[Mono-bugs] [Bug 77931][Nor] New - UrlDecode can cause exceptions on invalid input

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Mar 27 11:53:16 EST 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by rongeens7 at hotmail.com.

http://bugzilla.ximian.com/show_bug.cgi?id=77931

--- shadow/77931	2006-03-27 11:53:16.000000000 -0500
+++ shadow/77931.tmp.25966	2006-03-27 11:53:16.000000000 -0500
@@ -0,0 +1,59 @@
+Bug#: 77931
+Product: Mono: Class Libraries
+Version: 1.1
+OS: 
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: Sys.Web
+AssignedTo: gonzalo at ximian.com                            
+ReportedBy: rongeens7 at hotmail.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: UrlDecode can cause exceptions on invalid input
+
+Please fill in this template when reporting a bug, unless you know what you
+are doing.
+Description of Problem:
+When passing some incorrectly encoded URL is passed to the
+System.Web.HttpUtility:UrlDecode method an exception could be thrown from
+Int32.Parse method.
+
+While incorrectly encoded URLs should never happen they are a reality in
+this day and age where almost all browsers have them working just fine.
+
+
+Steps to reproduce the problem:
+1. Call System.Web.HttpUtility:UrlDecode("../../&param2=%CURRREV%");
+2. 
+3. 
+
+Actual Results:
+Unhandled Exception: System.FormatException: Input string was not in the
+correct format
+in <0x00054> System.Int32:Parse (System.String s, NumberStyles style,
+IFormatProvider fp)
+in <0x0000f> System.Int32:Parse (System.String s, NumberStyles style)
+in <0x0024c> System.Web.HttpUtility:UrlDecode (System.String s,
+System.Text.Encoding e)
+
+
+Expected Results:
+No exception should be thrown I guess, otherwise it should at least be a
+specific URLEncoding exception or something like that such that it can
+explicitly be caught by the client code.
+
+How often does this happen? 
+Always.
+
+Additional Information:
+The UrlDecode-method could either check for exceptions itself, or it could
+check the input more thoroughly: after a % there should be hexadecimal
+numbers and nothing else.
+
+The version I use is Mono C# compiler version 1.1.13.2, but I checked in
+SVN that the code has not been changed in this respect.

More information about the mono-bugs mailing list