Fix missing .NET Core argument validation for PrivateFontCollection.AddFontFile #21707
Conversation
Nope :) |
@hughbe I believe all use of System.Security.Permissions.* (and using statements) can be removed from Drawing. (Almost) all of our implmentations of those types are stubs. |
I asked before but it may have gone unnoticed. Does that apply even for Mono? I've updated this PR after Stephen commented to get rid of the security stuff |
Maybe I'm misinterpreting this, but I don't think the .NET Framework version does this normalization. Could you clear that up? It looks like an okay change, but TBH I'd rather just keep 100% behavior compat with .NET Framework until we have excellent test coverage. |
Before this cleanup, it used IntSecurity.DemandReadFileIO. This was unnecessary in netcoreapp as Stephen mentioned so I could just shorten it to Path.GetFullPath |
I get that it used |
The code in netfx is: public void AddFontFile (string filename) {
IntSecurity.DemandReadFileIO(filename);
int status = SafeNativeMethods.Gdip.GdipPrivateAddFontFile(new HandleRef(this, nativeFontCollection), filename);
if (status != SafeNativeMethods.Gdip.Ok)
throw SafeNativeMethods.Gdip.StatusException(status);
// Register private font with GDI as well so pure GDI-based controls (TextBox, Button for instance) can access it.
SafeNativeMethods.AddFontFile( filename );
} We got rid of the However, this method has side effects that weren't evident at the time of porting due to no tests. Namely, that it called internal static void DemandReadFileIO(string fileName) {
string full = fileName;
full = UnsafeGetFullPath(fileName);
new FileIOPermission(FileIOPermissionAccess.Read, full).Demand();
}
[ResourceExposure(ResourceScope.Machine)]
[ResourceConsumption(ResourceScope.Machine)]
internal static string UnsafeGetFullPath(string fileName) {
string full = fileName;
FileIOPermission fiop = new FileIOPermission(PermissionState.None);
fiop.AllFiles = FileIOPermissionAccess.PathDiscovery;
fiop.Assert();
try {
full = Path.GetFullPath(fileName);
} finally {
CodeAccessPermission.RevertAssert();
}
return full;
} So we'd get to the call
The value passed to |
I'm trying to point out that this change does affect the call to filename = Path.GetFullPath(filename);
int status = SafeNativeMethods.Gdip.GdipPrivateAddFontFile(new HandleRef(this, _nativeFontCollection), filename); |
Ohhhhh dammit! Sorry I wasn't really getting that. It shouldn't actually matter as GdipPrivateAddFontFile handles relative file paths anyways (and we have a test for that already) But I removed the assignment :) |
LGTM. Thanks, @hughbe |
Fix missing .NET Core argument validation for PrivateFontCollection.AddFontFile Commit migrated from dotnet/corefx@5fd039d
This is a cleaned up copy of the netfx source code.
However, is the whole
IntSecurity.DemandReadFileIO(filename)
stuff necessaryOr maybe I could just replace that with
filename = Path.GetFullPath(filename)
and deleteIntSecurity.cs
Fixes #21558