Developing a new library for accessing to the Microsoft Azure Service Bus (event hubs, queues, topics / subscriptions) based on AMQP (and AMQP .Net Lite library) I came across a bug in the code of the regular expression in the .Net Micro Framework.
The bug occurred by chance, when I had a "connection string" in which there was the "SharedAccessSignature" field that has a value when we use the AMQP connection with CBS (Claim Based Security); for example when we publish to a "publisher" endpoint in the event hubs with a SAS-based security token.
In this case, the above field has a quite long value. Following the "connection string" I came across :
To extract all the fields from the connection string, I wrote the following code :
1: Regex regex = new Regex("([^=;]+)=([^;]+)");
3: IDictionary connectionStringParams = new Hashtable();
5: MatchCollection matches = regex.Matches(connectionString);
6: foreach (Match match in matches)
8: connectionStringParamsmatch.Groups.Value = match.Groups.Value;
On second iteration extracting the "SharedAccessSignature" field I came across an OutOfRangeException ... due to what ?
The screenshot shows that the field "Length" of the match has a negative value of -80. Why ?
Well, the value of the "SharedAccessSignature" field (the SAS token) has a length equal to 208 and doing a simple subtraction 128-208 is exactly equal to -80.
Probably in the .Net Micro Framework, a variable of the type "signed byte" is used to hold such a value that causes an obvious overflow; the maximum length of a value in a match was probably set at 128.
I suggest you avoid matching with values longer than 128 characters waiting the team to fix the bug
View this page in another language: