Update of /cvsroot/audacity/audacity-src/src/xml
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv5547/xml
Modified Files:
XMLTagHandler.cpp XMLTagHandler.h
Log Message:
Port security vulnerability fixes, per NGS report, from custom UmixIt version.
Index: XMLTagHandler.h
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/xml/XMLTagHandler.h,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- XMLTagHandler.h 23 Sep 2006 02:27:38 -0000 1.8
+++ XMLTagHandler.h 25 Jan 2007 03:01:11 -0000 1.9
@@ -5,11 +5,15 @@
XMLTagHandler.h
Dominic Mazzoni
+ Vaughan Johnson
- This class is an interface which should be implemented by
+ The XMLTagHandler class is an interface which should be implemented by
classes which wish to be able to load and save themselves
using XML files.
+ The XMLValueChecker class implements static bool methods for checking
+ input values from XML files.
+
**********************************************************************/
#ifndef __AUDACITY_XML_TAG_HANDLER__
#define __AUDACITY_XML_TAG_HANDLER__
@@ -18,6 +22,28 @@
#include <stdio.h>
#include "XMLWriter.h"
+class XMLValueChecker
+{
+public:
+ // "Good" means well-formed and for the file-related functions, names an
existing file or folder.
+ // These are used in HandleXMLTag and BuildFomXML methods to check the
input for
+ // security vulnerabilites, per the NGS report for UmixIt.
+ static bool IsGoodString(const wxString str);
+
+ static bool IsGoodFileName(const wxString strFileName, const wxString
strDirName = wxEmptyString);
+ static bool IsGoodSubdirName(const wxString strSubdirName, const wxString
strDirName = wxEmptyString);
+ static bool IsGoodPathName(const wxString strPathName);
+
+ // Note that because wxString::ToLong does additional testing, IsGoodInt
doesn't duplicate
+ // that testing, so use wxString::ToLong after IsGoodInt, not just atoi.
+ static bool IsGoodInt(const wxString strInt);
+
+ static bool IsValidChannel(const int nValue);
+ static bool IsValidSampleFormat(const int nValue); // true if nValue is one
sampleFormat enum values
+
+ static bool IsGoodFileString(wxString str);
+};
+
class XMLTagHandler {
public:
Index: XMLTagHandler.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/xml/XMLTagHandler.cpp,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- XMLTagHandler.cpp 23 Sep 2006 02:27:38 -0000 1.9
+++ XMLTagHandler.cpp 25 Jan 2007 03:01:11 -0000 1.10
@@ -2,9 +2,10 @@
Audacity: A Digital Audio Editor
- XMLTagHandler.h
+ XMLTagHandler.cpp
Dominic Mazzoni
+ Vaughan Johnson
*//****************************************************************//**
@@ -14,6 +15,10 @@
classes which wish to be able to load and save themselves
using XML files.
+\class XMLValueChecker
+\brief XMLValueChecker implements static bool methods for checking
+ input values from XML files.
+
*//*******************************************************************/
#include "XMLTagHandler.h"
@@ -21,8 +26,126 @@
#include "../Audacity.h"
#include "../Internat.h"
+#ifdef _WIN32
+ #include <windows.h>
+#endif
+
#include <wx/defs.h>
#include <wx/arrstr.h>
+#include <wx/filename.h>
+
+#include "../SampleFormat.h"
+#include "../Track.h"
+
+bool XMLValueChecker::IsGoodString(const wxString str)
+{
+ size_t len = str.Length();
+ int nullIndex = str.Find('\0', false);
+ if ((len < 2048) && // Shouldn't be any reason for longer strings, except
intentional file corruption.
+ (nullIndex == -1)) // No null characters except terminator.
+ return true;
+ else
+ return false; // good place for a breakpoint
+}
+
+// "Good" means the name is well-formed and names an existing file or folder.
+bool XMLValueChecker::IsGoodFileName(const wxString strFileName, const
wxString strDirName /* = "" */)
+{
+ // Test strFileName.
