Ticket #262 (closed defect: fixed)

Opened 12 years ago

Last modified 12 years ago

Validate username

Reported by: kmaclean Owned by: kmaclean
Priority: major Milestone: SpeechSubmission 0.1
Component: SpeechSubmission Version: Website 0.2
Keywords: Cc:

Description (last modified by kmaclean) (diff)

Need to validate username field to ensure that attacker cannot user buffer overflow type exploits on the username.

Need to test with spaces in username field, and odd characters ...

Create a max size for this variable 25 alphanumeric characters only; truncate over 25, and remove any non-alphanumeric characters

Change History

comment:1 Changed 12 years ago by kmaclean

  • Description modified (diff)

comment:2 Changed 12 years ago by kmaclean

Image processing Buffer overflow vulnerability in the Sun JDK - it uses native code for image parsing and there is a Buffer overflow vulnerability with the parser.

A buffer overflow vulnerability is a kind of security hole when an application can put its executable code or data behind the border (in memory) which OS allocates for this application, including a data. It results in a situation when a code is placed outside of permitted place in memory where it is allowed to do it. Look at affected versions and the solution below.

A buffer overflow vulnerability in the parser may allow an untrusted applet or application to elevate its privileges in OS. For example, an applet may grant itself permissions to read and write local files. It can probably execute local applications that are accessible to the user running the untrusted applet.

comment:4 Changed 12 years ago by kmaclean

  • Description modified (diff)

comment:5 Changed 12 years ago by kmaclean

  • Description modified (diff)

comment:6 Changed 12 years ago by kmaclean

  • Status changed from new to closed
  • Resolution set to fixed

comment:7 Changed 12 years ago by root

  • Milestone SpeechSubmission 0.1 deleted

Milestone SpeechSubmission 0.1 deleted

comment:8 Changed 12 years ago by kmaclean

  • Milestone set to SpeechSubmission 0.1
Note: See TracTickets for help on using tickets.