Patches sent by India based on Security review.

This commit is contained in:
Jim Norman 2006-04-06 20:09:26 +00:00
parent 861619e231
commit b2b5903126
7 changed files with 816 additions and 686 deletions

View File

@ -181,7 +181,12 @@ int ipc_unx_read(int fd, Byte *pData, int bytes)
for(bytesToRead = bytes; bytesToRead;) for(bytesToRead = bytes; bytesToRead;)
{ {
bytesRead = read(fd, pData, bytesToRead); if ((bytesRead = read(fd, pData, bytesToRead)) == 0)
{
break;
}
else
{
if(bytesRead < 0) if(bytesRead < 0)
{ {
return -1; return -1;
@ -189,6 +194,7 @@ int ipc_unx_read(int fd, Byte *pData, int bytes)
bytesToRead -= bytesRead; bytesToRead -= bytesRead;
pData += bytesRead; pData += bytesRead;
} }
}
return bytesRead; return bytesRead;
} }
//#endif //#endif

View File

@ -24,6 +24,7 @@
using System; using System;
using System.Net; using System.Net;
using System.Net.Sockets; using System.Net.Sockets;
using Mono.Unix;
using Mono.Unix.Native; using Mono.Unix.Native;
using System.IO; using System.IO;
using System.Text; using System.Text;
@ -53,7 +54,9 @@ namespace sscs.communication
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
Syscall.umask(0); Syscall.umask(0);
if(File.Exists(socketFileName)) if(File.Exists(socketFileName))
{
File.Delete(socketFileName); File.Delete(socketFileName);
}
listeningSocket = new Socket( AddressFamily.Unix, listeningSocket = new Socket( AddressFamily.Unix,
SocketType.Stream, SocketType.Stream,
ProtocolType.IP ); ProtocolType.IP );
@ -76,6 +79,15 @@ namespace sscs.communication
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
try try
{ {
UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
// check if ROOT is the owner of the file: /tmp/.novellCASA
if (sockFileOwner.UserId != 0)
{
File.Delete(socketFileName);
}
listeningSocket.Bind(sockEndPoint); listeningSocket.Bind(sockEndPoint);
listeningSocket.Listen(50); listeningSocket.Listen(50);
} }

View File

@ -49,7 +49,10 @@ class SecretStoreClientService
} }
RegisterSignals(); RegisterSignals();
Mono.Unix.Native.Syscall.umask( Mono.Unix.Native.FilePermissions.S_IRGRP |
Mono.Unix.Native.FilePermissions.S_IWGRP |
Mono.Unix.Native.FilePermissions.S_IROTH |
Mono.Unix.Native.FilePermissions.S_IWOTH);
CSSSLogger.DbgLog("Client Side SecretStore Service has started."); CSSSLogger.DbgLog("Client Side SecretStore Service has started.");
server = CommunicationFactory.CreateCommunicationEndPoint(); server = CommunicationFactory.CreateCommunicationEndPoint();

View File

@ -48,10 +48,26 @@ namespace Novell.CASA.MiCasa.Communication
SocketType.Stream, SocketType.Stream,
ProtocolType.IP ); ProtocolType.IP );
if (mSocket == null) throw new Exception("could not get socket"); if (mSocket == null)
{
throw new Exception("could not get socket");
}
sockEndPoint = new UnixEndPoint(socketFileName); sockEndPoint = new UnixEndPoint(socketFileName);
UnixFileSystemInfo sockFileInfo = new UnixFileInfo(socketFileName);
UnixUserInfo sockFileOwner = sockFileInfo.OwnerUser;
// root is the owner of the file "/tmp/.novellCASA"
if (sockFileOwner.UserId == 0)
{
mSocket.Connect(sockEndPoint); mSocket.Connect(sockEndPoint);
} }
else
{
throw new Exception("not a valid miCASA service");
}
}
public int Read(byte[] buf) public int Read(byte[] buf)
{ {

