Skip to content

Commit 47b6a5d

Browse files
committed
fix: Enhance security and error handling in JSON converters for Assembly, IntPtr, and UIntPtr
1 parent 23d4842 commit 47b6a5d

3 files changed

Lines changed: 44 additions & 22 deletions

File tree

ReflectorNet/src/Converter/Json/AssemblyJsonConverter.cs

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -30,20 +30,16 @@ public class AssemblyJsonConverter : JsonConverter<Assembly>
3030
if (string.IsNullOrWhiteSpace(assemblyName))
3131
return null;
3232

33+
// Security: Only resolve assemblies already loaded in the AppDomain.
34+
// We intentionally do NOT call Assembly.Load() to prevent loading
35+
// arbitrary assemblies from untrusted JSON input.
3336
var assembly = AppDomain.CurrentDomain.GetAssemblies()
3437
.FirstOrDefault(a => a.FullName == assemblyName || a.GetName().Name == assemblyName);
3538

36-
if (assembly != null)
37-
return assembly;
39+
if (assembly is null)
40+
throw new JsonException($"Assembly '{assemblyName}' is not loaded. For security reasons, only already-loaded assemblies can be resolved.");
3841

39-
try
40-
{
41-
return Assembly.Load(assemblyName);
42-
}
43-
catch
44-
{
45-
throw new JsonException($"Unable to find or load assembly: {assemblyName}");
46-
}
42+
return assembly;
4743
}
4844

4945
public override void Write(Utf8JsonWriter writer, Assembly? value, JsonSerializerOptions options)

ReflectorNet/src/Converter/Json/IntPtrJsonConverter.cs

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -32,19 +32,32 @@ public override bool CanConvert(Type typeToConvert)
3232
return IntPtr.Zero;
3333
}
3434

35+
long value;
3536
if (reader.TokenType == JsonTokenType.Number)
3637
{
37-
return new IntPtr(reader.GetInt64());
38+
value = reader.GetInt64();
3839
}
39-
40-
if (reader.TokenType == JsonTokenType.String)
40+
else if (reader.TokenType == JsonTokenType.String)
4141
{
4242
var stringValue = reader.GetString();
43-
if (long.TryParse(stringValue, out var result))
44-
return new IntPtr(result);
43+
if (!long.TryParse(stringValue, out value))
44+
throw new JsonException($"Unable to parse '{stringValue}' as IntPtr.");
45+
}
46+
else
47+
{
48+
throw new JsonException($"Expected number or string token for IntPtr, but got {reader.TokenType}");
49+
}
50+
51+
// Validate value fits in platform's IntPtr size to avoid overflow
52+
if (IntPtr.Size == 4)
53+
{
54+
if (value < int.MinValue || value > int.MaxValue)
55+
throw new JsonException($"Value {value} is outside the range of IntPtr on this 32-bit platform.");
56+
57+
return new IntPtr((int)value);
4558
}
4659

47-
throw new JsonException($"Expected number or string token for IntPtr, but got {reader.TokenType}");
60+
return new IntPtr(value);
4861
}
4962

5063
public override void Write(Utf8JsonWriter writer, object? value, JsonSerializerOptions options)

ReflectorNet/src/Converter/Json/UIntPtrJsonConverter.cs

Lines changed: 19 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -33,19 +33,32 @@ public override bool CanConvert(Type typeToConvert)
3333
return UIntPtr.Zero;
3434
}
3535

36+
ulong value;
3637
if (reader.TokenType == JsonTokenType.Number)
3738
{
38-
return new UIntPtr(reader.GetUInt64());
39+
value = reader.GetUInt64();
3940
}
40-
41-
if (reader.TokenType == JsonTokenType.String)
41+
else if (reader.TokenType == JsonTokenType.String)
4242
{
4343
var stringValue = reader.GetString();
44-
if (ulong.TryParse(stringValue, out var result))
45-
return new UIntPtr(result);
44+
if (!ulong.TryParse(stringValue, out value))
45+
throw new JsonException($"Unable to parse '{stringValue}' as UIntPtr.");
46+
}
47+
else
48+
{
49+
throw new JsonException($"Expected number or string token for UIntPtr, but got {reader.TokenType}");
50+
}
51+
52+
// Validate value fits in platform's UIntPtr size to avoid overflow
53+
if (UIntPtr.Size == 4)
54+
{
55+
if (value > uint.MaxValue)
56+
throw new JsonException($"Value {value} is outside the range of UIntPtr on this 32-bit platform.");
57+
58+
return new UIntPtr((uint)value);
4659
}
4760

48-
throw new JsonException($"Expected number or string token for UIntPtr, but got {reader.TokenType}");
61+
return new UIntPtr(value);
4962
}
5063

5164
public override void Write(Utf8JsonWriter writer, object value, JsonSerializerOptions options)

0 commit comments

Comments
 (0)