Re: XslTransform "Invalid Xml" Security Problem

From: Matthias Truxa (prefix-usmail4matt_at_gmx.net)
Date: 07/18/05 

Date: Mon, 18 Jul 2005 14:07:36 +0200

Sorry for my late answer, I didn't expect one to my question either *]. So
thanx for yours.

You may be right. I've got another assembly doing nearly the same without
problems.
I could not figure out the differences between the two. But I disassembled
the routine where the error occurs
(System.Security.Policy.PolicyLevel.CheckCache(int count, char[]
serializedEvidence, out bool xmlError)).
There should be such any Security Exception instead of an Argument
Exception, so I thought of kind of a bug.
Btw, how do I check whether my assembly/web application has the "Allow
Evidence Control" permission?

Here's the code (see "<<<" for error position):

private PolicyStatement CheckCache(int count, char[] serializedEvidence, out
bool xmlError)
{
      char[] chArray1;
      PolicyStatement statement2;
      PolicyStatement statement1 = null;
      xmlError = false;
      if (!Config.GetCacheEntry(this.m_configId, count, serializedEvidence,
out chArray1))
      {
            return null;
      }
      statement1 = new PolicyStatement();
      Parser parser1 = null;
      try
      {
            parser1 = new Parser(chArray1);
            statement1.FromXml(parser1.GetTopElement()); // <<<
ArgumentException "Invalid Xml"
            statement2 = statement1;
      }
      catch (XmlSyntaxException)
      {
            xmlError = true;
            statement2 = null;
      }
      return statement2;
}

Thanx for your advice,
Matt

"Joseph Bittman MCAD" <RyanBittman@msn.com> schrieb im Newsbeitrag
news:%23qftCt9hFHA.1948@TK2MSFTNGP12.phx.gbl...
> July 13, 2005
>
> I'm not quite sure, but which line is causing the crash? I have a feeling
> it is the htmlTransformator.load method. You might check and make sure
> that your assembly/web application has the "Allow Evidence Control" under
> the SecurityPermission. I do believe it is caused by this because of the
> stack walk. Please check this out and let me know..... Thanks and have a
> great day! :-)
>
> --
> Joseph Bittman
> Microsoft Certified Application Developer
>
> Web Site: http://71.39.42.23
> Static IP
>
>
>
>
> "Matthias Truxa" <prefix-usmail4matt@gmx.net> wrote in message
> news:OpUehbKhFHA.3124@TK2MSFTNGP12.phx.gbl...
>> Hello,
>>
>> I've got a serious Problem from out of nowhere that I'm not able to
>> solve. Can someone please help me here?
>>
>> I'm trying to instantiate a Xslt document build in as a resource using:
>>
>> htmlTransformator = new XslTransform();
>> using (Stream mrs =
>> typeof(MyType).Assembly.GetManifestResourceStream("MyNSp.my.xslt"))
>> {
>> XmlTextReader r = new XmlTextReader(mrs);
>> htmlTransformator.Load (r, null, typeof(MyType).Assembly.Evidence); //
>> <<< "Invalid Xml"
>> r.Close();
>> }
>>
>> The document is valid, well-formatted and is not the source of error
>> since I tried to pass a nearly empty one and it didn't work out neither.
>> All the procedure has run for a long time. The error occurred as I wanted
>> to change the Xsl (I already undid this for test).
>> You may not reproduce this error since it seems to be only not working on
>> my local machine.
>> I've found a similar thing at
>> http://www.dotnet247.com/247reference/msgs/48/241599.aspx.
>> All things as restarting computer and webserver, clearing the caches,
>> resetting security policies didn't solve the prob.
>>
>> So I think its a local security problem, based on the stack trace I get:
>> [ArgumentException: Ungültiger Xml.]
>> System.Security.Policy.PolicyStatement.FromXml(SecurityElement et,
>> PolicyLevel level) +570
>> System.Security.Policy.PolicyLevel.CheckCache(Int32 count, Char[]
>> serializedEvidence, Boolean& xmlError) +164
>> System.Security.Policy.PolicyLevel.Resolve(Evidence evidence, Int32
>> count, Char[] serializedEvidence) +54
>> System.Security.PolicyManager.Resolve(Evidence evidence, PermissionSet
>> request) +147
>> System.Security.SecurityManager.ResolvePolicy(Evidence evidence) +133
>> System.Xml.Xsl.Compiler.Compile(NavigatorInput input, XmlResolver
>> xmlResolver, Evidence evidence) +372
>> System.Xml.Xsl.XslTransform.Compile(XPathNavigator style***,
>> XmlResolver resolver, Evidence evidence) +215
>> System.Xml.Xsl.XslTransform.Load(XPathNavigator style***, XmlResolver
>> resolver, Evidence evidence) +124
>> System.Xml.Xsl.XslTransform.Load(XmlReader style***, XmlResolver
>> resolver, Evidence evidence) +74
>>
>> Does someone have had this problem and solved it?
>>
>> Thanx for any assistence.
>> Matt
>>
>>
>
>

Quantcast