Bug 222012. Fix for Security Audit 5.1.2

2007-05-08 18:05:41 +00:00
parent 3d569e7a9c
commit e597b7ab23
2 changed files with 22 additions and 12 deletions
--- a/CASA/CASA.changes
+++ b/CASA/CASA.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue May  8 12:01:24 MDT 2007 - jnorman@novell.com
+
+- Bug 222012. Fix for security audit 5.1.2 
+
 -------------------------------------------------------------------
 Wed May  2 11:59:20 MDT 2007 - jnorman@novell.com

--- a/CASA/micasad/lib/communication/UnixIPCClientChannel.cs
+++ b/CASA/micasad/lib/communication/UnixIPCClientChannel.cs
@@ -94,12 +94,6 @@ namespace Novell.CASA.MiCasa.Communication
                 * allocate. 
                 */

-                byte[] msgIdBytes = new byte[2];
-                bytesRecvd = mSocket.Receive(msgIdBytes);
-                if (0 == bytesRecvd)
-                {
-                    return null;
-                }
                byte[] msgLenBytes = new byte[4];
                bytesRecvd = mSocket.Receive(msgLenBytes);
                if (0 == bytesRecvd)
@@ -108,6 +102,14 @@ namespace Novell.CASA.MiCasa.Communication
                }

                uint msgLen = BitConverter.ToUInt32(msgLenBytes, 0);
+
+		// micasad shouldn't return anything too large, however just in case
+		// don't loop forever
+		if (msgLen > int.MaxValue)
+		{
+			return null;
+		}
+
                if (msgLen > 6)
                {                    
                    byte[] buf = null;
@@ -118,6 +120,7 @@ namespace Novell.CASA.MiCasa.Communication

                    // buffer for data
                    MemoryStream ms = new MemoryStream();
+                    ms.Write(msgLenBytes, 0, 4);

                    while (totalBytes < (msgLen - 6))
                    {
@@ -135,20 +138,23 @@ namespace Novell.CASA.MiCasa.Communication
                    if (totalBytes == 0)
                        return null;
                
-                    byte[] finalbuf = ms.ToArray();
+                    return ms.ToArray();

+                    /*
+                    byte[] finalbuf = ms.ToArray();                    
                    int returnBufferLen = msgIdBytes.Length + msgLenBytes.Length + totalBytes;
                    returnBuffer = new byte[returnBufferLen];
                    Array.Copy(msgIdBytes, returnBuffer, 2);
                    Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
                    Array.Copy(finalbuf, 0, returnBuffer, 6, finalbuf.Length);
                    return returnBuffer;
+                     * 
+                     */
                }
                else
                {
-                    returnBuffer = new byte[6];
-                    Array.Copy(msgIdBytes, returnBuffer, 2);
-                    Array.Copy(msgLenBytes, 0, returnBuffer, 2, 4);
+                    returnBuffer = new byte[4];
+                    Array.Copy(msgLenBytes, 0, returnBuffer, 0, 4);
                    return returnBuffer;
                }
            }
@@ -164,7 +170,6 @@ namespace Novell.CASA.MiCasa.Communication
            try
            {
                mSocket.Send(buf);
-                //Console.WriteLine("Bytes written = " + buf.Length);
                return buf.Length;
            }
            catch (Exception e)