Fix for bug 242410 of Suse review on item 4.7 of the audit list.

This commit is contained in:
Cameron (Kamran) Mashayekhi 2007-02-13 22:58:24 +00:00
parent 37c54b1167
commit d5f2ad902e

View File

@ -268,6 +268,12 @@ int32_t ipc_OpenSecretStore
MSG_STRING_LEN +
ssNameLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_OPEN_SECRET_STORE_MSGID;
@ -401,6 +407,12 @@ int32_t ipc_CloseSecretStore
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_CLOSE_SECRET_STORE_MSGID;
@ -507,6 +519,11 @@ int32_t ipc_RemoveSecretStore
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -617,6 +634,11 @@ int32_t ipc_EnumerateKeychainIDs
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
@ -648,7 +670,7 @@ int32_t ipc_EnumerateKeychainIDs
pReply += MSG_LEN;
// I would like to get return code here itself
// so that I need not check for other things.
memcpy(&bufLen,pReply, MSG_DWORD_LEN);
memcpy(&bufLen, pReply, MSG_DWORD_LEN);
if( 0 == bufLen )
{
retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN);
@ -666,7 +688,14 @@ int32_t ipc_EnumerateKeychainIDs
pReply = gpReplyBuf;
else
{
pReply = (Byte *)malloc( (bufLen+1) * sizeof(char));
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(char));
if( NULL == pReply )
{
// Cleanup the channel by reading the remaining and return error.
@ -823,6 +852,12 @@ int32_t ipc_AddKeychain
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_ADD_KEYCHAIN_MSGID;
@ -939,6 +974,12 @@ int32_t ipc_RemoveKeychain
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_KEYCHAIN_MSGID;
@ -1064,6 +1105,12 @@ int32_t ipc_EnumerateSecretIDs
MSG_STRING_LEN +
keychainIDLen; // Keychain ID
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_ENUMERATE_SECRETIDS_MSGID;
@ -1113,7 +1160,13 @@ int32_t ipc_EnumerateSecretIDs
pReply = gpReplyBuf;
else
{
pReply = (Byte *)malloc( (bufLen+1) * sizeof(SS_UTF8_T));
if((bufLen + 1) >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReply = (Byte *)malloc( (bufLen + 1) * sizeof(SS_UTF8_T));
if(pReply == NULL)
{
// Cleanup the channel by reading the remaining and return error.
@ -1308,6 +1361,12 @@ int32_t ipc_ReadSecret
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -1579,6 +1638,12 @@ int ipc_WriteSecret
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_CACHE_WRITE_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -1781,6 +1846,12 @@ int32_t ipc_RemoveSecret
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
@ -1940,10 +2011,12 @@ int32_t ipc_GetSecretStoreInfo
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if( msgLen > MIN_REQUEST_BUF_LEN )
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
//Allocate more memory for gpReqBuf
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_GET_SECRETSTORE_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -1951,6 +2024,7 @@ int32_t ipc_GetSecretStoreInfo
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@ -2061,10 +2135,12 @@ int32_t ipc_GetKeychainInfo
msgLen = MSGID_LEN + MSG_LEN + MSG_DWORD_LEN +
(keychainID->len );
if( msgLen > MIN_REQUEST_BUF_LEN )
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
//Allocate more memory for gpReqBuf
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_GET_KEYCHAIN_INFO_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2180,6 +2256,12 @@ int32_t ipc_LockCache
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_LOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2284,6 +2366,12 @@ int32_t ipc_UnlockCache
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_UNLOCK_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2400,6 +2488,12 @@ int32_t ipc_SetMasterPasscode
MSG_STRING_LEN + //passcodeLen
passcodeLen;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_SET_MASTER_PASSCODE;
@ -2572,6 +2666,12 @@ int32_t ipc_RemoveKey
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -2776,6 +2876,12 @@ int32_t ipc_ReadKey
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -3029,6 +3135,11 @@ int32_t ipc_ReadBinaryKey
msgLen += MSG_DWORD_LEN;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID;
@ -3309,6 +3420,12 @@ int ipc_WriteKey
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -3558,6 +3675,12 @@ int ipc_WriteBinaryKey
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_WRITE_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@ -3735,6 +3858,12 @@ int32_t ipc_SetMasterPassword
pReq = gpReqBuf;
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_SET_MASTER_PASSWORD;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
@ -3897,6 +4026,12 @@ int ipc_IsSecretPersistent
pReq = gpReqBuf;
}
if(msgLen >= MIN_REQUEST_BUF_LEN)
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
msgid = REQ_IS_SECRET_PERSISTENT;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;