geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-------------------------------------------------------------------

Browse Source 
Tue May  2 12:37:22 IST 2006 - smanojna@novell.com
- Description:
  CASAManager GUI shall now support a maximum of 512 characters in
  length. User will not be able to create secrets and key-value pairs
  of lenght more than 512 characters from within CASAManager GUI.
  This check is essential to protect CASA from possible buffer
  overflow attacks.

  Modified files:
  casa.glade

-------------------------------------------------------------------
This commit is contained in:
smanojna 2006-05-02 07:09:57 +00:00
parent 243d49616a
commit 0df6145a35
3 changed files with 11235 additions and 10561 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
CASA.changes
View File

@ -1,69 +1,81 @@
-------------------------------------------------------------------
Tue May 2 12:37:22 IST 2006 - smanojna@novell.com
- Description:
CASAManager GUI shall now support a maximum of 512 characters in
length. User will not be able to create secrets and key-value pairs
of lenght more than 512 characters from within CASAManager GUI.
This check is essential to protect CASA from possible buffer
overflow attacks.
Modified files:
casa.glade
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 26 16:17:00 MST 2006 - jnorman@novell.com Wed Apr 26 16:17:00 MST 2006 - jnorman@novell.com
- Bug 165283. Remove reference to Mac OS from help file. - Bug 165283. Remove reference to Mac OS from help file.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 26 15:50:00 MST 2006 - jnorman@novell.com Wed Apr 26 15:50:00 MST 2006 - jnorman@novell.com
- Security Audit Recap: - Security Audit Recap:
- Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c - Item 4.1, File: c_micasad/lss/Rfc2898DeriveBytes.c
1. This item is awaiting licensing on a portable random number 1. This item is awaiting licensing on a portable random number
generator received through a contribution to the the project. generator received through a contribution to the the project.
- Item 4.2 File: c_micasad/cache/KeyValue.c - Item 4.2 File: c_micasad/cache/KeyValue.c
1. Fix is in line 202 of the file. We improved XOR algorithm by 1. Fix is in line 202 of the file. We improved XOR algorithm by
increasing the size of the key to equate the value. increasing the size of the key to equate the value.
- Item 4.3 File: c_micasad/lss/LocalStorage.cs - Item 4.3 File: c_micasad/lss/LocalStorage.cs
1. Now files are checked for ownership before being removed. 1. Now files are checked for ownership before being removed.
New methods added and there are changes through out the file to support this. New methods added and there are changes through out the file to support this.
- Item 4.4 File: c_micasad/lss/CASACrypto.cs - Item 4.4 File: c_micasad/lss/CASACrypto.cs
1. IV fix will be checked in as soon as the item No. 1 above is approved. 1. IV fix will be checked in as soon as the item No. 1 above is approved.
2. For this item now we testing the file to make sure it is not a 2. For this item now we testing the file to make sure it is not a
symbolic link. (line 454, 455 in the file.) symbolic link. (line 454, 455 in the file.)
3. This was a low priority item and we are investigating this. 3. This was a low priority item and we are investigating this.
4. This function was not used hence removed. 4. This function was not used hence removed.
5. The default behavior of the file creation was modified to set the 5. The default behavior of the file creation was modified to set the
rights at creation time. rights at creation time.
- Item 5.1 File: c_micasad/communication/UnixCommunication - Item 5.1 File: c_micasad/communication/UnixCommunication
1. This was fixed by checking to see if the root was not the owner 1. This was fixed by checking to see if the root was not the owner
of the socket to remove the file. of the socket to remove the file.
- Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs - Item 5.2 File: c_micasad/lib/communication/UnixIPCClientChannel.cs
1. This was fixed by validating the owner of the socket before use. 1. This was fixed by validating the owner of the socket before use.
- Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs - Item 5.3 File: c_micasad/lib/communication/UnixIPCClientChannel.cs
1. This was fixed by validating the buffer size before allocation of memory. 1. This was fixed by validating the buffer size before allocation of memory.
- Item 5.4 File: c_micasad/lss/CASACrypto.cs - Item 5.4 File: c_micasad/lss/CASACrypto.cs
1. This was fixed by checking for minimum length. 1. This was fixed by checking for minimum length.
