[Mono-bugs] [Bug 434581] New: BinaryReader.ReadString() vulnerability concerning 7 bit encoded length

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sun Oct 12 04:41:34 EDT 2008


           Summary: BinaryReader.ReadString() vulnerability concerning 7 bit
                    encoded length
           Product: Mono: Class Libraries
           Version: unspecified
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: System
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: awunwpa7 at yahoo.com.ph
         QAContact: mono-bugs at lists.ximian.com
          Found By: Beta-Customer

BinaryReader.ReadString() is not implemented as in the MS framework.

Execute the below code in dotNET, and you will get a FormatException that
addresses the exact error in the input data.

MONO (2.0 final) instead reads all bytes (a thousand!) and then tells you, that
it can't read anymore. It would be good to limit reading to five bytes, since
it is impossible that there are more.

Repro code:

int count = 1000;

byte[] x = new byte[count];

for (int i = 0; i < count; i++) x[i] = 0xFF;

BinaryReader Rdr = new BinaryReader(new MemoryStream(x));

string t = Rdr.ReadString();

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list