[Mono-bugs] [Bug 654136] New: Insufficient validation of generic type arguments during reflection allows violation of the type system
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Tue Nov 16 17:57:36 EST 2010
https://bugzilla.novell.com/show_bug.cgi?id=654136
https://bugzilla.novell.com/show_bug.cgi?id=654136#c0
Summary: Insufficient validation of generic type arguments
during reflection allows violation of the type system
Classification: Mono
Product: Mono: Class Libraries
Version: 2.6.x
Platform: All
OS/Version: All
Status: NEW
Severity: Critical
Priority: P5 - None
Component: System
AssignedTo: mono-bugs at lists.ximian.com
ReportedBy: me at chrishowie.com
QAContact: mono-bugs at lists.ximian.com
Found By: ---
Blocker: ---
Created an attachment (id=400688)
--> (http://bugzilla.novell.com/attachment.cgi?id=400688)
Test case
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11)
Gecko/20101012 Firefox/3.6.11 ( .NET CLR 3.5.30729; .NET4.0E)
When calling MethodInfo.MakeGenericMethod(...) on a MethodInfo that represents
a generic method, arguments can be passed in that do not meet the generic
constraints of that method. The subsequent MethodInfo.Invoke() will also not
complain, and will execute the method.
See the attached testcase. Commenting out the Console.WriteLine() allows the
program to actually run to completion, indicating that a method with a
constraint that T:Stream can actually execute and work (for some definition of
work) when the type argument T is not Stream or a subclass.
This may have security implications.
Reproducible: Always
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.
More information about the mono-bugs
mailing list