- Security Audit Report : Patch for Bug No. 5.7.
File : c_micasad/verbs/SetMasterPassword.cs. - Added a check to verify the length of the Master Password to be greater than 8 characters and less than or equal to 256 characters.
This commit is contained in:
lsreevatsa
parent
cd5d118158
commit
a06c806d2e
10
CASA.changes
10
CASA.changes
@ -1,8 +1,18 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 29 19:20:12 IST 2006 - lsreevatsa@novell.com
|
||||
|
||||
- Security Audit Report : Patch for Bug No. 5.7.
|
||||
File : c_micasad/verbs/SetMasterPassword.cs.
|
||||
- Added a check to verify the length of the Master Password
|
||||
to be greater than 8 characters and less than or equal to
|
||||
256 characters.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
|
||||
|
||||
- Security Audit Report : Patch for Bug No. 5.4.1
|
||||
File : c_micasad/lss/CASACrypto.cs
|
||||
- Added a check to verify Decrypt string is greater than 32.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com
|
||||
|
||||
@ -49,7 +49,9 @@ namespace sscs.verbs
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
private int retCode = 0;
|
||||
|
||||
private int MASTER_PASS_MIN_LEN = 8;
|
||||
private int MASTER_PASS_MAX_LEN = 256;
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
*/
|
||||
@ -78,30 +80,37 @@ namespace sscs.verbs
|
||||
throw new FormatException(" MsgLen sent does not match the length of the message received.");
|
||||
passwdType = BitConverter.ToUInt32(inBuf,6);
|
||||
passwdLen = BitConverter.ToUInt32(inBuf,10);
|
||||
byte[] tempArr = new byte[passwdLen];
|
||||
Array.Copy(inBuf,14,tempArr,0,passwdLen);
|
||||
passwd = Encoding.UTF8.GetString(tempArr);
|
||||
// Message Format decipher - End
|
||||
|
||||
try
|
||||
{
|
||||
SecretStore ssStore = null;
|
||||
ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
if(ssStore.SetMasterPassword(passwd))
|
||||
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
|
||||
else
|
||||
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
|
||||
}
|
||||
catch(UserNotInSessionException)
|
||||
{
|
||||
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" );
|
||||
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
CSSSLogger.ExpLog(e.ToString());
|
||||
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
|
||||
}
|
||||
if(passwdLen < MASTER_PASS_MIN_LEN || passwdLen > MASTER_PASS_MAX_LEN)
|
||||
{
|
||||
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
|
||||
}
|
||||
else
|
||||
{
|
||||
byte[] tempArr = new byte[passwdLen];
|
||||
Array.Copy(inBuf,14,tempArr,0,passwdLen);
|
||||
passwd = Encoding.UTF8.GetString(tempArr);
|
||||
// Message Format decipher - End
|
||||
|
||||
try
|
||||
{
|
||||
SecretStore ssStore = null;
|
||||
ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
if(ssStore.SetMasterPassword(passwd))
|
||||
retCode = IPCRetCodes.SSCS_REPLY_SUCCESS;
|
||||
else
|
||||
retCode = IPCRetCodes.SSCS_E_SETTING_PASSCODE_FAILED;
|
||||
}
|
||||
catch(UserNotInSessionException)
|
||||
{
|
||||
CSSSLogger.DbgLog("In " + CSSSLogger.GetExecutionPath(this) + " Unable to get user's secretstore" );
|
||||
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
CSSSLogger.ExpLog(e.ToString());
|
||||
retCode = IPCRetCodes.SSCS_E_SYSTEM_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
try
|
||||
{
|
||||
|
||||
Loading…
Reference in New Issue
Block a user