- Security Audit Report : Patch for Bug No. 5.7.

File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
  to be greater than 8 characters and less than or equal to
  256 characters.
This commit is contained in:
lsreevatsa 2006-03-29 13:56:56 +00:00
parent cd5d118158
commit a06c806d2e
2 changed files with 44 additions and 25 deletions

View File

@ -1,8 +1,18 @@
-------------------------------------------------------------------
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.7.
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
to be greater than 8 characters and less than or equal to
256 characters.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.4.1 - Security Audit Report : Patch for Bug No. 5.4.1
File : c_micasad/lss/CASACrypto.cs File : c_micasad/lss/CASACrypto.cs
- Added a check to verify Decrypt string is greater than 32.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com

View File

@ -49,6 +49,8 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
private int retCode = 0; private int retCode = 0;
private int MASTER_PASS_MIN_LEN = 8;
private int MASTER_PASS_MAX_LEN = 256;
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
@ -78,30 +80,37 @@ namespace sscs.verbs
throw new FormatException(" MsgLen sent does not match the length of the message received."); throw new FormatException(" MsgLen sent does not match the length of the message received.");
passwdType = BitConverter.ToUInt32(inBuf,6); passwdType = BitConverter.ToUInt32(inBuf,6);
passwdLen = BitConverter.ToUInt32(inBuf,10); passwdLen = BitConverter.ToUInt32(inBuf,10);
byte[] tempArr = new byte[passwdLen]; if(passwdLen < MASTER_PASS_MIN_LEN || passwdLen > MASTER_PASS_MAX_LEN)
Array.Copy(inBuf,14,tempArr,0,passwdLen); {
passwd = Encoding.UTF8.GetString(tempArr); retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
// Message Format decipher - End }
else
{
byte[] tempArr = new byte[passwdLen];
Array.Copy(inBuf,14,tempArr,0,passwdLen);
passwd = Encoding.UTF8.GetString(tempArr);
// Message Format decipher - End
try try
{ {
SecretStore ssStore = null; SecretStore ssStore = null;
ssStore = SessionManager.GetUserSecretStore(userId); ssStore = SessionManager.GetUserSecretStore(userId);
if(ssStore.SetMasterPassword(passwd)) if(ssStore.SetMasterPassword(passwd))
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS; retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
else else
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED; retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
} }
catch(UserNotInSessionException) catch(UserNotInSessionException)
{ {
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" ); CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" );
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR; retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
} }
catch(Exception e) catch(Exception e)
{ {
CSSSLogger.ExpLog(e.ToString()); CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR; retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
} }
}
try try
{ {