Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

X509Certificate2.GetNameInfo(SimpleName) with non-ASCII data on Linux returns oddly encoded results. #59105

Closed
bartonjs opened this issue Sep 14, 2021 · 4 comments · Fixed by #59116
Closed

X509Certificate2.GetNameInfo(SimpleName) with non-ASCII data on Linux returns oddly encoded results. #59105

bartonjs opened this issue Sep 14, 2021 · 4 comments · Fixed by #59116
Assignees
@vcsjones
Labels
area-System.Security bug os-linux Linux OS (any supported distro)
Milestone
7.0.0

Comments

@bartonjs
Copy link
Member

Verified on Ubuntu 18.04 with .NET Core 3.1 and .NET master from a couple months ago.

  • Find a certificate whose subject name is in Russian/Cyrillic.
  • Instantiate X509Certificate2 with that cert
  • call cert.GetNameInfo(X509NameType.SimpleName, false).

Expect: Something Russian
Actual: A string escaped in with backslash-capital-Us.

e.g.

-----BEGIN CERTIFICATE-----
MIIFFTCCBMKgAwIBAgIRAOrKMs71+XnWjTxOTyzGh6QwCgYIKoUDBwEBAwIwggEk
MR4wHAYJKoZIhvcNAQkBFg9kaXRAbWluc3Z5YXoucnUxCzAJBgNVBAYTAlJVMRgw
FgYDVQQIDA83NyDQnNC+0YHQutCy0LAxGTAXBgNVBAcMENCzLiDQnNC+0YHQutCy
0LAxLjAsBgNVBAkMJdGD0LvQuNGG0LAg0KLQstC10YDRgdC60LDRjywg0LTQvtC8
IDcxLDAqBgNVBAoMI9Cc0LjQvdC60L7QvNGB0LLRj9C30Ywg0KDQvtGB0YHQuNC4
MRgwFgYFKoUDZAESDTEwNDc3MDIwMjY3MDExGjAYBggqhQMDgQMBARIMMDA3NzEw
NDc0Mzc1MSwwKgYDVQQDDCPQnNC40L3QutC+0LzRgdCy0Y/Qt9GMINCg0L7RgdGB
0LjQuDAeFw0yMTA3MDIxMjQxNDdaFw0zOTA3MDIxMjQxNDdaMIIBJDEeMBwGCSqG
SIb3DQEJARYPZGl0QG1pbnN2eWF6LnJ1MQswCQYDVQQGEwJSVTEYMBYGA1UECAwP
Nzcg0JzQvtGB0LrQstCwMRkwFwYDVQQHDBDQsy4g0JzQvtGB0LrQstCwMS4wLAYD
VQQJDCXRg9C70LjRhtCwINCi0LLQtdGA0YHQutCw0Y8sINC00L7QvCA3MSwwKgYD
VQQKDCPQnNC40L3QutC+0LzRgdCy0Y/Qt9GMINCg0L7RgdGB0LjQuDEYMBYGBSqF
A2QBEg0xMDQ3NzAyMDI2NzAxMRowGAYIKoUDA4EDAQESDDAwNzcxMDQ3NDM3NTEs
MCoGA1UEAwwj0JzQuNC90LrQvtC80YHQstGP0LfRjCDQoNC+0YHRgdC40LgwZjAf
BggqhQMHAQEBATATBgcqhQMCAiMBBggqhQMHAQECAgNDAARAznwizLAQgEZQecg2
Re7+vfP0h4I5BVHNCzC3UQsCNZdAxM2nn/pKJGaDI8hv4DM3FF3reU2jWDO7Sp66
fTrSZqOCAcIwggG+MIH1BgUqhQNkcASB6zCB6Aw00J/QkNCa0JwgwqvQmtGA0LjQ
v9GC0L7Qn9GA0L4gSFNNwrsg0LLQtdGA0YHQuNC4IDIuMAxD0J/QkNCaIMKr0JPQ
vtC70L7QstC90L7QuSDRg9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQ
vdGC0YDCuww10JfQsNC60LvRjtGH0LXQvdC40LUg4oSWIDE0OS8zLzIvMi8yMyDQ
vtGCIDAyLjAzLjIwMTgMNNCX0LDQutC70Y7Rh9C10L3QuNC1IOKEliAxNDkvNy82
LzEwNSDQvtGCIDI3LjA2LjIwMTgwPwYFKoUDZG8ENgw00J/QkNCa0JwgwqvQmtGA
0LjQv9GC0L7Qn9GA0L4gSFNNwrsg0LLQtdGA0YHQuNC4IDIuMDBDBgNVHSAEPDA6
MAgGBiqFA2RxATAIBgYqhQNkcQIwCAYGKoUDZHEDMAgGBiqFA2RxBDAIBgYqhQNk
cQUwBgYEVR0gADAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUGXePu4Lmb8hfk/AVHZMiodatDCYwCgYIKoUDBwEBAwIDQQCFR821LAew
8tY3/fYGGXQNN5g6E74pjdurOqOoZbS+0WjiGsLPVzcrAts2l7BRGowjZ3MVAmHJ
L/NjPYAClFu0
-----END CERTIFICATE-----