+ if (!IsGoodFileString(strFileName))
+ return false;
+
+ #ifdef _WIN32
+ if (strFileName.Length() + 1 + strDirName.Length() > MAX_PATH)
+ return false;
+ #endif
+
+ // Test the corresponding wxFileName.
+ wxFileName fileName(strDirName, strFileName);
+ return (fileName.IsOk() && fileName.FileExists());
+}
+
+bool XMLValueChecker::IsGoodSubdirName(const wxString strSubdirName, const
wxString strDirName /* = "" */)
+{
+ // Test strSubdirName.
+ // Note this prevents path separators, and relative path to parents
(strDirName),
+ // so fixes vulnerability #3 in the NGS report for UmixIt,
+ // where an attacker could craft an AUP file with relative pathnames to get
to system files, for example.
+ if (!IsGoodFileString(strSubdirName) || (strSubdirName == wxT(".")) ||
(strSubdirName == wxT("..")))
+ return false;
+
+ #ifdef _WIN32
+ if (strSubdirName.Length() + 1 + strDirName.Length() > MAX_PATH)
+ return false;
+ #endif
+
+ // Test the corresponding wxFileName.
+ wxFileName fileName(strDirName, strSubdirName);
+ return (fileName.IsOk() && fileName.DirExists());
+}
+
+bool XMLValueChecker::IsGoodPathName(const wxString strPathName)
+{
+ // Test the corresponding wxFileName.
+ wxFileName fileName(strPathName);
+ return XMLValueChecker::IsGoodFileName(fileName.GetFullName(),
fileName.GetPath(wxPATH_GET_VOLUME));
+}
+
+bool XMLValueChecker::IsGoodFileString(wxString str)
+{
+ return (IsGoodString(str) &&
+ !str.IsEmpty() &&
+ (str.Length() <= 260) && // FILENAME_MAX is 260 in MSVC, but
inconsistent across platforms, sometimes huge.
+ (str.Find(wxFileName::GetPathSeparator()) == -1)); // No path
separator characters. //vvv (this won't work on CVS HEAD)
+}
+
+bool XMLValueChecker::IsGoodInt(const wxString strInt)
+{
+ if (!IsGoodString(strInt))
+ return false;
+
+ // Check that the value won't overflow.
+ // Signed long: -2,147,483,648 to +2,147,483,647, i.e., -2^31 to 2^31-1
+ // We're strict about disallowing spaces and commas, and requiring minus
sign to be first char for negative.
+ const size_t lenMAXABS = strlen("2147483647");
+ const size_t lenStrInt = strInt.Length();
+
+ unsigned long nTest;
+ wxString strTest;
+
+ if (lenStrInt > (lenMAXABS + 1))
+ return false;
+ else if ((lenStrInt == (lenMAXABS + 1)) && (strInt[0] == '-'))
+ {
+ const unsigned long digitsMAXABS[] = {2, 1, 4, 7, 4, 8, 3, 6, 4, 8};
+ for (unsigned int i = 0; i < lenMAXABS; i++) {
+ strTest = strInt[i+1];
+ if (!strTest.ToULong(&nTest) || (nTest > digitsMAXABS[i]))
+ return false;
+ }
+ }
+ else if (lenStrInt == lenMAXABS)
+ {
+ const unsigned long digitsMAXABS[] = {2, 1, 4, 7, 4, 8, 3, 6, 4, 7};
+ for (unsigned int i = 0; i < lenMAXABS; i++) {
+ strTest = strInt[i];
+ if (!strTest.ToULong(&nTest) || (nTest > digitsMAXABS[i]))
+ return false;
+ }
+ }
+ return true;
+}
+
+bool XMLValueChecker::IsValidChannel(const int nValue)
+{
+ return (nValue >= Track::LeftChannel) && (nValue <= Track::MonoChannel);
+}
+
+bool XMLValueChecker::IsValidSampleFormat(const int nValue)
+{
+ return (nValue == int16Sample) || (nValue == int24Sample) || (nValue ==
floatSample);
+}
+
// See http://www.w3.org/TR/REC-xml for reference
wxString XMLTagHandler::XMLEsc(wxString s)
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs
