Security Audit Report : Patch for Bug No. 5.4.1

File : c_micasad/lss/CASACrypto.cs

CASA.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Mar 29 17:00:41 IST 2006 - lsreevatsa@novell.com
+
+- Security Audit Report : Patch for Bug No. 5.4.1
+  File : c_micasad/lss/CASACrypto.cs 
+
 -------------------------------------------------------------------
 Wed Mar 15 21:22:48 IST 2006 - lsreevatsa@novell.com
 

c_micasad/lss/CASACrypto.cs

@@ -34,6 +34,7 @@ namespace sscs.crypto
 
         private const int SALTSIZE = 64;
         private const int ITERATION_COUNT = 1000;
+	private const int HASH_SIZE = 32;
 
         internal static byte[] Generate16ByteKeyFromString(string sTheString)
         {
@@ -230,11 +231,17 @@ namespace sscs.crypto
 
                 //Now decrypt             
                 fsDecrypt = new FileStream(fileName, FileMode.Open, FileAccess.Read, FileShare.Read);                        
-                byte[] storedHash = new byte[32];
+                byte[] storedHash = new byte[HASH_SIZE];
                 fsDecrypt.Read(storedHash,0,storedHash.Length);
 
                 csDecrypt = new CryptoStream(fsDecrypt, decryptor, CryptoStreamMode.Read);            
-                long fileLen = fsDecrypt.Length - 32;
+		if(fsDecrypt.Length  < HASH_SIZE )
+		{
+			csDecrypt.Close();
+                        fsDecrypt.Close();                        
+                        return null;
+		}
+                ulong fileLen = fsDecrypt.Length - HASH_SIZE;
                 byte[] fromEncrypt = new byte[fileLen];
 
                 //Read the data out of the crypto stream.