Fixup a few dataprotection and antiforgery edge cases#66508
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Handles several edge cases across antiforgery and data protection, aligning behavior with framework expectations and tightening validation logic.
Changes:
- Antiforgery: always attempt claim UID extraction during validation and use constant-time claim UID comparison.
- Shared encoding: make
Read7BitEncodedIntthrowFormatExceptionon int32 overflow (including invalid 5th byte). - DataProtection: add fallback paths when span-based protect/unprotect is used with a non-span encryptor; normalize small stackalloc buffers to 256 bytes.
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| src/Shared/test/Shared.Tests/Encoding/Int7BitEncodingUtilsTests.cs | Adds regression test for 5th-byte overflow in 7-bit int decoding. |
| src/Shared/Encoding/Int7BitEncodingUtils.cs | Adds explicit overflow detection for invalid 5th byte in 7-bit int decoding. |
| src/DataProtection/benchmarks/Microsoft.AspNetCore.DataProtection.MicroBenchmarks/Benchmarks/SpanDataProtectorComparison.cs | Updates benchmark stackalloc size from 255 to 256. |
| src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/Managed/ManagedAuthenticatedEncryptorTests.cs | Updates test comment to reflect 256-byte initial stackalloc size. |
| src/DataProtection/DataProtection/test/Microsoft.AspNetCore.DataProtection.Tests/KeyManagement/KeyRingBasedDataProtectorTests.cs | Adds regression tests for span protector fallback when encryptor isn’t span-capable. |
| src/DataProtection/DataProtection/src/Managed/ManagedAuthenticatedEncryptor.cs | Uses stackalloc[256] for output sizes up to and including 256. |
| src/DataProtection/DataProtection/src/Managed/AesGcmAuthenticatedEncryptor.cs | Uses stackalloc[256] for output sizes up to and including 256. |
| src/DataProtection/DataProtection/src/KeyManagement/KeyRingBasedSpanDataProtector.cs | Adds fallback to byte[] path when span encryptor is unexpectedly unavailable. |
| src/DataProtection/DataProtection/src/Cng/CngGcmAuthenticatedEncryptor.cs | Uses stackalloc[256] for output sizes up to and including 256. |
| src/DataProtection/DataProtection/src/Cng/CbcAuthenticatedEncryptor.cs | Uses stackalloc[256] for output sizes up to and including 256. |
| src/Antiforgery/test/DefaultAntiforgeryTokenGeneratorTest.cs | Adds regression test for username token validation when user now has extractable claims; updates one existing test setup. |
| src/Antiforgery/src/Internal/DefaultAntiforgeryTokenGenerator.cs | Always extracts claim UID bytes for authenticated users and switches to constant-time UID comparison. |
Comment on lines
201
to
205
| return false; | ||
| } | ||
|
|
||
| return token.ClaimUid.GetData().SequenceEqual(claimUidBytes); | ||
| return CryptographicOperations.FixedTimeEquals(token.ClaimUid.GetData(), claimUidBytes); | ||
| } |
There was a problem hiding this comment.
AreIdenticalClaimUids can reach FixedTimeEquals(token.ClaimUid.GetData(), claimUidBytes) even when claimUidBytesExtracted is false. Since claimUidBytes is stackalloc'd and not initialized when extraction fails, this risks nondeterministic behavior (and, in theory, a false positive). Consider returning false immediately when token.ClaimUid is non-null but claimUidBytesExtracted is false, before the length check / compare.
DeagleGross
approved these changes
Apr 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
With the recent dataprotection issue, I had AI look at the dataprotection code a bit more closely and found a few edge cases we can handle better.
DefaultAntiforgeryTokenGeneratorshould be checking theClaimUidBytesregardless of whether the original token has any, this lets us validate that if a different user connects with a previous token (or the same user but they have new claims and so token doesn't match)DefaultAntiforgeryTokenGeneratorwas usingSequenceEqualwhen it should be using a constant-time comparisonRead7BitEncodedIntdidn't handle int32 overflow (it just returned 0).FormatterBinaryReader.Read7BitEncodedIntthrowsFormatExceptionin this case, so updated to have the same behaviorstackalloc byte[255]which bothered me a bit,256is the normal value we use 😆