https://bugzilla.novell.com/show_bug.cgi?id=654136
https://bugzilla.novell.com/show_bug.cgi?id=654136#c0 Summary: Insufficient validation of generic type arguments during reflection allows violation of the type system Classification: Mono Product: Mono: Class Libraries Version: 2.6.x Platform: All OS/Version: All Status: NEW Severity: Critical Priority: P5 - None Component: System AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- Created an attachment (id=400688) --> (http://bugzilla.novell.com/attachment.cgi?id=400688) Test case User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 ( .NET CLR 3.5.30729; .NET4.0E) When calling MethodInfo.MakeGenericMethod(...) on a MethodInfo that represents a generic method, arguments can be passed in that do not meet the generic constraints of that method. The subsequent MethodInfo.Invoke() will also not complain, and will execute the method. See the attached testcase. Commenting out the Console.WriteLine() allows the program to actually run to completion, indicating that a method with a constraint that T:Stream can actually execute and work (for some definition of work) when the type argument T is not Stream or a subclass. This may have security implications. Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
