internal static SafeStringResource ReadSafeStringResource(Type t) { // Module.FullyQualifiedName was changed to check for FileIOPermission regardless of the name being an existing file or not. // we need to Assert in order to succeed the Demand() (ASURT 121603) (InternalSecurityPermissions.PathDiscovery(HttpRuntime.CodegenDirInternal)).Assert(); string dllPath = t.Module.FullyQualifiedName; IntPtr hModule = UnsafeNativeMethods.GetModuleHandle(dllPath); if (hModule == (IntPtr)0) { throw new HttpException(HttpRuntime.FormatResourceString(SR.Resource_problem, "GetModuleHandle", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString())); } IntPtr hrsrc = UnsafeNativeMethods.FindResource(hModule, (IntPtr)RESOURCE_ID, (IntPtr)RESOURCE_TYPE); if (hrsrc == (IntPtr)0) { throw new HttpException(HttpRuntime.FormatResourceString(SR.Resource_problem, "FindResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString())); } int resSize = UnsafeNativeMethods.SizeofResource(hModule, hrsrc); IntPtr hglob = UnsafeNativeMethods.LoadResource(hModule, hrsrc); if (hglob == (IntPtr)0) { throw new HttpException(HttpRuntime.FormatResourceString(SR.Resource_problem, "LoadResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString())); } IntPtr pv = UnsafeNativeMethods.LockResource(hglob); if (pv == (IntPtr)0) { throw new HttpException(HttpRuntime.FormatResourceString(SR.Resource_problem, "LockResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString())); } // Make sure the end of the resource lies within the module. this can be an issue // if the resource has been hacked with an invalid length (ASURT 145040) if (!UnsafeNativeMethods.IsValidResource(hModule, pv, resSize)) { throw new InvalidOperationException(); } return(new SafeStringResource(pv, resSize)); }
internal static SafeStringResource ReadSafeStringResource(Type t) { if (HttpRuntime.CodegenDirInternal != null) { InternalSecurityPermissions.PathDiscovery(HttpRuntime.CodegenDirInternal).Assert(); } IntPtr moduleHandle = UnsafeNativeMethods.GetModuleHandle(t.Module.FullyQualifiedName); if (moduleHandle == IntPtr.Zero) { moduleHandle = Marshal.GetHINSTANCE(t.Module); if (moduleHandle == IntPtr.Zero) { throw new HttpException(System.Web.SR.GetString("Resource_problem", new object[] { "GetModuleHandle", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture) })); } } IntPtr hResInfo = UnsafeNativeMethods.FindResource(moduleHandle, (IntPtr)0x65, (IntPtr)0xebb); if (hResInfo == IntPtr.Zero) { throw new HttpException(System.Web.SR.GetString("Resource_problem", new object[] { "FindResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture) })); } int size = UnsafeNativeMethods.SizeofResource(moduleHandle, hResInfo); IntPtr hResData = UnsafeNativeMethods.LoadResource(moduleHandle, hResInfo); if (hResData == IntPtr.Zero) { throw new HttpException(System.Web.SR.GetString("Resource_problem", new object[] { "LoadResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture) })); } IntPtr ip = UnsafeNativeMethods.LockResource(hResData); if (ip == IntPtr.Zero) { throw new HttpException(System.Web.SR.GetString("Resource_problem", new object[] { "LockResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture) })); } if (!UnsafeNativeMethods.IsValidResource(moduleHandle, ip, size)) { throw new InvalidOperationException(); } return(new SafeStringResource(ip, size)); }
