Commit c1968aa1 authored by David Byers's avatar David Byers

Fixed bug 38: information leak in set_user_area

parent efa8da48
/*
* $Id: person.c,v 0.65 2001/12/28 20:00:02 ceder Exp $
* $Id: person.c,v 0.66 2002/04/12 12:11:03 byers Exp $
* Copyright (C) 1991-1999, 2001 Lysator Academic Computer Association.
*
* This file is part of the LysKOM server.
......@@ -295,6 +295,15 @@ do_set_user_area(Pers_no pers_no,
if ( user_area != 0 )
{
GET_T_STAT(new_user_area, user_area, FAILURE);
if (!text_read_access(active_connection, user_area, new_user_area)
&& !ENA(admin, 2)) /* OK -- In an RPC call */
{
kom_errno = KOM_NO_SUCH_TEXT;
err_stat = user_area;
return FAILURE;
}
if ( new_user_area->no_of_marks >= param.max_marks_text )
{
kom_log("%s(%d, %lu): New user_area's mark count (%d) > %d.\n",
......
......@@ -36,10 +36,12 @@ proc kom_next_call {} {
}
proc cres { result dflt} {
global ref_no
if { $result == "" } {
return $dflt
} else {
return eval $result
return [eval concat "$result"]
}
}
......@@ -206,7 +208,35 @@ proc kom_set_priv_bits { pers bits { result "" } { testname "" }} {
simple_expect $result $testname
}
proc kom_set_user_area { pers text { result "" } { testname "" } } {
global ref_no;
kom_next_call
send "$ref_no 57 $pers $text\n"
set result [cres $result "=$ref_no"]
simple_expect $result $testname
}
proc kom_create_text_simple { text recpt { result "" } { testname "" } } {
global ref_no;
global any_num;
global text_no;
kom_next_call
send "$ref_no 86 [holl "$text"] 1 { 0 $recpt } 0 { }\n"
set result [cres $result "=$ref_no ($any_num)"]
extracting_expect $result text_no 1
return $text_no
}
proc kom_shutdown_server { { result "" } { testname "" } } {
global ref_no;
kom_next_call
send "$ref_no 44 0\n"
set result [cres $result "=$ref_no"]
simple_expect $result $testname
}
proc kom_ping_server { } {
global ref_no
......
# Test suite for lyskomd.
# Copyright (C) 1999-2000 Lysator Academic Computer Association.
#
# This file is part of the LysKOM server.
#
# LysKOM is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 1, or (at your option)
# any later version.
#
# LysKOM is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# You should have received a copy of the GNU General Public License
# along with LysKOM; see the file COPYING. If not, write to
# Lysator, c/o ISY, Linkoping University, S-581 83 Linkoping, SWEDEN,
# or the Free Software Foundation, Inc., 675 Mass Ave, Cambridge,
# MA 02139, USA.
#
# Please mail bug reports to bug-lyskom@lysator.liu.se.
read_versions
source "$srcdir/config/prot-a.exp"
lyskomd_start
client_start 0
talk_to client 0
send "A[holl "DejaGnu test suite"]\n"
simple_expect "LysKOM" "bug38: Connected"
kom_accept_async "0 { }"
kom_create_person "P6" "pw1" "00000000" "0 { }"
kom_login 5 "gazonk" 0
kom_create_conference "C7" "10000000" "0 { }"
kom_create_conference "C8" "10100000" "0 { }"
kom_create_text_simple "T1" 7
kom_create_text_simple "T2" 8
kom_set_user_area 5 1
kom_set_user_area 5 2
kom_login 6 "pw1" 0
kom_set_user_area 6 1 "%\$ref_no 14 1"
kom_set_user_area 6 2 "%\$ref_no 14 2"
kom_logout
kom_login 5 "gazonk" 0
kom_enable 255
kom_shutdown_server
client_death 0
lyskomd_death
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment