[Mono-bugs] [Bug 630341] New: Probable bug in

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Aug 11 08:58:43 EDT 2010 

http://bugzilla.novell.com/show_bug.cgi?id=630341

http://bugzilla.novell.com/show_bug.cgi?id=630341#c0


           Summary: Probable bug in
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: i686
        OS/Version: Ubuntu
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: io-layer
        AssignedTo: lupus at novell.com
        ReportedBy: quandary82 at hailmail.net
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US)
AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.125 Safari/533.4

I've downloaded and tried to run
http://www.lumisoft.ee/lswww/Download/Downloads/MailServer/
on my Ubuntu 9.04 server.

Mono version is 2.6, compiled myself from the stable zips on the mono homepage.
(http://ftp.novell.com/pub/mono/sources-stable/)

The author claims he has tested it on Suse Linux with the  0.94 release, and
that it worked.
However, I had to correct all the bugs listed here to get the latest version
working:
http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673
<http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673>

I was debugging (without soft-debugger step-through, which doesn't work
correctly btw...) this issue all friday evening, until I found the reason.
It turned out the "bug" was the way the Mailserver's developer converted the
HmacMd5 to a hex string...
Now in my opinion, his line:
return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
is plain wrong, because this causes the byte array to be converted into a
different encoding on each operating system (1252 on my windows 7, UTF-8 on
Ubuntu), and the mailserver's programmer then calculates the hex string from
the string hash with the operating-system specific encoding.

However, the peculiar thing is, the windows default encoding was 1252.
When on Ubuntu, I used Encoding.GetEncoding(1252).GetString(kMd5....)
it was just as wrong.

Now since it works with the encoding change on Windows (but not on Linux), I'm
not sure anymore whether I am right, or whether the server's programmer is
right, which would mean that the encoding-bug is a bug in mono.

I've isolated the code in question below, just switch bCorrectedVersion between
true and false, and watch how the hash is different on Windows vs. Linux when
one switches bCorrectedVersion to false...
BTW, this is the hash used to authenticate pop3/smtp, so it definitely is not
good when it's different...
(That was the issue that kept all my get/send mail request to and from the
server failing, because authentication failed...)



Reproducible: Always

Steps to Reproduce:
Below is the code in question to reproduce the issue:

private void button1_Click(object sender, EventArgs e)
        {
            string m_Key = "TestKey1";
            string result_Password = "TestUser1";
            string hash = "";


            bool bCorrectedVersion = true;
            if(bCorrectedVersion)
                hash = HmacMd5_corrected(m_Key, result_Password);
            else
                hash = Net_Utils_ToHex(HmacMd5(m_Key, result_Password));

            this.textBox2.Text = "Hash: " + hash;
        }

        public static string Net_Utils_ToHex(string text)
        {
            if (text == null)
            {
                throw new ArgumentNullException("text");
            }
            // Default encoding: Windows 1252, Linux UTF-8
            return
BitConverter.ToString(Encoding.Default.GetBytes(text)).ToLower().Replace("-","");
        }


        // corrected version of original
        private string HmacMd5_corrected(string hashKey, string text)
        {
            System.Security.Cryptography.HMACMD5 kMd5 = new
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));


            string strHash = "";
            foreach (byte x in
kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)))
            {
                strHash += x.ToString("x2");

            }
            return strHash;
            //return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
        }


        // original
        private string HmacMd5(string hashKey, string text)
        {
            System.Security.Cryptography.HMACMD5 kMd5 = new
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));

            return
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
        }

Actual Results:  
Switch bCorrectedVersion between true and false, and watch how the hash is
different on Windows vs. Linux when one switches bCorrectedVersion to false...

Expected Results:  
Different hash on Windows than on Ubuntu, but it should be the same.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list