View File

@ -24,6 +24,9 @@ using System;
using System.IO; using System.IO;
using System.Text; using System.Text;
using System.Security.Cryptography; using System.Security.Cryptography;
#if LINUX
using Mono.Unix;
#endif
using sscs.common; using sscs.common;
using sscs.constants; using sscs.constants;
@ -69,9 +72,7 @@ namespace sscs.crypto
//Encrypt the data to a file //Encrypt the data to a file
fsEncrypt = new FileStream(fileName, FileMode.Create); fsEncrypt = new FileStream(fileName, FileMode.Create);
#if LINUX
Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
#endif
// make hidden // make hidden
File.SetAttributes(fileName, FileAttributes.Hidden); File.SetAttributes(fileName, FileAttributes.Hidden);
@ -107,9 +108,15 @@ namespace sscs.crypto
byte[] baSavedKey = null; byte[] baSavedKey = null;
FileStream fsDecrypt = null; FileStream fsDecrypt = null;
CryptoStream csDecrypt = null; CryptoStream csDecrypt = null;
try try
{ {
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if(!File.Exists(fileName)) if(!File.Exists(fileName))
#endif
{ {
return null; return null;
} }
@ -180,9 +187,7 @@ namespace sscs.crypto
//Encrypt the data to a file //Encrypt the data to a file
fsEncrypt = new FileStream(fileName, FileMode.Create); fsEncrypt = new FileStream(fileName, FileMode.Create);
#if LINUX
Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
#endif
// make hidden // make hidden
File.SetAttributes(fileName, FileAttributes.Hidden); File.SetAttributes(fileName, FileAttributes.Hidden);
@ -224,7 +229,12 @@ namespace sscs.crypto
//Get a decryptor that uses the same key and IV as the encryptor. //Get a decryptor that uses the same key and IV as the encryptor.
RijndaelManaged myRijndael = new RijndaelManaged(); RijndaelManaged myRijndael = new RijndaelManaged();
ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, IV); ICryptoTransform decryptor = myRijndael.CreateDecryptor(key, IV);
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if(!File.Exists(fileName)) if(!File.Exists(fileName))
#endif
{ {
return null; return null;
} }
@ -241,6 +251,7 @@ namespace sscs.crypto
fsDecrypt.Close(); fsDecrypt.Close();
return null; return null;
} }
ulong fileLen = (ulong)(fsDecrypt.Length - HASH_SIZE); ulong fileLen = (ulong)(fsDecrypt.Length - HASH_SIZE);
byte[] fromEncrypt = new byte[fileLen]; byte[] fromEncrypt = new byte[fileLen];
@ -393,9 +404,7 @@ namespace sscs.crypto
//Encrypt the data to a file //Encrypt the data to a file
fsEncrypt = new FileStream(fileName,FileMode.Create); fsEncrypt = new FileStream(fileName,FileMode.Create);
#if LINUX
Mono.Unix.Native.Syscall.chmod(fileName,Mono.Unix.Native.FilePermissions.S_IRUSR | Mono.Unix.Native.FilePermissions.S_IWUSR);
#endif
// make hidden // make hidden
File.SetAttributes(fileName, FileAttributes.Hidden); File.SetAttributes(fileName, FileAttributes.Hidden);
@ -441,6 +450,16 @@ namespace sscs.crypto
ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey, ICryptoTransform decryptor = myRijndael.CreateDecryptor(baKey,
baKey); baKey);
//Now decrypt //Now decrypt
#if LINUX
UnixFileInfo fsTest = new UnixFileInfo (fileName);
if((fsTest == null) || !(fsTest.Exists) || fsTest.IsSymbolicLink)
#else
if(!File.Exists(fileName))
#endif
{
return null;
}
fsDecrypt = new FileStream(fileName, FileMode.Open); fsDecrypt = new FileStream(fileName, FileMode.Open);
csDecrypt = new CryptoStream(fsDecrypt, decryptor, csDecrypt = new CryptoStream(fsDecrypt, decryptor,
CryptoStreamMode.Read); CryptoStreamMode.Read);

