diff --git a/checkin_notes b/checkin_notes index 1b41a1b5f2..d4d03cc52f 100755 --- a/checkin_notes +++ b/checkin_notes @@ -1543,20 +1543,20 @@ Rom 7 Feb 2007 client/ Makefile.am -David 7 Feb 2008 +David 7 Feb 2007 - fix PHP 4 problem html/inc forum_email.inc -David 8 Feb 2008 +David 8 Feb 2007 - core client: fix bug where screensaver would turn on an off if CPU throttling being used client/ ss_logic.C -Rytis 8 Feb 2008 +Rytis 8 Feb 2007 - Forum pages: fix a cross site scripting vulnerability. html/ @@ -1577,10 +1577,18 @@ Rytis 8 Feb 2008 forum_subscribe.php forum_thread.php -David 8 Feb 2008 +David 8 Feb 2007 - core client: fix bug that causes tasks to hang (not running, but BOINC thinks it is) on Windows client/ app.C app_control.C + +Rom 8 Feb 2007 + - MGR: Add simple validation for the authenticator returned by + InternetGetCookie. + + clientlib/win/ + AuthenticatorDetection.cpp + stdafx.h diff --git a/clientlib/win/AuthenticatorDetection.cpp b/clientlib/win/AuthenticatorDetection.cpp index 486d4f61a9..0948ccfd27 100644 --- a/clientlib/win/AuthenticatorDetection.cpp +++ b/clientlib/win/AuthenticatorDetection.cpp @@ -34,12 +34,13 @@ EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectURL, LPTSTR szAuthenticator, LPDWORD lpdwSize) { BOOL bReturnValue = FALSE; + BOOL bValidates = TRUE; TCHAR szCookieBuffer[2048]; - TCHAR* pszCookieFragment = NULL; + LPTSTR pszCookieFragment = NULL; DWORD dwSize = sizeof(szCookieBuffer)/sizeof(TCHAR); - std::string strCookieFragment; - std::string strCookieName; - std::string strCookieValue; + tstring strCookieFragment; + tstring strCookieName; + tstring strCookieValue; size_t uiDelimeterLocation; bReturnValue = InternetGetCookie(szProjectURL, NULL, szCookieBuffer, &dwSize); @@ -59,10 +60,34 @@ EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectUR strCookieName = strCookieFragment.substr(0, uiDelimeterLocation); strCookieValue = strCookieFragment.substr(uiDelimeterLocation + 1); - if (std::string(_T("Setup")) == strCookieName) + if (tstring(_T("Setup")) == strCookieName) { - _tcsncpy(szAuthenticator, strCookieValue.c_str(), *lpdwSize); - *lpdwSize = (DWORD)_tcslen(szAuthenticator); + // Perform some basic validation of the suspect authenticator + // + + // If the string is null then it is invalid. + if (0 == strCookieValue.length()) { + bValidates = FALSE; + } + + // If the string contains non alpha numeric characters it is invalid. + tstring::iterator it = strCookieValue.begin(); + while (it != strCookieValue.end()) { + if (!_istalpha(*it) && !_istdigit(*it)) { + bValidates = FALSE; + } + it++; + } + + // If validation failed, null out the Authenticator field just in case + // somebody tries to use it, otherwise copy in the real deal. + if (!bValidates) { + _tcsncpy(szAuthenticator, _T(""), *lpdwSize); + *lpdwSize = 0; + } else { + _tcsncpy(szAuthenticator, strCookieValue.c_str(), *lpdwSize); + *lpdwSize = (DWORD)_tcslen(szAuthenticator); + } } pszCookieFragment = _tcstok(NULL, _T("; ")); @@ -73,6 +98,7 @@ EXTERN_C __declspec(dllexport) BOOL DetectSetupAuthenticator(LPCTSTR szProjectUR fprintf(stderr, _T("DetectSetupAuthenticator() - InternetGetCookieEx Failed. GetLastError = '%d'"), GetLastError()); } + return bReturnValue; } diff --git a/clientlib/win/stdafx.h b/clientlib/win/stdafx.h index 9976290b07..0a51d90497 100755 --- a/clientlib/win/stdafx.h +++ b/clientlib/win/stdafx.h @@ -53,6 +53,14 @@ #include #include +#ifdef _UNICODE +#define tstring std::wstring +#define tostringstream std::wostringstream +#else +#define tstring std::string +#define tostringstream std::ostringstream +#endif + #import "SENS.DLL" raw_interfaces_only, raw_native_types, no_namespace, named_guids using namespace ATL; \ No newline at end of file