geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Security Audit 5.13: Ensure that string lengths are within limits

Browse Source 
and null terminated before copying them to buffers.
This commit is contained in:
Jim Norman
2006-04-26 15:10:02 +00:00
parent f97574c995
commit 619936a51a
3 changed files with 57 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CASA.changes
View File

@@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Apr 26 09:10:20 MST 2006 - jnorman@novell.com
- Security Audit 5.13: Ensure that string lengths are within limits
and null terminated before copying them to buffers.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Apr 26 12:53:10 IST 2006 - smanojna@novell.com Wed Apr 26 12:53:10 IST 2006 - smanojna@novell.com
- Bug 165283: CASA docs and About screen states that CASA runs on - Bug 165283: CASA docs and About screen states that CASA runs on

5
c_adlib/ad_gk/GnomeKeyring.cs
View File

@@ -50,8 +50,9 @@ namespace Novell.CASA.DataEngines.GK
public int cTime; public int cTime;
public NativeItemInfo() public NativeItemInfo()
{ {
displayName = Marshal.AllocHGlobal(128); /* The GUI allows 256 as the max number of chars for these items */
secret = Marshal.AllocHGlobal(128); displayName = Marshal.AllocHGlobal(256);
secret = Marshal.AllocHGlobal(256);
} }
~NativeItemInfo() ~NativeItemInfo()
{ {

58
c_adlib/ad_gk/native/ad_gk.c
View File

@@ -740,15 +740,38 @@ void ItemGetInfoCb( GnomeKeyringResult result,
{ {
GetItemInfoCbData *cbData = data; GetItemInfoCbData *cbData = data;
ItemInfo *itemInfo = cbData->info; ItemInfo *itemInfo = cbData->info;
char *item;
size_t itemlen = 0, maxlen = 0;
if (result != GNOME_KEYRING_RESULT_OK) if (result != GNOME_KEYRING_RESULT_OK)
{ {
//g_print ("Unable to get Item info: %d\n", result); //g_print ("Unable to get Item info: %d\n", result);
} }
else else
{ {
itemInfo->itemType = gnome_keyring_item_info_get_type(info); /* maxlen = 255. This should be one less than the size of
strcpy(itemInfo->displayName,gnome_keyring_item_info_get_display_name(info)); Novell.CASA.DataEngines.GK.NativeItemInfo.displayName */
strcpy(itemInfo->secret,gnome_keyring_item_info_get_secret(info)); maxlen = sizeof (itemInfo->displayName);
item = gnome_keyring_item_info_get_display_name(info);
itemlen = strlen (item);
if (itemlen > maxlen) {
itemInfo->displayName = NULL;
} else {
strncpy(itemInfo->displayName, item, maxlen);
itemInfo->displayName[maxlen] = '\0';
}
/* maxlen = 255. This should be one less than the size of
Novell.CASA.DataEngines.GK.NativeItemInfo.secret */
maxlen = sizeof (itemInfo->secret);
item = gnome_keyring_item_info_get_secret(info);
itemlen = strlen (item);
if (itemlen > maxlen) {
itemInfo->secret = NULL;
} else {
strncpy(itemInfo->secret, item, maxlen);
itemInfo->secret[maxlen] = '\0';
}
itemInfo->mTime = gnome_keyring_item_info_get_mtime(info); itemInfo->mTime = gnome_keyring_item_info_get_mtime(info);
itemInfo->cTime = gnome_keyring_item_info_get_ctime(info); itemInfo->cTime = gnome_keyring_item_info_get_ctime(info);
@@ -765,6 +788,7 @@ void ItemGetAttributesCb(GnomeKeyringResult result,
GetAttributeListCbData *cbData = data; GetAttributeListCbData *cbData = data;
Attribute *attr = NULL; Attribute *attr = NULL;
size_t attrlen = 0;
GList **retList; GList **retList;
retList = cbData->attrList; retList = cbData->attrList;
@@ -788,11 +812,21 @@ void ItemGetAttributesCb(GnomeKeyringResult result,
memset(attr,0,sizeof(Attribute)); memset(attr,0,sizeof(Attribute));
attr->type = 0; attr->type = 0;
attr->key = (char*)malloc(KEY_SIZE); attr->key = (char*)malloc(KEY_SIZE);
if(attr->key != NULL) if(attr->key != NULL) {
strcpy(attr->key,attrList[i].name); attrlen = strlen (attrList[i].name);
if (attrlen > (KEY_SIZE - 1))
attrlen = KEY_SIZE - 1;
strncpy(attr->key, attrList[i].name, attrlen);
attr->key[attrlen] = '\0';
}
attr->value = (char*)malloc(VAL_SIZE); attr->value = (char*)malloc(VAL_SIZE);
if(attr->value != NULL) if(attr->value != NULL) {
strcpy(attr->value,attrList[i].value.string); attrlen = strlen (attrList[i].value.string);
if (attrlen > (VAL_SIZE - 1))
attrlen = VAL_SIZE - 1;
strncpy(attr->value, attrList[i].value.string, attrlen);
attr->value[attrlen] = '\0';
}
} }
} }
else if(attrList[i].type == GNOME_KEYRING_ATTRIBUTE_TYPE_UINT32) else if(attrList[i].type == GNOME_KEYRING_ATTRIBUTE_TYPE_UINT32)
@@ -803,8 +837,14 @@ void ItemGetAttributesCb(GnomeKeyringResult result,
memset(attr,0,sizeof(Attribute)); memset(attr,0,sizeof(Attribute));
attr->type = 0; attr->type = 0;
attr->key = (char*)malloc(KEY_SIZE); attr->key = (char*)malloc(KEY_SIZE);
if(attr->key != NULL) if(attr->key != NULL) {
strcpy(attr->key,attrList[i].name); attrlen = strlen (attrList[i].name);
/* We simply truncate the name if it is greater than KEY_SIZE */
if (attrlen > (KEY_SIZE - 1))
attrlen = KEY_SIZE - 1;
strncpy(attr->key, attrList[i].name, attrlen);
attr->key [attrlen] = '\0';
}
attr->value = (char*)malloc(VAL_SIZE); attr->value = (char*)malloc(VAL_SIZE);
if(attr->value != NULL) if(attr->value != NULL)
sprintf(attr->value,"%d",attrList[i].value.integer); sprintf(attr->value,"%d",attrList[i].value.integer);