Skip to content

Commit e4db57d

Browse files
hazzikhazzik
committed
Mark generated GetObjectData of generated proxy as [SecurityCritical]
1 parent 8d4df90 commit e4db57d

File tree

1 file changed

+9
-4
lines changed

1 file changed

+9
-4
lines changed

src/NHibernate/Proxy/NHibernateProxyBuilder.cs

Lines changed: 9 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
using System.Reflection;
55
using System.Reflection.Emit;
66
using System.Runtime.Serialization;
7+
using System.Security;
78
using NHibernate.Proxy.DynamicProxy;
89
using NHibernate.Type;
910
using NHibernate.Util;
@@ -29,11 +30,13 @@ class NHibernateProxyBuilder
2930
static readonly MethodInfo LazyInitializerGetImplementationMethod = LazyInitializerType.GetMethod(nameof(ILazyInitializer.GetImplementation), System.Type.EmptyTypes);
3031
static readonly IProxyAssemblyBuilder ProxyAssemblyBuilder = new DefaultProxyAssemblyBuilder();
3132

33+
static readonly ConstructorInfo SecurityCriticalAttributeConstructor = typeof(SecurityCriticalAttribute).GetConstructor(System.Type.EmptyTypes);
34+
static readonly MethodInfo SerializableGetObjectDataMethod = typeof(ISerializable).GetMethod(nameof(ISerializable.GetObjectData));
35+
3236
readonly MethodInfo _getIdentifierMethod;
3337
readonly MethodInfo _setIdentifierMethod;
3438
readonly IAbstractComponentType _componentIdType;
3539
readonly bool _overridesEquals;
36-
3740
public NHibernateProxyBuilder(MethodInfo getIdentifierMethod, MethodInfo setIdentifierMethod, IAbstractComponentType componentIdType, bool overridesEquals)
3841
{
3942
_getIdentifierMethod = getIdentifierMethod;
@@ -148,8 +151,8 @@ static void ImplementGetObjectData(TypeBuilder typeBuilder, FieldInfo proxyFacto
148151
MethodAttributes.Virtual;
149152
var parameterTypes = new[] {typeof (SerializationInfo), typeof (StreamingContext)};
150153

151-
var methodBuilder =
152-
typeBuilder.DefineMethod("GetObjectData", attributes, typeof (void), parameterTypes);
154+
var methodBuilder = typeBuilder.DefineMethod("GetObjectData", attributes, typeof (void), parameterTypes);
155+
methodBuilder.SetCustomAttribute(new CustomAttributeBuilder(SecurityCriticalAttributeConstructor, Array.Empty<object>()));
153156

154157
var IL = methodBuilder.GetILGenerator();
155158
//LocalBuilder proxyBaseType = IL.DeclareLocal(typeof(Type));
@@ -179,9 +182,11 @@ static void ImplementGetObjectData(TypeBuilder typeBuilder, FieldInfo proxyFacto
179182
IL.Emit(OpCodes.Ldarg_1);
180183
IL.Emit(OpCodes.Ldarg_2);
181184

182-
IL.Emit(OpCodes.Callvirt, typeof(ISerializable).GetMethod(nameof(ISerializable.GetObjectData)));
185+
IL.Emit(OpCodes.Callvirt, SerializableGetObjectDataMethod);
183186

184187
IL.Emit(OpCodes.Ret);
188+
189+
typeBuilder.DefineMethodOverride(methodBuilder, SerializableGetObjectDataMethod);
185190
}
186191

187192
public void CreateProxiedMethod(FieldInfo lazyInitializerField, MethodInfo method, TypeBuilder typeBuilder)

0 commit comments

Comments
 (0)