[Mono-bugs] [Bug 82428][Maj] Changed - Cannot deserialize data from encrypted stream

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Fri Aug 17 10:34:10 EDT 2007 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.

http://bugzilla.ximian.com/show_bug.cgi?id=82428

--- shadow/82428	2007-08-17 09:07:42.000000000 -0400
+++ shadow/82428.tmp.22226	2007-08-17 10:34:10.000000000 -0400
@@ -128,6 +128,73 @@
 this is sensitive
 
 The string length is the same in both case (22) so the end of the
 string must be unprintable garbage.
 
 This used to work, at least it works using my SLED-installed 1.1.13.8
+
+------- Additional Comments From sebastien at ximian.com  2007-08-17 10:34 -------
+It seems the way the serializer calls CryptoStream.Write hits the bug
+on encryption.
+
+Moving the serialization into a MemoryStream and then encrypting the
+stream is ok (see modified sample) and can be decrypted using the
+original code.
+
+//MonoBug - logged by Rusty Howell <rhowell at novell.com>
+
+//#define USECRYPT
+
+using System;
+using System.IO;
+using System.Security.Cryptography;
+using System.Runtime.Serialization;
+using System.Runtime.Serialization.Formatters.Binary;
+
+namespace Monobug
+{
+	class Program
+	{
+		static void Main(string[] args)
+		{
+			string filename = "test.data";
+			string data = "*this is sensitive data*";
+
+			DESCryptoServiceProvider des = new DESCryptoServiceProvider();
+			des.GenerateIV();
+			des.GenerateKey();
+
+			// -----------  WRITING ENCRYPTED SERIALIZED DATA ------------------
+			MemoryStream ms = new MemoryStream ();
+			BinaryFormatter bformatter = new BinaryFormatter();
+			bformatter.Serialize(ms, data);
+			byte[] serdata = ms.ToArray ();
+
+			Stream stream = new FileStream(filename, FileMode.Create,
+FileAccess.Write);
+#if USECRYPT
+			stream = new CryptoStream(stream, des.CreateEncryptor(),
+CryptoStreamMode.Write);
+#endif
+			stream.Write (serdata, 0, serdata.Length);
+			stream.Close();
+
+			stream = null;
+			bformatter = null;
+			data = string.Empty;
+
+			// -----------  READING ENCRYPTED SERIALIZED DATA ------------------
+			stream = new FileStream(filename, FileMode.Open, FileAccess.Read);
+#if USECRYPT
+			stream = new CryptoStream(stream, des.CreateDecryptor(),
+CryptoStreamMode.Read);
+#endif
+			bformatter = new BinaryFormatter();
+			data = (string)bformatter.Deserialize(stream);
+			stream.Close();
+
+			//----------- PRINT RESULTS ----------------
+			Console.WriteLine("'{0}' (length {1})", data, data.Length);
+		}
+	}
+}
+

More information about the mono-bugs mailing list