geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Security Audit Report : Patch for Bug No. 5.7.

Browse Source 
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
  to be greater than 8 characters and less than or equal to
  256 characters.
This commit is contained in:
lsreevatsa 2006-03-29 13:56:56 +00:00
parent cd5d118158
commit a06c806d2e
2 changed files with 44 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CASA.changes
View File

@ -1,8 +1,18 @@
-------------------------------------------------------------------
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.7.
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
to be greater than 8 characters and less than or equal to
256 characters.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.4.1 - Security Audit Report : Patch for Bug No. 5.4.1
File : c_micasad/lss/CASACrypto.cs File : c_micasad/lss/CASACrypto.cs
- Added a check to verify Decrypt string is greater than 32.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com

59
c_micasad/verbs/SetMasterPassword.cs
View File

@ -49,7 +49,9 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
private int retCode = 0; private int retCode = 0;
private int MASTER_PASS_MIN_LEN = 8;
private int MASTER_PASS_MAX_LEN = 256;
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
*/ */
@ -78,30 +80,37 @@ namespace sscs.verbs
throw new FormatException(" MsgLen sent does not match the length of the message received."); throw new FormatException(" MsgLen sent does not match the length of the message received.");
passwdType = BitConverter.ToUInt32(inBuf,6); passwdType = BitConverter.ToUInt32(inBuf,6);
passwdLen = BitConverter.ToUInt32(inBuf,10); passwdLen = BitConverter.ToUInt32(inBuf,10);
byte[] tempArr = new byte[passwdLen]; if(passwdLen < MASTER_PASS_MIN_LEN || passwdLen > MASTER_PASS_MAX_LEN)
Array.Copy(inBuf,14,tempArr,0,passwdLen); {
passwd = Encoding.UTF8.GetString(tempArr); retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
// Message Format decipher - End }
else
try {
{ byte[] tempArr = new byte[passwdLen];
SecretStore ssStore = null; Array.Copy(inBuf,14,tempArr,0,passwdLen);
ssStore = SessionManager.GetUserSecretStore(userId); passwd = Encoding.UTF8.GetString(tempArr);
if(ssStore.SetMasterPassword(passwd)) // Message Format decipher - End
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
else try
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED; {
} SecretStore ssStore = null;
catch(UserNotInSessionException) ssStore = SessionManager.GetUserSecretStore(userId);
{ if(ssStore.SetMasterPassword(passwd))
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" ); retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR; else
} retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
catch(Exception e) }
{ catch(UserNotInSessionException)
CSSSLogger.ExpLog(e.ToString()); {
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR; CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" );
} retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
catch(Exception e)
{
CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
}
try try
{ {