBuf.Length");
// throw new FormatException(" MsgLen sent does not match the length of the message received.");
// check inMsgLen
if ((inMsgLen < 6) || (inMsgLen > 65535))
{
throw new FormatException(" MsgLen invalid.");
}
// deserialize the data
BinaryFormatter formatter = new BinaryFormatter();
MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen - 6);
// MemoryStream ms = new MemoryStream(inBuf, 6, (int)inMsgLen);
WrappedObject request;
WrappedObject reply;
@ -121,7 +120,6 @@ namespace sscs.verbs
internal WrappedObject ProcessMessage(WrappedObject wo, UserIdentifier userId)
{
//Console.WriteLine("ObjectSerialization Called");
SecretStore ssStore = SessionManager.CreateUserSession(userId);
try