View File

@ -27,6 +27,9 @@ using System.Collections;
using System.Threading; using System.Threading;
using System.Security.Cryptography; using System.Security.Cryptography;
using System.Xml; using System.Xml;
#if LINUX
using Mono.Unix.Native;
#endif
using sscs.cache; using sscs.cache;
using sscs.crypto; using sscs.crypto;
using sscs.common; using sscs.common;
@ -62,6 +65,11 @@ namespace sscs.lss
private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30; private int persistThreadSleepTime = 1000 * 60 * 5; //1000 * 30;
private Thread persistThread = null; private Thread persistThread = null;
#if LINUX
Mono.Unix.UnixFileSystemInfo sockFileInfo;
Mono.Unix.UnixUserInfo sockFileOwner;
#endif
private static string LINUXID = "Unix"; private static string LINUXID = "Unix";
internal LocalStorage(SecretStore store,byte[] baMasterPasscode) internal LocalStorage(SecretStore store,byte[] baMasterPasscode)
@ -120,23 +128,59 @@ namespace sscs.lss
} }
return true; return true;
} }
public bool IsOwnedByRoot(string fileName)
{
#if LINUX
sockFileInfo = new Mono.Unix.UnixFileInfo(fileName);
sockFileOwner = sockFileInfo.OwnerUser;
if(0==sockFileOwner.UserId)
return true;
else
return false;
#else
return true;
#endif
}
private string GetDecryptedXml() private string GetDecryptedXml()
{ {
try try
{ {
string fileName = userStore.GetPersistenceFilePath(); string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName;
int count = 0;
if(!File.Exists(fileName)) if(!File.Exists(fileName))
{
while(true)
{ {
// check for tmp file // check for tmp file
if (File.Exists(fileName+".tmp")) if (File.Exists(tempFile+".tmp"))
File.Move(fileName+".tmp", fileName); {
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Move(tempFile+".tmp", fileName);
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else else
return null; return null;
} }
// delete tmp file if there // delete tmp file if there
if (File.Exists(fileName+".tmp")) if (File.Exists(tempFile+".tmp"))
File.Delete(fileName+".tmp"); {
if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
}
}
byte[] baPasscode = null; byte[] baPasscode = null;
if (null != m_baGeneratedKey) if (null != m_baGeneratedKey)
@ -427,22 +471,40 @@ namespace sscs.lss
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath()); byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
string fileName = userStore.GetPersistenceFilePath(); string fileName = userStore.GetPersistenceFilePath();
string tempFile = fileName;
int count=0;
// rename existing file // rename existing file
if(File.Exists(fileName)) if(File.Exists(fileName))
{ {
if (File.Exists(fileName+".tmp")) while(true)
File.Delete(fileName+".tmp"); {
if (File.Exists(tempFile+".tmp"))
File.Move(fileName, fileName+".tmp"); {
if(IsOwnedByRoot(tempFile+".tmp"))
{
File.Delete(tempFile+".tmp");
break;
}
else
{
count++;
tempFile = fileName + count.ToString();
}
}
else
break;
}
File.Move(fileName, tempFile+".tmp");
} }
CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName); CASACrypto.EncryptDataAndWriteToFile(ms1.ToArray(),key,fileName);
//remove temp //remove temp
if(File.Exists(fileName+".tmp")) if(File.Exists(tempFile+".tmp"))
{ {
File.Delete(fileName+".tmp"); if(IsOwnedByRoot(tempFile+".tmp"))
File.Delete(tempFile+".tmp");
} }
} }
catch(Exception e) catch(Exception e)

