Update of /cvsroot/audacity/audacity-src/src/xml
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv24768/xml
Modified Files:
Tag: Audacity_UmixIt
XMLTagHandler.cpp XMLTagHandler.h
Log Message:
Further changes for NGS security vulnerability report for UmixIt, per comments
from Markus.
Index: XMLTagHandler.h
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/xml/XMLTagHandler.h,v
retrieving revision 1.4.6.2
retrieving revision 1.4.6.3
diff -u -d -r1.4.6.2 -r1.4.6.3
--- XMLTagHandler.h 17 Dec 2006 05:34:39 -0000 1.4.6.2
+++ XMLTagHandler.h 20 Dec 2006 22:55:45 -0000 1.4.6.3
@@ -5,11 +5,15 @@
XMLTagHandler.h
Dominic Mazzoni
+ Vaughan Johnson
- This class is an interface which should be implemented by
+ The XMLTagHandler class is an interface which should be implemented by
classes which wish to be able to load and save themselves
using XML files.
+ The XMLValueChecker class implements static bool methods for checking
+ input values from XML files.
+
**********************************************************************/
#include <wx/string.h>
@@ -22,7 +26,7 @@
{
public:
// "Good" means well-formed and for the file-related functions, names an
existing file or folder.
- // They are used in HandleXMLTag and BuildFomXML methods to check the input
for
+ // These are used in HandleXMLTag and BuildFomXML methods to check the
input for
// security vulnerabilites, per the NGS report for UmixIt.
static bool IsGoodString(const wxString str);
@@ -31,9 +35,12 @@
static bool IsGoodPathName(const wxString strPathName);
// Note that because wxString::ToLong does additional testing, IsGoodInt
doesn't duplicate
- // that testing, so use wxString::ToLong, not just atoi.
+ // that testing, so use wxString::ToLong after IsGoodInt, not just atoi.
static bool IsGoodInt(const wxString strInt);
+ static bool IsValidChannel(const int nValue);
+ static bool IsValidSampleFormat(const int nValue); // true if nValue is one
sampleFormat enum values
+
private:
static bool IsGoodFileString(wxString str);
};
Index: XMLTagHandler.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/xml/XMLTagHandler.cpp,v
retrieving revision 1.4.6.2
retrieving revision 1.4.6.3
diff -u -d -r1.4.6.2 -r1.4.6.3
--- XMLTagHandler.cpp 17 Dec 2006 05:34:39 -0000 1.4.6.2
+++ XMLTagHandler.cpp 20 Dec 2006 22:55:45 -0000 1.4.6.3
@@ -5,12 +5,15 @@
XMLTagHandler.cpp
Dominic Mazzoni
- Vaughan Johnson (IsGood*FromXML)
+ Vaughan Johnson
- This class is an interface which should be implemented by
+ The XMLTagHandler class is an interface which should be implemented by
classes which wish to be able to load and save themselves
using XML files.
+ The XMLValueChecker class implements static bool methods for checking
+ input values from XML files.
+
**********************************************************************/
#include "XMLTagHandler.h"
@@ -25,6 +28,8 @@
#include <wx/defs.h>
#include <wx/filename.h>
+#include "../SampleFormat.h"
+#include "../Track.h"
bool XMLValueChecker::IsGoodString(const wxString str)
{
@@ -58,9 +63,10 @@
bool XMLValueChecker::IsGoodSubdirName(const wxString strSubdirName, const
wxString strDirName /* = "" */)
{
// Test strSubdirName.
- // Note this prevents path separators, so fixes vulnerability #3 in the NGS
report for UmixIt,
+ // Note this prevents path separators, and relative path to parents
(strDirName),
+ // so fixes vulnerability #3 in the NGS report for UmixIt,
// where an attacker could craft an AUP file with relative pathnames to get
to system files, for example.
- if (!IsGoodFileString(strSubdirName))
+ if (!IsGoodFileString(strSubdirName) || (strSubdirName == ".") ||
(strSubdirName == ".."))
return false;
#ifdef _WIN32
@@ -83,6 +89,7 @@
bool XMLValueChecker::IsGoodFileString(wxString str)
{
return (IsGoodString(str) &&
+ !str.IsEmpty() &&
(str.Length() <= 260) && // FILENAME_MAX is 260 in MSVC, but
inconsistent across platforms, sometimes huge.
(str.Find(wxFileName::GetPathSeparator()) == -1)); // No path
separator characters. //vvv (this won't work on CVS HEAD)
}
@@ -93,24 +100,47 @@
return false;
// Check that the value won't overflow.
- const wxString strMAXINT = "2147483647";
- size_t lenMAXINT = strMAXINT.Length();
- if (strInt.Length() > lenMAXINT)
+ // Signed long: -2,147,483,648 to +2,147,483,647, i.e., -2^31 to 2^31-1
+ // We're strict about disallowing spaces and commas, and requiring minus
sign to be first char for negative.
+ const size_t lenMAXABS = strlen("2147483647");
+ const size_t lenStrInt = strInt.Length();
+
+ unsigned long nTest;
+ wxString strTest;
+
+ if (lenStrInt > (lenMAXABS + 1))
return false;
- else if (strInt.Length() == lenMAXINT)
+ else if ((lenStrInt == (lenMAXABS + 1)) && (strInt[0] == '-'))
{
- const int digitsMAXINT[] = {2, 1, 4, 7, 4, 8, 3, 6, 4, 7};
- unsigned long nTest;
- wxString strTest;
- for (unsigned int i = 0; i < lenMAXINT; i++) {
+ const unsigned long digitsMAXABS[] = {2, 1, 4, 7, 4, 8, 3, 6, 4, 8};
+ for (unsigned int i = 0; i < lenMAXABS; i++) {
+ strTest = strInt[i+1];
+ if (!strTest.ToULong(&nTest) || (nTest > digitsMAXABS[i]))
+ return false;
+ }
+ }
+ else if (lenStrInt == lenMAXABS)
+ {
+ const unsigned long digitsMAXABS[] = {2, 1, 4, 7, 4, 8, 3, 6, 4, 7};
+ for (unsigned int i = 0; i < lenMAXABS; i++) {
strTest = strInt[i];
- if (!strTest.ToULong(&nTest) || (nTest > digitsMAXINT[i]))
+ if (!strTest.ToULong(&nTest) || (nTest > digitsMAXABS[i]))
return false;
}
}
return true;
}
+bool XMLValueChecker::IsValidChannel(const int nValue)
+{
+ return (nValue >= Track::LeftChannel) && (nValue <= Track::MonoChannel);
+}
+
+bool XMLValueChecker::IsValidSampleFormat(const int nValue)
+{
+ return (nValue == int16Sample) || (nValue == int24Sample) || (nValue ==
floatSample);
+}
+
// See http://www.w3.org/TR/REC-xml for reference
wxString XMLTagHandler::XMLEsc(wxString s)
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs
