Skip to content

Commit

Permalink
back port fix for CVE-2022-23535
Browse files Browse the repository at this point in the history
  • Loading branch information
Clement Fauchere committed Apr 3, 2024
1 parent 46a8387 commit 2682e74
Show file tree
Hide file tree
Showing 3 changed files with 40 additions and 10 deletions.
14 changes: 7 additions & 7 deletions LiteDB/LiteDB.csproj
Original file line number Diff line number Diff line change
@@ -1,18 +1,18 @@
<Project Sdk="Microsoft.NET.Sdk">
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup Condition=" '$(OS)' != 'Windows_NT' ">
<TargetFrameworks>netstandard1.3;netstandard2.0</TargetFrameworks>
<TargetFrameworks>netstandard2.0</TargetFrameworks>
</PropertyGroup>
<PropertyGroup Condition=" '$(OS)' == 'Windows_NT' ">
<TargetFrameworks>net35;net40;netstandard1.3;netstandard2.0</TargetFrameworks>
<TargetFrameworks>net35;net40;netstandard2.0</TargetFrameworks>
</PropertyGroup>

<PropertyGroup>
<PackageId>LiteDB</PackageId>
<Version>4.1.5</Version>
<AssemblyVersion>4.1.5.0</AssemblyVersion>
<FileVersion>4.1.5</FileVersion>
<VersionPrefix>4.1.5</VersionPrefix>
<Version>4.1.6</Version>
<AssemblyVersion>4.1.6.0</AssemblyVersion>
<FileVersion>4.1.6</FileVersion>
<VersionPrefix>4.1.6</VersionPrefix>
<Authors>Maurício David</Authors>
<Product>LiteDB</Product>
<Description>LiteDB - A lightweight embedded .NET NoSQL document store in a single datafile</Description>
Expand Down
22 changes: 19 additions & 3 deletions LiteDB/Mapper/BsonMapper.Deserialize.cs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
using System;
using System;
using System.Linq;
using System.Collections;
using System.Collections.Generic;
Expand Down Expand Up @@ -156,9 +156,25 @@ internal object Deserialize(Type type, BsonValue value)
// test if value is object and has _type
if (doc.RawValue.TryGetValue("_type", out typeField))
{
type = Type.GetType(typeField.AsString);
var actualType = Type.GetType(typeField.AsString);

if (type == null) throw LiteException.InvalidTypedName(typeField.AsString);
if (actualType == null) throw LiteException.InvalidTypedName(typeField.AsString);

// avoid initialize class that are not assignable
if (!type.IsAssignableFrom(actualType))
{
throw LiteException.DataTypeNotAssignable(type.FullName, actualType.FullName);
}

// avoid use of "System.Diagnostics.Process" in object type definition
// using String test to work in .netstandard 1.3
if (actualType.FullName.Equals("System.Diagnostics.Process", StringComparison.OrdinalIgnoreCase) &&
actualType.Assembly.GetName().Name.Equals("System", StringComparison.OrdinalIgnoreCase))
{
throw LiteException.AvoidUseOfProcess();
}

type = actualType;
}
// when complex type has no definition (== typeof(object)) use Dictionary<string, object> to better set values
else if (type == typeof(object))
Expand Down
14 changes: 14 additions & 0 deletions LiteDB/Utils/LiteException.cs
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,8 @@ public class LiteException : Exception
public const int INVALID_TYPED_NAME = 207;
public const int NEED_RECOVER = 208;
public const int PROPERTY_READ_WRITE = 209;
public const int DATA_TYPE_NOT_ASSIGNABLE = 214;
public const int AVOID_USE_OF_PROCESS = 215;

#endregion

Expand Down Expand Up @@ -207,6 +209,18 @@ internal static LiteException SyntaxError(StringScanner s, string message = "Une
};
}

internal static LiteException DataTypeNotAssignable(string type1, string type2)
{
{
return new LiteException(DATA_TYPE_NOT_ASSIGNABLE, $"Data type {type1} is not assignable from data type {type2}"); return new LiteException(DATA_TYPE_NOT_ASSIGNABLE, $"Data type {type1} is not assignable from data type {type2}");
}
}

internal static LiteException AvoidUseOfProcess()
{
return new LiteException(AVOID_USE_OF_PROCESS, $"LiteDB do not accept System.Diagnostics.Process class in deserialize mapper");
}

#endregion
}
}

0 comments on commit 2682e74

Please sign in to comment.