Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

.NET 10 Preview 1 breaking changes batch #44625

Merged
merged 24 commits into from
Jan 31, 2025
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
issue 43885
  • Loading branch information
CamSoper committed Jan 30, 2025

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 65818cd08c093664f54da633d9392e5edfe896cf
3 changes: 2 additions & 1 deletion docs/core/compatibility/10.0.md
Original file line number Diff line number Diff line change
@@ -21,7 +21,8 @@ If you're migrating an app to .NET 10, the breaking changes listed here might af
|----------------------------------------------------------------------------------------------------------------------------|---------------------|--------------------|
| [API obsoletions with non-default diagnostic IDs](core-libraries/10.0/obsolete-apis.md) | Source incompatible | Preview 1 |
| [ActivitySource.CreateActivity and ActivitySource.StartActivity behavior change](core-libraries/10.0/activity-sampling.md) | Behavioral change | Preview 1 |
| [C# 14 overload resolution with span parameters](core-libraries/10.0/csharp-overload-resolution.md) | Behavioral change | Preview 1 |
| [C# 14 overload resolution with span parameters](core-libraries/10.0/csharp-overload-resolution.md) | Behavioral change | Preview 1 |
| [LDAP DirectoryControl parsing is now more stringent](core-libraries/10.0/ldap-directorycontrol-parsing.md) | Behavioral change | Preview 1 |

## Windows Forms

Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
---
title: "Breaking change: LDAP DirectoryControl parsing is now more stringent"
description: Learn about the .NET 10 breaking change in core .NET libraries where LDAP DirectoryControl parsing is now more stringent.
ms.date: 01/30/2025
---

# LDAP DirectoryControl parsing is now more stringent

Previously, .NET used <xref:System.DirectoryServices.Protocols.BerConverter?displayProperty=nameWithType> to parse the <xref:System.DirectoryServices.Protocols.DirectoryControl?displayProperty=nameWithType> objects it received over the network and to generate the <xref:System.DirectoryServices.Protocols.DirectoryControl?displayProperty=nameWithType> byte arrays it sent; <xref:System.DirectoryServices.Protocols.BerConverter?displayProperty=nameWithType> would use the OS-specific BER parsing functionality. This parsing functionality is now implemented in managed code.

## Previous behavior

As a result of using <xref:System.DirectoryServices.Protocols.BerConverter?displayProperty=nameWithType>, the parsing of <xref:System.DirectoryServices.Protocols.DirectoryControl?displayProperty=nameWithType> objects was fairly loose.

- The ASN.1 tags of each value weren't checked.
- Trailing data after the end of the parsed DirectoryControl was ignored, as was trailing data within an ASN.1 SEQUENCE.
- On Linux, OCTET STRING lengths which extended beyond the end of their parent sequence would return data outside the parent sequence.
- On earlier versions of Windows, a zero-length OCTET STRING would return `null` rather than an empty string.
- When reading the contents of a <xref:System.DirectoryServices.Protocols.DirectoryControl?displayProperty=nameWithType> as a UTF8-encoded string, an invalid UTF8 sequence would not throw an exception.
- When passing an invalid UTF8 string to the constructor of [VlvRequestControl](xref:System.DirectoryServices.Protocols.VlvRequestControl), no exception was thrown.

While not a breaking change, Windows would always encode ASN.1 tags with a four-byte length while Linux would only use as many bytes for the tag length as it needed. Both representations were valid, but this behavioural difference between platforms is now gone; the Linux behaviour now also appears on Windows.

## New behavior

The DirectoryControl parsing is much more stringent, and is now consistent across platforms and versions.

- ASN.1 tags are now checked.
- Trailing data is no longer permitted.
- The length of OCTET STRINGs and SEQUENCEs is now checked.
- Zero-length OCTET STRINGs will now always return an empty string.
- If the server sends an invalid UTF8 byte sequence, the <xref:System.DirectoryServices.Protocols.DirectoryControl?displayProperty=nameWithType> parsing logic will now throw an exception rather than silently substitute the invalid characters with a known value.

We also validate errors more thoroughly when calling the VlvRequestControl constructor. Passing a string which cannot be encoded as a UTF8 value will now throw an EncoderFallbackException.

## Version introduced

.NET 10 Preview 1

## Type of breaking change

This change is a [behavioral change](../../categories.md#behavioral-change).

## Reason for change

RFC/spec. compliance. In the various RFCs and sections of MS-ADTS, the controlValue is specified as the BER encoding of an ASN.1 structure with wording similar to the below (from [RFC2891, section 1.2](https://datatracker.ietf.org/doc/html/rfc2891#section-1.2)):

> The controlType is set to "1.2.840.113556.1.4.474". The criticality is FALSE (MAY be absent). The controlValue is an OCTET STRING, whose value is the BER encoding of a value of the following SEQUENCE:

This precludes trailing data. It also rules out BER encodings of ASN.1 structures with differing ASN.1 tags, and of invalid BER encodings (such as OCTET STRINGs which are longer than their containing SEQUENCE.)

For the VlvRequestControl constructor, throwing the exception early means that users can trust that only the values they explicitly specify are sent to the server - there are no circumstances where they can accidentally send `EF BF BD` to the server because they've passed a string which can't be encoded to valid UTF8 bytes.

## Recommended action

Servers should comply with the RFCs and specifications. Users should be aware of the need to handle an <xref:System.Text.EncoderFallbackException> when calling the <xref:System.DirectoryServices.Protocols.VlvRequestControl> constructor.

## Affected APIs

- <xref:System.DirectoryServices.Protocols.LdapConnection.SendRequest>
- <xref:System.DirectoryServices.Protocols.LdapConnection.EndSendRequest>
- <xref:System.DirectoryServices.Protocols.VlvRequestControl..ctor>
4 changes: 4 additions & 0 deletions docs/core/compatibility/toc.yml
Original file line number Diff line number Diff line change
@@ -16,6 +16,8 @@ items:
href: core-libraries/10.0/activity-sampling.md
- name: C# 14 overload resolution with span parameters
href: core-libraries/10.0/csharp-overload-resolution.md
- name: LDAP DirectoryControl parsing is now more stringent
href: core-libraries/10.0/ldap-directorycontrol-parsing.md
- name: Windows Forms
items:
- name: TreeView checkbox image truncation
@@ -1324,6 +1326,8 @@ items:
href: core-libraries/10.0/activity-sampling.md
- name: C# 14 overload resolution with span parameters
href: core-libraries/10.0/csharp-overload-resolution.md
- name: LDAP DirectoryControl parsing is now more stringent
href: core-libraries/10.0/ldap-directorycontrol-parsing.md
- name: .NET 9
items:
- name: Adding a ZipArchiveEntry sets header general-purpose bit flags
Loading