[Mono-bugs] [Bug 690255] New: Mono runtime for iPhone lacks full SecureString support when compiled without COM support

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Apr 27 10:01:51 EDT 2011



           Summary: Mono runtime for iPhone lacks full SecureString
                    support when compiled without COM support
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: iPhone
        OS/Version: Apple iOS 4.3
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: interop
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: mantas at unity3d.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---

Created an attachment (id=426839)
 --> (http://bugzilla.novell.com/attachment.cgi?id=426839)
Simple test case that demonstrates typical SecureString use case.

User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-US)
AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16

Mono runtime compiled for iPhone without COM support lacks full SecureString
support. Typically SecureString is used for storing passwords or other
sensitive information and the way to obtain its content is via :
Marshal.SecureStringToBSTR / Marshal.ZeroFreeBSTR methods. SecureString class
isn't directly related to COM support, but removing COM support from runtime
renders use of this class impossible.

I would like to suggest either finer grain control of what COM related
components can be disabled while building runtime or just include basic BSTR
support into runtime even when COM support is disabled.

Reproducible: Always

Steps to Reproduce:
1. Build mono iphone runtime without COM support
2. Build final iphone application that includes attached test case
3. Run on device. Application crashes with SIGABRT, because necessary icalls
are missing.
Actual Results:  
cant resolve internal call to
"System.Runtime.InteropServices.Marshal::FreeBSTR(intptr)" (tested without
signature also)

Your mono runtime and class libraries are out of sync.
The out of sync library is:

Expected Results:  
"This is some sensitive info" printed to console

Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list