diff --git a/CASA.changes b/CASA.changes index 1573715c..7ddee93c 100644 --- a/CASA.changes +++ b/CASA.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com + +- Security Audit Report : Patch for Bug No. 5.4.1 + File : c_micasad/lss/CASACrypto.cs + ------------------------------------------------------------------- Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com diff --git a/c_micasad/lss/CASACrypto.cs b/c_micasad/lss/CASACrypto.cs index f9cedea4..59f703c7 100644 --- a/c_micasad/lss/CASACrypto.cs +++ b/c_micasad/lss/CASACrypto.cs @@ -34,6 +34,7 @@ namespace sscs.crypto private const int SALTSIZE = 64; private const int ITERATION_COUNT = 1000; + private const int HASH_SIZE = 32; internal static byte[] Generate16ByteKeyFromString(string sTheString) { @@ -230,11 +231,17 @@ namespace sscs.crypto //Now decrypt fsDecrypt = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read); - byte[] storedHash = new byte[32]; + byte[] storedHash = new byte[HASH_SIZE]; fsDecrypt.Read(storedHash,0,storedHash.Length); csDecrypt = new CryptoStream(fsDecrypt, decryptor, CryptoStreamMode.Read); - long fileLen = fsDecrypt.Length - 32; + if(fsDecrypt.Length < HASH_SIZE ) + { + csDecrypt.Close(); + fsDecrypt.Close(); + return null; + } + ulong fileLen = fsDecrypt.Length - HASH_SIZE; byte[] fromEncrypt = new byte[fileLen]; //Read the data out of the crypto stream.