geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Security Audit Report : Patch for Bug No. 5.7.

Browse Source 
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
  to be greater than 8 characters and less than or equal to
  256 characters.
This commit is contained in:
lsreevatsa 2006-03-29 13:56:56 +00:00
parent cd5d118158
commit a06c806d2e
2 changed files with 44 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CASA.changes
View File

@ -1,8 +1,18 @@
-------------------------------------------------------------------
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.7.
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
to be greater than 8 characters and less than or equal to
256 characters.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.4.1 - Security Audit Report : Patch for Bug No. 5.4.1
File : c_micasad/lss/CASACrypto.cs File : c_micasad/lss/CASACrypto.cs
- Added a check to verify Decrypt string is greater than 32.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com

9
c_micasad/verbs/SetMasterPassword.cs
View File

@ -49,6 +49,8 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
private int retCode = 0; private int retCode = 0;
private int MASTER_PASS_MIN_LEN = 8;
private int MASTER_PASS_MAX_LEN = 256;
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
@ -78,6 +80,12 @@ namespace sscs.verbs
throw new FormatException(" MsgLen sent does not match the length of the message received."); throw new FormatException(" MsgLen sent does not match the length of the message received.");
passwdType = BitConverter.ToUInt32(inBuf,6); passwdType = BitConverter.ToUInt32(inBuf,6);
passwdLen = BitConverter.ToUInt32(inBuf,10); passwdLen = BitConverter.ToUInt32(inBuf,10);
if(passwdLen < MASTER_PASS_MIN_LEN || passwdLen > MASTER_PASS_MAX_LEN)
{
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
}
else
{
byte[] tempArr = new byte[passwdLen]; byte[] tempArr = new byte[passwdLen];
Array.Copy(inBuf,14,tempArr,0,passwdLen); Array.Copy(inBuf,14,tempArr,0,passwdLen);
passwd = Encoding.UTF8.GetString(tempArr); passwd = Encoding.UTF8.GetString(tempArr);
@ -102,6 +110,7 @@ namespace sscs.verbs
CSSSLogger.ExpLog(e.ToString()); CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR; retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
} }
}
try try
{ {