2. We can't check for upper limit for memory for maximum file size because 2. We can't check for upper limit for memory for maximum file size because
we don't know how big the file can get. System will swap the pages out we don't know how big the file can get. System will swap the pages out
of the cache if it gets big and those pages are fragments of the encrypted of the cache if it gets big and those pages are fragments of the encrypted
cache. The original decrypted cache will be subject to garbage collection cache. The original decrypted cache will be subject to garbage collection
by Mono or .Net. We have added the forced garbage collection after by Mono or .Net. We have added the forced garbage collection after
finishing the decryption operation. finishing the decryption operation.
- Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs - Item 5.5 File: c_micasad/verbs/ObjectSerializtion.cs
1. The memory size checks have been added to the code for validation. 1. The memory size checks have been added to the code for validation.
- Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs - Item 5.6 File: c_micasad/verbs/OpenSecretStore.cs
1. The buffer size validation is added. 1. The buffer size validation is added.
2. MsgId 0x1001 is not correct. 2. MsgId 0x1001 is not correct.
- Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs - Item 5.7 File: c_micasad/verbs/SetMasterPasscode.cs
1. The buffer size validation is added. 1. The buffer size validation is added.
- Item 5.8 File: c_micasad/common/SessionManager.cs - Item 5.8 File: c_micasad/common/SessionManager.cs
1. We are running as root so $PATH is root's $PATH. 1. We are running as root so $PATH is root's $PATH.
2. We can go through he while loop twice that is the reason we used the loop. 2. We can go through he while loop twice that is the reason we used the loop.
- Item 5.9 File: c_micasad/sscs_ndk.c - Item 5.9 File: c_micasad/sscs_ndk.c
1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced 1. All of the instances of strcpy, strcmp, strcat, strlen, were replaced
with strncpy, strncmp, strncat and strlen was eliminated. with strncpy, strncmp, strncat and strlen was eliminated.
2. TheUtf8 macros were modified to force a null at the end of the string 2. TheUtf8 macros were modified to force a null at the end of the string
buffer where the length was declared. buffer where the length was declared.
3. All of the buffer lengths for upper bounds are being validated before use. 3. All of the buffer lengths for upper bounds are being validated before use.
4. sscsshs_ChkEscapeString was fixed. 4. sscsshs_ChkEscapeString was fixed.
- Item 5.10 File: auth_token/kbr5_token/linux/get.c - Item 5.10 File: auth_token/kbr5_token/linux/get.c
1. This file is not build as a part of CASA 1.6 yet and is supposed to be 1. This file is not build as a part of CASA 1.6 yet and is supposed to be
completed and shipped in CASA 1.7. The fix will be applied later. completed and shipped in CASA 1.7. The fix will be applied later.
- Item 5.11 File: c_micasacache/sscs_ipc - Item 5.11 File: c_micasacache/sscs_ipc
1. Handling of the end files has been added to the code. 1. Handling of the end files has been added to the code.
- Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c - Item 5.12 File: c_micasacache/sscs_unx_ipc_client.c
1. Tokenize function has been fixed. 1. Tokenize function has been fixed.
2. Validation of the buflen is added where applicable. 2. Validation of the buflen is added where applicable.
- Item 5.13 File: c_adlib/ad_gk/native.c - Item 5.13 File: c_adlib/ad_gk/native.c
1. The validation of the buffer length has been added to the code. 1. The validation of the buffer length has been added to the code.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 26 15:39:00 MST 2006 - jnorman@novell.com Wed Apr 26 15:39:00 MST 2006 - jnorman@novell.com

21646
c_gui/images/casa.glade
View File

File diff suppressed because it is too large Load Diff

18
c_gui/images/casa.gladep
View File

@ -1,9 +1,9 @@
<?xml version="1.0" standalone="no"?> <!--*- mode: xml -*--> <?xml version="1.0" standalone="no"?> <!--*- mode: xml -*-->
<!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd"> <!DOCTYPE glade-project SYSTEM "http://glade.gnome.org/glade-project-2.0.dtd">
<glade-project> <glade-project>
<name>Casa</name> <name>Casa</name>
<program_name>casa</program_name> <program_name>casa</program_name>
<pixmaps_directory></pixmaps_directory> <pixmaps_directory></pixmaps_directory>
<gnome_support>FALSE</gnome_support> <gnome_support>FALSE</gnome_support>
</glade-project> </glade-project>