View File

@ -221,42 +221,50 @@ static int32_t sscsshs_GetNextSHSEntry
* Internal function that escapes delimited characters in a string. * Internal function that escapes delimited characters in a string.
* *
*/ */
static void sscsshs_ChkEscapeString(SS_UTF8_T *entryBuf) static void sscsshs_ChkEscapeString(SS_UTF8_T **entryBuf)
{ /* beginning of the call */ { /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */ /* ########################## DECLARATIONS START HERE ######################### */
int len = 0, i, k = 0; int len = 0, i, k = 0, tmplen = 0, escaped = 0;
SS_UTF8_T *tempBuf = NULL; SS_UTF8_T *tempBuf = NULL;
/* ############################## CODE STARTS HERE ############################ */ /* ############################## CODE STARTS HERE ############################ */
if(!(tempBuf = (SS_UTF8_T *)malloc(NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN))) len = sscs_Utf8Strlen(*entryBuf) + 1;
if (len > (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN))
return;
/* We assume that all the chars in entryBuf might need escaping */
if(!(tempBuf = (SS_UTF8_T *)malloc(2 * (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN))))
{ {
return; return;
} }
memset(tempBuf, 0, NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN); memset(tempBuf, 0, 2 * (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN));
len = sscs_Utf8Strlen(entryBuf) + 1;
for(i = 0; i < len; i++) for(i = 0; i < len; i++)
{ {
SS_UTF8_T c = entryBuf[i]; SS_UTF8_T c = *((*entryBuf)+i);
switch(c) switch(c)
{ {
case (SS_UTF8_T)'\\': case (SS_UTF8_T)'\\':
tempBuf[k++] = (SS_UTF8_T)'\\'; tempBuf[k++] = (SS_UTF8_T)'\\';
tempBuf[k++] = (SS_UTF8_T)'\\'; tempBuf[k++] = (SS_UTF8_T)'\\';
escaped = 1;
break; break;
case (SS_UTF8_T)':': case (SS_UTF8_T)':':
tempBuf[k++] = (SS_UTF8_T)'\\'; tempBuf[k++] = (SS_UTF8_T)'\\';
tempBuf[k++] = (SS_UTF8_T)':'; tempBuf[k++] = (SS_UTF8_T)':';
escaped = 1;
break; break;
case (SS_UTF8_T)'=': case (SS_UTF8_T)'=':
tempBuf[k++] = (SS_UTF8_T)'\\'; tempBuf[k++] = (SS_UTF8_T)'\\';
tempBuf[k++] = (SS_UTF8_T)'='; tempBuf[k++] = (SS_UTF8_T)'=';
escaped = 1;
break; break;
default: default:
@ -264,7 +272,11 @@ static void sscsshs_ChkEscapeString(SS_UTF8_T *entryBuf)
} }
} }
sscs_Utf8Strcpy(entryBuf, tempBuf); if (escaped) {
free (*entryBuf);
*entryBuf = tempBuf;
return;
}
/* ############################### CODE EXITS HERE ############################# */ /* ############################### CODE EXITS HERE ############################# */
@ -310,7 +322,7 @@ static int32_t sscsshs_PopulateSecretBuf
retBuffer[sscs_Utf8Strlen(retBuffer)] = (SS_UTF8_T)0x0A; // add a line feed delimiter retBuffer[sscs_Utf8Strlen(retBuffer)] = (SS_UTF8_T)0x0A; // add a line feed delimiter
} }
sscsshs_ChkEscapeString(key); sscsshs_ChkEscapeString(&key);
if(sscs_Utf8Strcmp(key, SSCS_CRED_SET)) if(sscs_Utf8Strcmp(key, SSCS_CRED_SET))
{ {
@ -328,7 +340,7 @@ static int32_t sscsshs_PopulateSecretBuf
sscs_Utf8Strcat(retBuffer, APP_DELIMITER); sscs_Utf8Strcat(retBuffer, APP_DELIMITER);
} }
sscsshs_ChkEscapeString(val); sscsshs_ChkEscapeString(&val);
if((*bufLen + (sscs_Utf8StrSize(val))) < NSSCS_MAX_SECRET_BUF_LEN) if((*bufLen + (sscs_Utf8StrSize(val))) < NSSCS_MAX_SECRET_BUF_LEN)
{ {
sscs_Utf8Strcat(retBuffer, val); sscs_Utf8Strcat(retBuffer, val);
@ -385,7 +397,7 @@ static int32_t sscsshs_PopulateBinarySecretBuf
return(NSSCS_E_PARSER_FAILURE); // create error stating non-binary buffer return(NSSCS_E_PARSER_FAILURE); // create error stating non-binary buffer
} }
sscsshs_ChkEscapeString(key); sscsshs_ChkEscapeString(&key);
sscs_Utf8Strcpy((SS_UTF8_T *)retBuffer, key); sscs_Utf8Strcpy((SS_UTF8_T *)retBuffer, key);
sscs_Utf8Strcat((SS_UTF8_T *)retBuffer, BINARY_DELIMITER); sscs_Utf8Strcat((SS_UTF8_T *)retBuffer, BINARY_DELIMITER);
len = sscs_Utf8StrSize((SS_UTF8_T *)retBuffer); len = sscs_Utf8StrSize((SS_UTF8_T *)retBuffer);
@ -1057,7 +1069,7 @@ miCASAReadSecret
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1227,7 +1239,7 @@ miCASARemoveSecret
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1373,7 +1385,7 @@ miCASAWriteSecret
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1575,13 +1587,13 @@ miCASAWriteKey
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
memcpy(escapedSHSKey, key, keyLen); memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey); sscsshs_ChkEscapeString(&escapedSHSKey);
memcpy(escapedSHSValue, val, valLen); memcpy(escapedSHSValue, val, valLen);
sscsshs_ChkEscapeString(escapedSHSValue); sscsshs_ChkEscapeString(&escapedSHSValue);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1701,10 +1713,10 @@ miCASAWriteBinaryKey
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
memcpy(escapedSHSKey, key, keyLen); memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey); sscsshs_ChkEscapeString(&escapedSHSKey);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1821,10 +1833,10 @@ miCASAReadKey
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
memcpy(escapedSHSKey, key, keyLen); memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey); sscsshs_ChkEscapeString(&escapedSHSKey);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {
@ -1939,10 +1951,10 @@ miCASAReadBinaryKey
// escape delimited characters // escape delimited characters
memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id));
sscsshs_ChkEscapeString(escapedSHSName); sscsshs_ChkEscapeString(&escapedSHSName);
memcpy(escapedSHSKey, key, keyLen); memcpy(escapedSHSKey, key, keyLen);
sscsshs_ChkEscapeString(escapedSHSKey); sscsshs_ChkEscapeString(&escapedSHSKey);
if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1)
{ {