Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/9.0-staging] Fix erroneous success in AsnDecoder.ReadSequence #109595

Merged
merged 3 commits into from
Jan 13, 2025
Merged

[release/9.0-staging] Fix erroneous success in AsnDecoder.ReadSequence #109595

merged 3 commits into from
Jan 13, 2025

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Nov 6, 2024
edited by bartonjs
Loading

Backport of #109586 to release/9.0-staging

/cc @bartonjs

Customer Impact

  • Customer reported
  • Found internally

Calls to AsnReader.ReadSequence, (internal) AsnValueReader.ReadSequence, or any method that indirectly calls them, will get an ArgumentOutOfRangeException if processing specific data, which stems from AsnDecoder.ReadSequence erroneously succeeding on particular malformed data.

This was originally reported as an unexpected ArgumentOutOfRangeException from a constructor of X509Certificate2, which can be reproduced on non-Windows systems when checking if the contents are PKCS#12/PFX. Particular malformed data may therefore provide unexpected exception flow to applications.

Regression

This incorrect behavior has always been present in AsnDecoder.ReadSequence, and has probably been present for reading certificates on Linux since before AsnDecoder was public API. In modern versions of .NET it appears as an OS-specific bug, so users may experience it as a "regression from Windows" or "regression from .NET Framework".

Testing

Additional tests are added in this change that will prevent a regression in this method, or related methods.

Risk

Low. Copious tests, both direct and indirect, ensure that well-formed data continues to function. The new tests introduced in this change add coverage for this particular sort of malformed data.

@bartonjs
Fix erroneous success in AsnDecoder.ReadEncodedValue
ba0e960 
When AsnDecoder.ReadEncodedValue is used on a payload where
the encoded length plus the number of bytes representing the encoded
length plus the number of bytes representing the tag exceeds int.MaxValue
it erroneously reports success.

Every known caller of this method immediately follows it with a call to
a Span or Memory .Slice, which results in an ArgumentException that the
requested length exceeds the number of bytes available in the buffer.

Because AsnDecoder was extracted out of AsnReader, most AsnDecoder tests
are done indirectly as AsnReader tests, or are done in the same test class that
tests the related functionality on AsnReader.  Since there's not a clear
analogue for ReadEncodedValue (that does not immediately Slice), this change
introduces a new subtree for AsnDecoder tests, only populating it with
(Try)ReadEncodedValue tests.  It also adds "large length" tests for ReadSetOf
and ReadSequence, for good measure.
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-formats-asn1, @bartonjs, @vcsjones
See info in area-owners.md if you want to be subscribed.

@build-analysis build-analysis bot mentioned this pull request Nov 7, 2024
Open
3 tasks
@bartonjs bartonjs changed the title [release/9.0-staging] Fix erroneous success in AsnDecoder.ReadEncodedValue [release/9.0-staging] Fix erroneous success in AsnDecoder.ReadSequence Nov 7, 2024
@bartonjs bartonjs requested a review from carlossanlop November 7, 2024 18:14
@carlossanlop
Copy link
Member

Hold on for this #109316

Please remove the packaging changes. We won't be needing them in 9.0 anymore.

@carlossanlop carlossanlop added the blocked Issue/PR is blocked on something - see comments label Nov 7, 2024
@bartonjs bartonjs added Servicing-consider Issue for next servicing release review and removed blocked Issue/PR is blocked on something - see comments labels Nov 7, 2024
@build-analysis build-analysis bot mentioned this pull request Nov 7, 2024
Open
3 tasks
@bartonjs bartonjs added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Nov 8, 2024
carlossanlop
carlossanlop approved these changes Jan 13, 2025
View reviewed changes
Copy link
Member

@carlossanlop carlossanlop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for packaging (no longer required in 9.0).

@jeffhandley @bartonjs can you get a code review from an area owner and merge it today by 4pm PT to ensure it gets included in the Feb 2025 release?

@bartonjs bartonjs merged commit fcee4ed into release/9.0-staging Jan 13, 2025
85 of 88 checks passed
@bartonjs bartonjs deleted the backport/pr-109586-to-release/9.0-staging branch January 13, 2025 22:13
@github-actions github-actions bot locked and limited conversation to collaborators Feb 13, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vcsjones vcsjones vcsjones approved these changes

@carlossanlop carlossanlop carlossanlop approved these changes

Assignees
No one assigned
Labels
area-System.Formats.Asn1 Servicing-approved Approved for servicing release
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@carlossanlop @vcsjones @bartonjs