[Mono-devel-list] Updated CAS patch for LinkDemand

Sebastien Pouliot spouliot at videotron.ca
Thu Feb 10 15:36:39 EST 2005 

Thanks Paolo,

> > +	g_assert (secman.demand);
> 
> If this function is called when security is enabled it's fine to
> assert, otherwise it should be either not called or it should not
> assert, at least until the security aPI stabilizes.

The methods are only called when the security manager is active.
Otherwise the calls results in NullReferenceException (my reason
for adding asserts - so I know where the real failure comes from).

> My idea was to add here:
> 	guint32          exception_type; /* from an enum: NONE, 
> SECURITY, INALID_PROGRAM etc. */
> 	guint32          exception_data;
> 	char*            exception_message;
> 
> and at the correct points exception_type is checked and an helper
> function creates the exception to be thrown. This is more general, since
> we need to throw exceptions in other cases that are not directly 
> security-related.

Ok, changed the structure (so it can be reused by others).
 
> > +	* mini.c: Added LinkDemand checks in mono_method_to_ir for CEE_CALL 
> > +	and CEE_CALLVIRT. Added code to throw exception at the end of
> 
> You likely want to handle also CEE_NEWOBJ and maybe CEE_JMP.

Yes. There is also the LDFTN and LDVIRTFTN that I must deal with.

I'm committing the patch for CALL/CARTVIRT now, then I'll complete the 
checks for the other instructions (so the next path gonna be smaller to
review ;-).

> > +		const char *pk = mono_image_get_public_key 
> (caller->klass->image, &size);
> > +		if ((pk != NULL) && (size == MONO_ECMA_KEY_LENGTH) 
> && (pk [8] == 0x04)) {
> > +			int i, n = 0;
> > +			for (i=0; i < size; i++)
> > +				n += pk [i];
> > +
> > +			if (n == 4) {
> 
> Uhm, when char is signed it may be possible to get a public key 

Oops.

> (though with likely quite a bit of cpu time) that gives 4 as the sum.

Actually not so much cpu as the 16 bytes are just an (empty) header.

> I'd use an helper method anyway that checks all the bytes.

Moved to an helper function in security-manager.c

> Feel free to commit after the changes.
> Thanks!
> 
> lupus

Committed!
Thanks :-)

Sebastien Pouliot
home: spouliot at videotron.ca
blog: http://pages.infinit.net/ctech/poupou.html

More information about the Mono-devel-list mailing list