[Mono-bugs] [Bug 654136] New: Insufficient validation of generic type arguments during reflection allows violation of the type system

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Nov 16 17:57:36 EST 2010


https://bugzilla.novell.com/show_bug.cgi?id=654136

https://bugzilla.novell.com/show_bug.cgi?id=654136#c0


           Summary: Insufficient validation of generic type arguments
                    during reflection allows violation of the type system
    Classification: Mono
           Product: Mono: Class Libraries
           Version: 2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Critical
          Priority: P5 - None
         Component: System
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: me at chrishowie.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


Created an attachment (id=400688)
 --> (http://bugzilla.novell.com/attachment.cgi?id=400688)
Test case

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11)
Gecko/20101012 Firefox/3.6.11 ( .NET CLR 3.5.30729; .NET4.0E)

When calling MethodInfo.MakeGenericMethod(...) on a MethodInfo that represents
a generic method, arguments can be passed in that do not meet the generic
constraints of that method.  The subsequent MethodInfo.Invoke() will also not
complain, and will execute the method.

See the attached testcase.  Commenting out the Console.WriteLine() allows the
program to actually run to completion, indicating that a method with a
constraint that T:Stream can actually execute and work (for some definition of
work) when the type argument T is not Stream or a subclass.

This may have security implications.

Reproducible: Always

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.


More information about the mono-bugs mailing list