geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Description:

Browse Source 
Security Audit 5:13.  Refix for using proper length on strncpy.
  Maximum Length is 512 characters.

- Modified files:
  c_adlib/GKEngine.cs
  c_adlib/ad_gk/GnomeKeyring.cs
  c_adlib/ad_gk/native/ad_gk.c
This commit is contained in:
lsreevatsa
2006-05-02 15:05:55 +00:00
parent 0df6145a35
commit 51d1477c3f
4 changed files with 21 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
CASA.changes
View File

@@ -1,3 +1,14 @@
-------------------------------------------------------------------
Tue May 2 20:30:37 IST 2006 - lsreevatsa@novell.com
- Description:
Security Audit 5:13. Refix for using proper length on strncpy.
Maximum Length is 512 characters.
- Modified files:
c_adlib/GKEngine.cs
c_adlib/ad_gk/GnomeKeyring.cs
c_adlib/ad_gk/native/ad_gk.c
------------------------------------------------------------------- -------------------------------------------------------------------
Tue May 2 12:37:22 IST 2006 - smanojna@novell.com Tue May 2 12:37:22 IST 2006 - smanojna@novell.com
- Description: - Description:
@@ -7,7 +18,7 @@ Tue May 2 12:37:22 IST 2006 - smanojna@novell.com
This check is essential to protect CASA from possible buffer This check is essential to protect CASA from possible buffer
overflow attacks. overflow attacks.
Modified files: - Modified files:
casa.glade casa.glade
------------------------------------------------------------------- -------------------------------------------------------------------

2
c_adlib/GKEngine.cs
View File

@@ -94,6 +94,8 @@ namespace Novell.CASA.DataEngines
itemId = (int)iEtor.Current; itemId = (int)iEtor.Current;
itemInfo = GnomeKeyring.GKGetItemInfo(keyring,itemId); itemInfo = GnomeKeyring.GKGetItemInfo(keyring,itemId);
attrList = GnomeKeyring.GKGetAttributeList(keyring,itemId); attrList = GnomeKeyring.GKGetAttributeList(keyring,itemId);
if(itemInfo.displayName==null)
continue;
XmlElement secretElem = doc.CreateElement(ConstStrings.CCF_SECRET); XmlElement secretElem = doc.CreateElement(ConstStrings.CCF_SECRET);
XmlAttribute secIdAttr = doc.CreateAttribute(ConstStrings.CCF_ID); XmlAttribute secIdAttr = doc.CreateAttribute(ConstStrings.CCF_ID);

6
c_adlib/ad_gk/GnomeKeyring.cs
View File

@@ -50,9 +50,9 @@ namespace Novell.CASA.DataEngines.GK
public int cTime; public int cTime;
public NativeItemInfo() public NativeItemInfo()
{ {
/* The GUI allows 256 as the max number of chars for these items */ /* The GUI allows 513 as the max number of chars for these items */
displayName = Marshal.AllocHGlobal(256); displayName = Marshal.AllocHGlobal(512 + 1);
secret = Marshal.AllocHGlobal(256); secret = Marshal.AllocHGlobal(512 + 1);
} }
~NativeItemInfo() ~NativeItemInfo()
{ {

8
c_adlib/ad_gk/native/ad_gk.c
View File

@@ -748,9 +748,9 @@ void ItemGetInfoCb( GnomeKeyringResult result,
} }
else else
{ {
/* maxlen = 255. This should be one less than the size of /* maxlen = 512. This should be one less than the size of
Novell.CASA.DataEngines.GK.NativeItemInfo.displayName */ Novell.CASA.DataEngines.GK.NativeItemInfo.displayName */
maxlen = sizeof (itemInfo->displayName); maxlen = 512;
item = gnome_keyring_item_info_get_display_name(info); item = gnome_keyring_item_info_get_display_name(info);
itemlen = strlen (item); itemlen = strlen (item);
if (itemlen > maxlen) { if (itemlen > maxlen) {
@@ -760,9 +760,9 @@ void ItemGetInfoCb( GnomeKeyringResult result,
itemInfo->displayName[itemlen] = '\0'; itemInfo->displayName[itemlen] = '\0';
} }
/* maxlen = 255. This should be one less than the size of /* maxlen = 512. This should be one less than the size of
Novell.CASA.DataEngines.GK.NativeItemInfo.secret */ Novell.CASA.DataEngines.GK.NativeItemInfo.secret */
maxlen = sizeof (itemInfo->secret); maxlen = 512;
item = gnome_keyring_item_info_get_secret(info); item = gnome_keyring_item_info_get_secret(info);
itemlen = strlen (item); itemlen = strlen (item);
if (itemlen > maxlen) { if (itemlen > maxlen) {