geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit Report : Patch for Bug No. 5.12.1.

Browse Source 
File : c_micasacache/sscs_unx_ipc_client.c.
- Added a check to verify whether size of the token is
  less than NSSCS_MAX_SECRET_ID_LEN(512) assuring that
  sscs_Utf8Strcpy() will not copy more bytes than memory
  availble.
This commit is contained in:
lsreevatsa
2006-03-29 14:20:09 +00:00
parent a06c806d2e
commit 2433373e6e
2 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CASA.changes
View File

@@ -1,3 +1,13 @@
-------------------------------------------------------------------
Wed Mar 29 19:40:35 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.12.1.
File : c_micasacache/sscs_unx_ipc_client.c.
- Added a check to verify whether size of the token is
less than NSSCS_MAX_SECRET_ID_LEN(512) assuring that
sscs_Utf8Strcpy() will not copy more bytes than memory
availble.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com

24
c_micasacache/sscs_unx_ipc_client.c
View File

@@ -128,11 +128,23 @@ int Tokenize( int tokenType, char* buffer, void *idList )
{ {
if( 0 == tokenType ) if( 0 == tokenType )
{ {
if(sscs_Utf8Strlen(tok) >= NSSCS_MAX_SECRET_ID_LEN)
{
//We are skipping this token.
//TBD:We need to find a wayto inform this to the clients.
continue;
}
sscs_Utf8Strcpy(((SSCS_KEYCHAIN_ID_T*)idList)[i].keychainID,tok); sscs_Utf8Strcpy(((SSCS_KEYCHAIN_ID_T*)idList)[i].keychainID,tok);
((SSCS_KEYCHAIN_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok); ((SSCS_KEYCHAIN_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok);
} }
else else
{ {
if(sscs_Utf8Strlen(tok) >= NSSCS_MAX_SECRET_ID_LEN)
{
//We are skipping this token.
//TBD:We need to find a wayto inform this to the clients.
continue;
}
sscs_Utf8Strcpy(((SSCS_SECRET_ID_T*)idList)[i].id,tok); sscs_Utf8Strcpy(((SSCS_SECRET_ID_T*)idList)[i].id,tok);
((SSCS_SECRET_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok); ((SSCS_SECRET_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok);
} }
@@ -150,11 +162,23 @@ int Tokenize( int tokenType, char* buffer, void *idList )
/* While there are tokens in "string" */ /* While there are tokens in "string" */
if( 0 == tokenType ) if( 0 == tokenType )
{ {
if(sscs_Utf8Strlen(tok) >= NSSCS_MAX_SECRET_ID_LEN)
{
//We are skipping this token.
//TBD:We need to find a wayto inform this to the clients.
continue;
}
sscs_Utf8Strcpy(((SSCS_KEYCHAIN_ID_T*)idList)[i].keychainID,tok); sscs_Utf8Strcpy(((SSCS_KEYCHAIN_ID_T*)idList)[i].keychainID,tok);
((SSCS_KEYCHAIN_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok); ((SSCS_KEYCHAIN_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok);
} }
else else
{ {
if(sscs_Utf8Strlen(tok) >= NSSCS_MAX_SECRET_ID_LEN)
{
//We are skipping this token.
//TBD:We need to find a wayto inform this to the clients.
continue;
}
sscs_Utf8Strcpy(((SSCS_SECRET_ID_T*)idList)[i].id,tok); sscs_Utf8Strcpy(((SSCS_SECRET_ID_T*)idList)[i].id,tok);
((SSCS_SECRET_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok); ((SSCS_SECRET_ID_T*)idList)[i].len = sscs_Utf8StrSize(tok);
} }