(https://iitrust.ru/downloads/ca/guc2021.crt)

The subject CN is Минкомсвязь России, encoded as 0C 23 D0 9C D0 B8 D0 BD D0 BA D0 BE D0 BC D1 81 D0 B2 D1 8F D0 B7 D1 8C 20 D0 A0 D0 BE D1 81 D1 81 D0 B8 D0 B8

GetNameInfo is returning \U041C\U0438\U043D\U043A\U043E\U043C\U0441\U0432\U044F\U0437\U044C \U0420\U043E\U0441\U0441\U0438\U0438, and passing that to Encoding.UTF8.GetBytes says it's not a console problem:

5C 55 30 34 31 43 5C 55 30 34 33 38 5C 55 30 34 33 44 5C 55 30 34 33 41 5C 55 30 34 33 45 5C 55 30 34 33 43 5C 55 30 34 34 31 5C 55 30 34 33 32 5C 55 30 34 34 46 5C 55 30 34 33 37 5C 55 30 34 34 43 20 5C 55 30 34 32 30 5C 55 30 34 33 45 5C 55 30 34 34 31 5C 55 30 34 34 31 5C 55 30 34 33 38 5C 55 30 34 33 38
@dotnet-issue-labeler dotnet-issue-labeler bot added area-System.Security untriaged New issue has not been triaged by the area owner labels Sep 14, 2021
@ghost
Copy link

ghost commented Sep 14, 2021

Tagging subscribers to this area: @bartonjs, @vcsjones, @krwq, @GrabYourPitchforks
See info in area-owners.md if you want to be subscribed.

Issue Details

Verified on Ubuntu 18.04 with .NET Core 3.1 and .NET master from a couple months ago.

  • Find a certificate whose subject name is in Russian/Cyrillic.
  • Instantiate X509Certificate2 with that cert
  • call cert.GetNameInfo(X509NameType.SimpleName, false).

Expect: Something Russian
Actual: A string escaped in with backslash-capital-Us.

e.g.