public void Execute(string path, TextWriter writer, bool preserveForm) { if (this._context == null) { throw new HttpException(System.Web.SR.GetString("Server_not_available")); } if (path == null) { throw new ArgumentNullException("path"); } string queryStringOverride = null; HttpRequest request = this._context.Request; path = this._context.Response.RemoveAppPathModifier(path); int index = path.IndexOf('?'); if (index >= 0) { queryStringOverride = path.Substring(index + 1); path = path.Substring(0, index); } if (!UrlPath.IsValidVirtualPathWithoutProtocol(path)) { throw new ArgumentException(System.Web.SR.GetString("Invalid_path_for_child_request", new object[] { path })); } VirtualPath virtualPath = VirtualPath.Create(path); IHttpHandler handler = null; string filename = request.MapPath(virtualPath); VirtualPath path3 = request.FilePathObject.Combine(virtualPath); InternalSecurityPermissions.FileReadAccess(filename).Demand(); if (HttpRuntime.IsLegacyCas) { InternalSecurityPermissions.Unrestricted.Assert(); } try { if (StringUtil.StringEndsWith(virtualPath.VirtualPathString, '.')) { throw new HttpException(0x194, string.Empty); } bool useAppConfig = !path3.IsWithinAppRoot; using (new DisposableHttpContextWrapper(this._context)) { try { this._context.ServerExecuteDepth++; if (this._context.WorkerRequest is IIS7WorkerRequest) { handler = this._context.ApplicationInstance.MapIntegratedHttpHandler(this._context, request.RequestType, path3, filename, useAppConfig, true); } else { handler = this._context.ApplicationInstance.MapHttpHandler(this._context, request.RequestType, path3, filename, useAppConfig); } } finally { this._context.ServerExecuteDepth--; } } } catch (Exception exception) { if (exception is HttpException) { int httpCode = ((HttpException)exception).GetHttpCode(); if ((httpCode != 500) && (httpCode != 0x194)) { exception = null; } } throw new HttpException(System.Web.SR.GetString("Error_executing_child_request_for_path", new object[] { path }), exception); } this.ExecuteInternal(handler, writer, preserveForm, true, virtualPath, path3, filename, null, queryStringOverride); }
internal static SafeStringResource ReadSafeStringResource(Type t) { // At designtime CodeGenDir is null. if (HttpRuntime.CodegenDirInternal != null) { // Module.FullyQualifiedName was changed to check for FileIOPermission regardless of the name being an existing file or not. // we need to Assert in order to succeed the Demand() (ASURT 121603) (InternalSecurityPermissions.PathDiscovery(HttpRuntime.CodegenDirInternal)).Assert(); } string dllPath = t.Module.FullyQualifiedName; IntPtr hModule = UnsafeNativeMethods.GetModuleHandle(dllPath); if (hModule == IntPtr.Zero) { // GetModuleHandle could fail if the assembly was renamed to .delete. So we fall back to // calling Marshal.GetHINSTANCE, which is more reliable. Ideally, we should always do this // directly, but to limit the risk, we only do it as a fall back (VSWhidbey 394621) hModule = Marshal.GetHINSTANCE(t.Module); if (hModule == IntPtr.Zero) { throw new HttpException(SR.GetString(SR.Resource_problem, "GetModuleHandle", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture))); } } IntPtr hrsrc = UnsafeNativeMethods.FindResource(hModule, (IntPtr)RESOURCE_ID, (IntPtr)RESOURCE_TYPE); if (hrsrc == IntPtr.Zero) { throw new HttpException(SR.GetString(SR.Resource_problem, "FindResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture))); } int resSize = UnsafeNativeMethods.SizeofResource(hModule, hrsrc); IntPtr hglob = UnsafeNativeMethods.LoadResource(hModule, hrsrc); if (hglob == IntPtr.Zero) { throw new HttpException(SR.GetString(SR.Resource_problem, "LoadResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture))); } IntPtr pv = UnsafeNativeMethods.LockResource(hglob); if (pv == IntPtr.Zero) { throw new HttpException(SR.GetString(SR.Resource_problem, "LockResource", HttpException.HResultFromLastError(Marshal.GetLastWin32Error()).ToString(CultureInfo.InvariantCulture))); } // Make sure the end of the resource lies within the module. this can be an issue // if the resource has been hacked with an invalid length (ASURT 145040) if (!UnsafeNativeMethods.IsValidResource(hModule, pv, resSize)) { throw new InvalidOperationException(); } return(new SafeStringResource(pv, resSize)); }