Bug Debug 242407. Check size of passcode before allocating memory.

Fix RemoveSecret offsets + Debug statements.
This commit is contained in:
Jim Norman 2007-02-05 23:47:39 +00:00
parent 2267f07397
commit d262d18b6f
4 changed files with 47 additions and 28 deletions

View File

@ -61,12 +61,16 @@ namespace sscs.verbs
// get destroy flag // get destroy flag
int iDestroySrcCache = BitConverter.ToInt32(inBuf, 38); int iDestroySrcCache = BitConverter.ToInt32(inBuf, 38);
CSSSLogger.DbgLog(" SRC LUID found: " + luidHigh.ToString() + ":"+ luidLow.ToString());
CSSSLogger.DbgLog("Target LUID found: " + targetLuidHigh.ToString() +":" + targetLuidLow.ToString());
#if W32 #if W32
// only allow the merge if the calling process is "System" // only allow the merge if the calling process is "System"
WinUserIdentifier callingUser = (WinUserIdentifier)userId; WinUserIdentifier callingUser = (WinUserIdentifier)userId;
if ((callingUser.GetUIDLow() == 999) && (callingUser.GetUIDHigh() == 0)) if ((callingUser.GetUIDLow() == 999) && (callingUser.GetUIDHigh() == 0))
{ {
CSSSLogger.DbgLog("Caller is system process");
// get the store for the src // get the store for the src
try try
@ -97,6 +101,7 @@ namespace sscs.verbs
} }
else else
{ {
CSSSLogger.DbgLog("Caller is NOT system process, Merge not allowed!");
retCode = IPCRetCodes.SSCS_E_INVALID_INPUT; retCode = IPCRetCodes.SSCS_E_INVALID_INPUT;
} }
#else #else

View File

@ -167,7 +167,7 @@ namespace sscs.verbs
{ {
secret = keyChain.GetSecret(secretId); secret = keyChain.GetSecret(secretId);
KeyValue kv = secret.GetKeyValue(key); KeyValue kv = secret.GetKeyValue(key);
if (kv != null) if ((kv != null) && (kv.GetValue().Length > 0))
{ {
string valStr = secret.GetKeyValue(key).GetValue(); string valStr = secret.GetKeyValue(key).GetValue();
val = Encoding.UTF8.GetBytes(valStr); val = Encoding.UTF8.GetBytes(valStr);

View File

@ -104,10 +104,13 @@ namespace sscs.verbs
Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen); Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen);
secretId = Encoding.UTF8.GetString(secretIdArr); secretId = Encoding.UTF8.GetString(secretIdArr);
CSSSLogger.DbgLog("Deleting secret id: " + secretId);
try try
{ {
CSSSLogger.DbgLog("Looking for extention");
// get extension ID // get extension ID
int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen); int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen);
extId = BitConverter.ToUInt32(inBuf, extLocation); extId = BitConverter.ToUInt32(inBuf, extLocation);
} }
catch (Exception) catch (Exception)
@ -122,8 +125,11 @@ namespace sscs.verbs
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential. // This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
// we might be able to change this if/when we abstract the session. // we might be able to change this if/when we abstract the session.
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh] // [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8); luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12); luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
CSSSLogger.DbgLog("Extension found: " + luidHigh.ToString() + ":" + luidLow.ToString());
tempUserId = new WinUserIdentifier(luidLow, luidHigh); tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId); SecretStore ss = SessionManager.CreateUserSession(tempUserId);
try try

View File

@ -78,31 +78,39 @@ namespace sscs.verbs
throw new FormatException(" MsgLen sent does not match the length of the message received."); throw new FormatException(" MsgLen sent does not match the length of the message received.");
passcodeType = BitConverter.ToUInt32(inBuf,6); passcodeType = BitConverter.ToUInt32(inBuf,6);
passcodeLen = BitConverter.ToUInt32(inBuf,10); passcodeLen = BitConverter.ToUInt32(inBuf,10);
byte[] tempArr = new byte[passcodeLen];
Array.Copy(inBuf,14,tempArr,0,passcodeLen);
passcode = Encoding.UTF8.GetString(tempArr);
// Message Format decipher - End
try if (passcodeLen < 64)
{ {
SecretStore ssStore = null; byte[] tempArr = new byte[passcodeLen];
ssStore = SessionManager.GetUserSecretStore(userId); Array.Copy(inBuf, 14, tempArr, 0, passcodeLen);
ssStore.PauseFileWatcher(); passcode = Encoding.UTF8.GetString(tempArr);
if(ssStore.SetMasterPasscode(passcode)) // Message Format decipher - End
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
else try
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED; {
ssStore.ResumeFileWatcher(); SecretStore ssStore = null;
ssStore = SessionManager.GetUserSecretStore(userId);
ssStore.PauseFileWatcher();
if (ssStore.SetMasterPasscode(passcode))
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
else
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
ssStore.ResumeFileWatcher();
}
catch (UserNotInSessionException)
{
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore");
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
catch (Exception e)
{
CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
} }
catch(UserNotInSessionException) else
{ {
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" ); retCode = IPCRetCodes.SSCS_E_INVALID_INPUT;
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
} }
try try