Developing a new library for accessing to the Microsoft Azure Service Bus (event hubs, queues, topics / subscriptions) based on AMQP (and AMQP .Net Lite library) I came across a bug in the code of the regular expression in the .Net Micro Framework.


The bug occurred by chance, when I had a "connection string" in which there was the "SharedAccessSignature" field that has a value when we use the AMQP connection with CBS (Claim Based Security); for example when we publish to a "publisher" endpoint in the event hubs with a SAS-based security token.


In this case, the above field has a quite long value. Following the "connection string" I came across :


To extract all the fields from the connection string, I wrote the following code :

   1: Regex regex = new Regex("([^=;]+)=([^;]+)");
   3: IDictionary connectionStringParams = new Hashtable();
   5: MatchCollection matches = regex.Matches(connectionString);
   6: foreach (Match match in matches)
   7: {
   8:     connectionStringParamsmatch.Groups[1].Value = match.Groups[2].Value;
   9: }

On second iteration extracting the "SharedAccessSignature" field I came across an OutOfRangeException ... due to what ?




The screenshot shows that the field "Length" of the match has a negative value of -80. Why ?


Well, the value of the "SharedAccessSignature" field (the SAS token) has a length equal to 208 and doing a simple subtraction 128-208 is exactly equal to -80.


Probably in the .Net Micro Framework, a variable of the type "signed byte" is used to hold such a value that causes an obvious overflow; the maximum length of a value in a match was probably set at 128.


I suggest you avoid matching with values longer than 128 characters waiting the team to fix the bug


Winking smile