2009-10-26 Sebastien Pouliot <sebastien@ximian.com>

	* Assembly.cs: Share code between GetSatelliteAssembly and
	GetSatelliteAssemblyNoThrow. For Moonlight ensure both
	GetManifestResourceStream and GetSatelliteAssembly don't load
	anything "below" the assembly path.

svn path=/trunk/mcs/; revision=144845

diff --git a/mcs/class/corlib/System.Reflection/Assembly.cs b/mcs/class/corlib/System.Reflection/Assembly.cs
index 21cf36e0c98ec31c3cf03c1306a2cccb7815770d..db6e7de473f9a2bc78d2961f06347120f0296a7e 100644 (file)
--- a/mcs/class/corlib/System.Reflection/Assembly.cs
+++ b/mcs/class/corlib/System.Reflection/Assembly.cs
@@ -287,8 +287,14 @@ namespace System.Reflection {
                                if (fromByteArray)
                                        throw new FileNotFoundException (info.FileName);
 
-                               string filename = Path.Combine (Path.GetDirectoryName (Location),
-                                                                                       info.FileName);
+                               string location = Path.GetDirectoryName (Location);
+                               string filename = Path.Combine (location, info.FileName);
+#if NET_2_1 && !MONOTOUCH
+                               // we don't control the content of 'info.FileName' so we want to make sure we keep to ourselves
+                               filename = Path.GetFullPath (filename);
+                               if (!filename.StartsWith (location))
+                                       throw new SecurityException ("non-rooted access to manifest resource");
+#endif
                                return new FileStream (filename, FileMode.Open, FileAccess.Read);
                        }
 
@@ -422,30 +428,20 @@ namespace System.Reflection {
 
                public Assembly GetSatelliteAssembly (CultureInfo culture)
                {
-                       return GetSatelliteAssembly (culture, null);
+                       return GetSatelliteAssembly (culture, null, true);
                }
 
                public Assembly GetSatelliteAssembly (CultureInfo culture, Version version)
                {
-                       if (culture == null)
-                               throw new ArgumentException ("culture");
-
-                       AssemblyName aname = GetName (true);
-                       if (version != null)
-                               aname.Version = version;
-
-                       aname.CultureInfo = culture;
-                       aname.Name = aname.Name + ".resources";
-                       Assembly assembly = AppDomain.CurrentDomain.LoadSatellite (aname);
-                       if (assembly != null)
-                               return assembly;
-
-                       // Try the assembly directory
-                       string fullName = Path.Combine (Path.GetDirectoryName (Location), Path.Combine (culture.Name, aname.Name + ".dll"));
-                       return LoadFrom (fullName);
+                       return GetSatelliteAssembly (culture, version, true);
                }
 
                internal Assembly GetSatelliteAssemblyNoThrow (CultureInfo culture, Version version)
+               {
+                       return GetSatelliteAssembly (culture, version, false);
+               }
+
+               private Assembly GetSatelliteAssembly (CultureInfo culture, Version version, bool throwOnError)
                {
                        if (culture == null)
                                throw new ArgumentException ("culture");
@@ -461,9 +457,20 @@ namespace System.Reflection {
                                return assembly;
 
                        // Try the assembly directory
-                       string fullName = Path.Combine (Path.GetDirectoryName (Location), Path.Combine (culture.Name, aname.Name + ".dll"));
-                       if (!File.Exists (fullName))
+                       string location = Path.GetDirectoryName (Location);
+                       string fullName = Path.Combine (location, Path.Combine (culture.Name, aname.Name + ".dll"));
+#if NET_2_1 && !MONOTOUCH
+                       // it's unlikely that culture.Name or aname.Name could contain stuff like ".." but...
+                       fullName = Path.GetFullPath (fullName);
+                       if (!fullName.StartsWith (location)) {
+                               if (throwOnError)
+                                       throw new SecurityException ("non-rooted access to satellite assembly");
                                return null;
+                       }
+#endif
+                       if (!throwOnError && !File.Exists (fullName))
+                               return null;
+
                        return LoadFrom (fullName);
                }
                

diff --git a/mcs/class/corlib/System.Reflection/ChangeLog b/mcs/class/corlib/System.Reflection/ChangeLog
index 544bea884da91fdd5d9d01172cb5a8bb56c40948..ceb71a0bca6df06835abf4a05e069c919ac67fa7 100644 (file)
--- a/mcs/class/corlib/System.Reflection/ChangeLog
+++ b/mcs/class/corlib/System.Reflection/ChangeLog
@@ -1,3 +1,10 @@
+2009-10-26  Sebastien Pouliot  <sebastien@ximian.com>
+
+       * Assembly.cs: Share code between GetSatelliteAssembly and 
+       GetSatelliteAssemblyNoThrow. For Moonlight ensure both 
+       GetManifestResourceStream and GetSatelliteAssembly don't load
+       anything "below" the assembly path.
+
 2009-10-20  Sebastien Pouliot  <sebastien@ximian.com>
 
        * MonoProperty.cs: Reduce code duplication and the number of direct