堆栈内存溢出
  简体   繁体   English

损坏状态异常处理的可靠性

[英]Reliability of corrupted state exception handling

 原文  2012-01-23 14:48:34       c#/ .net/ reliability/ try-catch-finally

问题描述

I'm currently looking into reliability features and exception handling of C# / .NET 我目前正在研究C# / .NET的可靠性功能和异常处理

These are especially the HandleProcessCorruptedStateExceptions attribute and CER s with PrepareConstrainedRegions . 这些特别是HandleProcessCorruptedStateExceptions属性和带有PrepareConstrainedRegions CER

Now I was reading the reference source code of the SecureString class, as this is a place where it is highly security critical to keep data encrypted even in exceptional situations, and found places similar like this: 现在我正在阅读SecureString类的参考源代码,因为这是一个非常安全的地方,即使在特殊情况下也保持数据加密,并找到类似这样的地方: 

[HandleProcessCorruptedStateExceptions]
//...

    RuntimeHelpers.PrepareConstrainedRegions();
    try
    {
        Unprotect();
        // ...
    }
    catch(Exception)
    {
        Protect();
        throw;
    }
    finally
    {
        Protect();
        // ...
    }

What is the reason for the catch block? catch块的原因是什么? Isn't the finally block sufficient to re-protect data? finally块不足以重新保护数据吗?

Or could those corrupted state exceptions only affect catch and terminate the application afterwards? 或者那些损坏的状态异常是否只影响catch并在之后终止应用程序?

2 个解决方案

解决方案1
 1  2013-09-05 05:52:06

Code duplication in catch block is needed because of security breach in exception filtering feature (not provided by C#, but Visual Basic and others offer it). 由于异常过滤功能中的安全漏洞(不是由C#提供,但Visual Basic和其他人提供),因此需要在catch块中进行代码重复。 It allows malicious user to execute their code in your try-catch-finally block, after exception is caught and before finally block is executed. 它允许恶意用户在捕获异常之后和最终执行块之前在try-catch-finally块中执行其代码。

Threat looks like this: Visual Basic user of your library causes exception after Unprotect() (even OutOfMemoryException by running out of memory), CLR finds no catch block, then CLR executes user's exception filter code, this code steals Unprotect()-ed data, and only then CLR executes Protect() in finally block. 威胁看起来像这样:你的库的Visual Basic用户在Unprotect()之后导致异常(即使OutOfMemoryException因内存不足而发生),CLR找不到catch块,然后CLR执行用户的异常过滤器代码,此代码窃取Unprotect() - ed数据,然后只有CLR在finally块中执行Protect()。

So, put security cleanup code in both catch and finally blocks, usual cleanup stays in finally only. 因此,将安全清理代码放入catch和finally块中,通常的清理工作最终只能保留。

解决方案2
 0  2012-01-23 17:22:12

Finally blocks are almost always called, except in a few cases. Finally几乎总是调用块,除了少数情况。 See 看到

Does the C# "finally" block ALWAYS execute? C#“最终”阻止总是执行吗? for more. 更多。

So yes, the protect is always called in the Finally . 所以是的,保护总是在Finally调用。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 检测异常是否为损坏状态异常 - Detecting if an exception is a Corrupted State Exception 优雅地处理损坏的状态异常 - Gracefully handling corrupted state exceptions 优雅地处理 .NET Core 中损坏的状态异常 - Gracefully handling corrupted state exceptions in .NET Core 通过自定义异常处理传达其他程序状态信息 - Conveying additional program state info through custom exception handling 在C#中处理损坏的JPEG - Handling Corrupted JPEGs in C# 使用 Logstash 可靠性和可用性记录到 elasticsearch,处理丢失的日志? - Logging to elasticsearch using Logstash reliability and availability, handling missing logs? 异常处理 - Exception Handling 异常处理 - Exception Handling 异常处理中的异常处理 - Exception Handling within Exception Handling 动态添加控件后状态信息损坏 - State information corrupted after dynamically adding control
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM