geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Security Audit Report : Patch for Bug No. 5.7.

Browse Source 
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
  to be greater than 8 characters and less than or equal to
  256 characters.
This commit is contained in:
lsreevatsa
2006-03-29 13:56:56 +00:00
parent cd5d118158
commit a06c806d2e
2 changed files with 44 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
CASA.changes
View File

@@ -1,8 +1,18 @@
-------------------------------------------------------------------
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.7.
File : c_micasad/verbs/SetMasterPassword.cs.
- Added a check to verify the length of the Master Password
to be greater than 8 characters and less than or equal to
256 characters.
-------------------------------------------------------------------
Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
- Security Audit Report : Patch for Bug No. 5.4.1
File : c_micasad/lss/CASACrypto.cs
- Added a check to verify Decrypt string is greater than 32.
-------------------------------------------------------------------
Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com

9
c_micasad/verbs/SetMasterPassword.cs
View File

@@ -49,6 +49,8 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
private int retCode = 0;
private int MASTER_PASS_MIN_LEN = 8;
private int MASTER_PASS_MAX_LEN = 256;
/*
* This method sets the class member with the byte array received.
@@ -78,6 +80,12 @@ namespace sscs.verbs
throw new FormatException(" MsgLen sent does not match the length of the message received.");
passwdType = BitConverter.ToUInt32(inBuf,6);
passwdLen = BitConverter.ToUInt32(inBuf,10);
if(passwdLen < MASTER_PASS_MIN_LEN || passwdLen > MASTER_PASS_MAX_LEN)
{
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
}
else
{
byte[] tempArr = new byte[passwdLen];
Array.Copy(inBuf,14,tempArr,0,passwdLen);
passwd = Encoding.UTF8.GetString(tempArr);
@@ -102,6 +110,7 @@ namespace sscs.verbs
CSSSLogger.ExpLog(e.ToString());
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
}
}
try
{