7 Replies - 276 Views - Last Post: 13 February 2020 - 07:59 AM Rate Topic: -----

#1 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 18
  • View blog
  • Posts: 301
  • Joined: 25-May 16

C# Writing File to Directory is Corrupting the file

Posted 12 February 2020 - 10:54 AM

Hello everyone, someone made a change to a legacy application that wrote files to a directory. They had to rewrite it due to a security vulnerability but they never actually tested the output, only checked to see if the file was written. When you try to open the file, it won't open since it has been corrupted.

I narrowed it down to what I believe is the culprit

 public static void CopyStream(Stream input, Stream output)
        {
            byte[] buffer = new byte[8 * 1024];
            int len;
            while ((len = input.Read(buffer, 0, buffer.Length)) > 0)
            {
                output.Write(buffer, 0, len);
            }

        }



I am trying to figure out where the corruption occurs. Would it be because have the buffer size too small?

Is This A Good Question/Topic? 0
  • +

Replies To: C# Writing File to Directory is Corrupting the file

#2 Martyr2   User is offline

  • Programming Theoretician
  • member icon

Reputation: 5526
  • View blog
  • Posts: 14,527
  • Joined: 18-April 07

Re: C# Writing File to Directory is Corrupting the file

Posted 12 February 2020 - 01:42 PM

I don't see anything immediately wrong with it. Even if the buffer was one byte at a time, doesn't matter other than it would just require more iterations. My Initial tests show it working fine when it comes to standard input/output console streams. Usually when I see corruption it is due to one of two things...

1) Not fully flushing the stream out to disk. I don't see that being a problem here if that is indeed the code that is writing out.
2) Wrong encoding.

What type of data are you moving through the streams?
Was This Post Helpful? 0
  • +
  • -

#3 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 18
  • View blog
  • Posts: 301
  • Joined: 25-May 16

Re: C# Writing File to Directory is Corrupting the file

Posted 12 February 2020 - 01:58 PM

The files are supposed to be .tif files.

The original implementation went like this
SaveBlob(blob, Path.Combine(directory, string.Format("{0}.tif", fileName)));



private static void SaveBlob(Stream blob, string fileName)
		{    
            try
            {
                // THIS is what we are trying to use
                //using (var file = File.Create(ExtensionMethods.SanitizeFilePath(fileName)))
                //{
                //    CopyStream(blob, file);
                //}

               // This is what was working before but we had to remove it
                var gzFileName = Path.GetTempFileName();

                WriteToFile(gzFileName, blob);
                Decompress(gzFileName, fileName);
                File.Delete(gzFileName);

            }
            catch (Exception ex)
            {
                throw ex;
            }
        }



WriteToFile
private static void WriteToFile(string fileName, Stream blob)
		{
			var writeData = new byte[blob.Length];

			blob.Read(writeData, 0, (int) blob.Length);
			File.WriteAllBytes(fileName, writeData);
		}



Decompress
private static void Decompress(string inFileName, string outFileName)
		{
			var size = 2048;
			var writeData = new byte[size];

			using (var fs = File.Create(outFileName))
			{
                using (var s = new GZipStream(File.OpenRead(inFileName), CompressionMode.Decompress))
                {
                    while (true)
                    {
                        size = s.Read(writeData, 0, size);
                        if (size > 0)
                        {
                            fs.Write(writeData, 0, size);
                        }
                        else
                        {
                            break;
                        }
                    }
                }
			}
		}



The first block is the call to the SaveBlob function and then the workflow is shown in the rest.

The files are written and the names are correct, but we can no longer open them and get the message that they are corrupted, too big, or too, or that the format is not supported. So something had to have happened between the time we retrieved it from the database and the time it got written to the directory.
Was This Post Helpful? 0
  • +
  • -

#4 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7244
  • View blog
  • Posts: 24,556
  • Joined: 05-May 12

Re: C# Writing File to Directory is Corrupting the file

Posted 12 February 2020 - 03:17 PM

LOL! In your new implementation you failed to decompress the stream.

Notice that in your old code, you would do the following:
Generate a temp file name
Copy the blob stream into the temp file
Open a stream to the destination fileName
Open a stream to the temp file
Open a GZipStream on that temp file stream
Read bytes from the zip stream and write them to the destination stream

In your new code you do the following:
Sanitize the characters of the fileName
Open a stream to the destination sanitized fileName
Read bytes from the blob stream and write them into destination stream.
Was This Post Helpful? 2
  • +
  • -

#5 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7244
  • View blog
  • Posts: 24,556
  • Joined: 05-May 12

Re: C# Writing File to Directory is Corrupting the file

Posted 12 February 2020 - 03:42 PM

View Postfearfulsc2, on 12 February 2020 - 12:54 PM, said:

They had to rewrite it due to a security vulnerability

Do you happen to know which CWE they were trying to address?

Was it the vulnerability of being able to collide with the generated temporary filename?
Or was it the vulnerability of temp file not being deleted if a failure happens during decompression?
Was This Post Helpful? 0
  • +
  • -

#6 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7244
  • View blog
  • Posts: 24,556
  • Joined: 05-May 12

Re: C# Writing File to Directory is Corrupting the file

Posted 13 February 2020 - 04:56 AM

Anyway fixing this is simple. Just need to add a:
using (var unzip = new GZipStream(input, CompressionMode.Decompress))


block around the body of the CopyStream() method, and change the use of input to unzip.
Was This Post Helpful? 1
  • +
  • -

#7 fearfulsc2   User is offline

  • D.I.C Regular

Reputation: 18
  • View blog
  • Posts: 301
  • Joined: 25-May 16

Re: C# Writing File to Directory is Corrupting the file

Posted 13 February 2020 - 07:04 AM

View PostSkydiver, on 12 February 2020 - 03:42 PM, said:

Do you happen to know which CWE they were trying to address?

Was it the vulnerability of being able to collide with the generated temporary filename?
Or was it the vulnerability of temp file not being deleted if a failure happens during decompression?


I think it was CWE 73

And I can't believe I overlooked the Decompression part of this. I'll give that a go and see if that resolves the issue!

EDIT
After decompressing, it's been resolved.

A simple overlook that's been driving me crazy. Thank you!

This post has been edited by fearfulsc2: 13 February 2020 - 07:10 AM

Was This Post Helpful? 0
  • +
  • -

#8 Skydiver   User is offline

  • Code herder
  • member icon

Reputation: 7244
  • View blog
  • Posts: 24,556
  • Joined: 05-May 12

Re: C# Writing File to Directory is Corrupting the file

Posted 13 February 2020 - 07:59 AM

If it was simply CWE-73 with no findings for CWE-377 and CWE-378, then the simple call to your SanitizeFilePath() in the call to Decompress() of the old code should have been sufficient:
Decompress(gzFileName, ExtensionMethods.SanitizeFilePath(fileName));


Was This Post Helpful? 0
  • +
  • -

Page 1 of 1