-----BEGIN CERTIFICATE-----
MIIFFTCCBMKgAwIBAgIRAOrKMs71+XnWjTxOTyzGh6QwCgYIKoUDBwEBAwIwggEk
MR4wHAYJKoZIhvcNAQkBFg9kaXRAbWluc3Z5YXoucnUxCzAJBgNVBAYTAlJVMRgw
FgYDVQQIDA83NyDQnNC+0YHQutCy0LAxGTAXBgNVBAcMENCzLiDQnNC+0YHQutCy
0LAxLjAsBgNVBAkMJdGD0LvQuNGG0LAg0KLQstC10YDRgdC60LDRjywg0LTQvtC8
IDcxLDAqBgNVBAoMI9Cc0LjQvdC60L7QvNGB0LLRj9C30Ywg0KDQvtGB0YHQuNC4
MRgwFgYFKoUDZAESDTEwNDc3MDIwMjY3MDExGjAYBggqhQMDgQMBARIMMDA3NzEw
NDc0Mzc1MSwwKgYDVQQDDCPQnNC40L3QutC+0LzRgdCy0Y/Qt9GMINCg0L7RgdGB
0LjQuDAeFw0yMTA3MDIxMjQxNDdaFw0zOTA3MDIxMjQxNDdaMIIBJDEeMBwGCSqG
SIb3DQEJARYPZGl0QG1pbnN2eWF6LnJ1MQswCQYDVQQGEwJSVTEYMBYGA1UECAwP
Nzcg0JzQvtGB0LrQstCwMRkwFwYDVQQHDBDQsy4g0JzQvtGB0LrQstCwMS4wLAYD
VQQJDCXRg9C70LjRhtCwINCi0LLQtdGA0YHQutCw0Y8sINC00L7QvCA3MSwwKgYD
VQQKDCPQnNC40L3QutC+0LzRgdCy0Y/Qt9GMINCg0L7RgdGB0LjQuDEYMBYGBSqF
A2QBEg0xMDQ3NzAyMDI2NzAxMRowGAYIKoUDA4EDAQESDDAwNzcxMDQ3NDM3NTEs
MCoGA1UEAwwj0JzQuNC90LrQvtC80YHQstGP0LfRjCDQoNC+0YHRgdC40LgwZjAf
BggqhQMHAQEBATATBgcqhQMCAiMBBggqhQMHAQECAgNDAARAznwizLAQgEZQecg2
Re7+vfP0h4I5BVHNCzC3UQsCNZdAxM2nn/pKJGaDI8hv4DM3FF3reU2jWDO7Sp66
fTrSZqOCAcIwggG+MIH1BgUqhQNkcASB6zCB6Aw00J/QkNCa0JwgwqvQmtGA0LjQ
v9GC0L7Qn9GA0L4gSFNNwrsg0LLQtdGA0YHQuNC4IDIuMAxD0J/QkNCaIMKr0JPQ
vtC70L7QstC90L7QuSDRg9C00L7RgdGC0L7QstC10YDRj9GO0YnQuNC5INGG0LXQ
vdGC0YDCuww10JfQsNC60LvRjtGH0LXQvdC40LUg4oSWIDE0OS8zLzIvMi8yMyDQ
vtGCIDAyLjAzLjIwMTgMNNCX0LDQutC70Y7Rh9C10L3QuNC1IOKEliAxNDkvNy82
LzEwNSDQvtGCIDI3LjA2LjIwMTgwPwYFKoUDZG8ENgw00J/QkNCa0JwgwqvQmtGA
0LjQv9GC0L7Qn9GA0L4gSFNNwrsg0LLQtdGA0YHQuNC4IDIuMDBDBgNVHSAEPDA6
MAgGBiqFA2RxATAIBgYqhQNkcQIwCAYGKoUDZHEDMAgGBiqFA2RxBDAIBgYqhQNk
cQUwBgYEVR0gADAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV
HQ4EFgQUGXePu4Lmb8hfk/AVHZMiodatDCYwCgYIKoUDBwEBAwIDQQCFR821LAew
8tY3/fYGGXQNN5g6E74pjdurOqOoZbS+0WjiGsLPVzcrAts2l7BRGowjZ3MVAmHJ
L/NjPYAClFu0
-----END CERTIFICATE-----

(https://iitrust.ru/downloads/ca/guc2021.crt)

The subject CN is Минкомсвязь России, encoded as 0C 23 D0 9C D0 B8 D0 BD D0 BA D0 BE D0 BC D1 81 D0 B2 D1 8F D0 B7 D1 8C 20 D0 A0 D0 BE D1 81 D1 81 D0 B8 D0 B8

GetNameInfo is returning \U041C\U0438\U043D\U043A\U043E\U043C\U0441\U0432\U044F\U0437\U044C \U0420\U043E\U0441\U0441\U0438\U0438, and passing that to Encoding.UTF8.GetBytes says it's not a console problem:

5C 55 30 34 31 43 5C 55 30 34 33 38 5C 55 30 34 33 44 5C 55 30 34 33 41 5C 55 30 34 33 45 5C 55 30 34 33 43 5C 55 30 34 34 31 5C 55 30 34 33 32 5C 55 30 34 34 46 5C 55 30 34 33 37 5C 55 30 34 34 43 20 5C 55 30 34 32 30 5C 55 30 34 33 45 5C 55 30 34 34 31 5C 55 30 34 34 31 5C 55 30 34 33 38 5C 55 30 34 33 38

Author: bartonjs
Assignees: -
Labels:

area-System.Security, untriaged
Milestone: -

@bartonjs bartonjs added os-linux Linux OS (any supported distro) and removed untriaged New issue has not been triaged by the area owner labels Sep 14, 2021
@bartonjs bartonjs added this to the 7.0.0 milestone Sep 14, 2021
@bartonjs bartonjs added the bug label Sep 14, 2021
@vcsjones
Copy link
Member

@bartonjs do you want me to look in to this or is this something you are currently investigating?

@vcsjones
Copy link
Member

Eh, I figured it out. PR coming soon.

@bartonjs
Copy link
Member Author

Wow. Nice work. Always impressed when "go to lunch" somehow means stuff's done 😄.

@vcsjones vcsjones self-assigned this Sep 14, 2021
@vcsjones vcsjones mentioned this issue Sep 14, 2021
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Sep 14, 2021
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Sep 15, 2021
@ghost ghost locked as resolved and limited conversation to collaborators Nov 3, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@vcsjones vcsjones

Labels
area-System.Security bug os-linux Linux OS (any supported distro)
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Require UTF8 encoding in GetX509NameInfo vcsjones/runtime
2 participants
@vcsjones @bartonjs