Doesn't decompile correctly

2 posts, 0 answers
  1. Matt
    Matt avatar
    1 posts
    Member since:
    Jan 2011

    Posted 26 Dec 2011 Link to this post

    I was decompiling the System.Web.Security.SqlMembershipProvider and found a descrepency.  I was specifically looking at the GetPasswordWithFormat method which JustDecompile shows like this:

    private void GetPasswordWithFormat(string username, bool updateLastLoginActivityDate, out int status, out string password, out int passwordFormat, out string passwordSalt, out int failedPasswordAttemptCount, out int failedPasswordAnswerAttemptCount, out bool isApproved, out DateTime lastLoginDate, out DateTime lastActivityDate)
    {
        try
        {
            SqlConnectionHolder connection = null;
            SqlDataReader sqlDataReader = null;
            SqlParameter sqlParameter = null;
            try
            {
                connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
                this.CheckSchemaVersion(connection.Connection);
                SqlCommand sqlCommand = new SqlCommand("dbo.aspnet_Membership_GetPasswordWithFormat", connection.Connection);
                sqlCommand.CommandTimeout = this.CommandTimeout;
                sqlCommand.CommandType = CommandType.StoredProcedure;
                sqlCommand.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, base.ApplicationName));
                sqlCommand.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, username));
                sqlCommand.Parameters.Add(this.CreateInputParam("@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate));
                sqlCommand.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                sqlParameter = new SqlParameter("@ReturnValue", SqlDbType.Int);
                sqlParameter.Direction = ParameterDirection.ReturnValue;
                sqlCommand.Parameters.Add(sqlParameter);
                sqlDataReader = sqlCommand.ExecuteReader(CommandBehavior.SingleRow);
                status = -1;
                if (sqlDataReader.Read())
                {
                    passwordFormat = sqlDataReader.GetInt32(1);
                    failedPasswordAttemptCount = sqlDataReader.GetInt32(3);
                    failedPasswordAnswerAttemptCount = sqlDataReader.GetInt32(4);
                    isApproved = sqlDataReader.GetBoolean(5);
                    lastLoginDate = sqlDataReader.GetDateTime(6);
                    lastActivityDate = sqlDataReader.GetDateTime(7);
                }
                else
                {
                    passwordFormat = 0;
                    failedPasswordAttemptCount = 0;
                    failedPasswordAnswerAttemptCount = 0;
                    isApproved = 0;
                    lastLoginDate = DateTime.UtcNow;
                    lastActivityDate = DateTime.UtcNow;
                }
            }
            finally
            {
                if (sqlDataReader != null)
                {
                    sqlDataReader.Close();
                    sqlDataReader = null;
                    status = (sqlParameter.Value ? (int)sqlParameter.Value : -1);
                }
                if (connection != null)
                {
                    connection.Close();
                    connection = null;
                }
            }
        }
        catch
        {
            throw;
        }
    }

    I noticed that the output parameter "password" was never being set and this didn't make any sense so I opened the same thing in .Net Reflector and found the following:

    private void GetPasswordWithFormat(string username, bool updateLastLoginActivityDate, out int status, out string password, out int passwordFormat, out string passwordSalt, out int failedPasswordAttemptCount, out int failedPasswordAnswerAttemptCount, out bool isApproved, out DateTime lastLoginDate, out DateTime lastActivityDate)
    {
        try
        {
            SqlConnectionHolder connection = null;
            SqlDataReader reader = null;
            SqlParameter parameter = null;
            try
            {
                connection = SqlConnectionHelper.GetConnection(this._sqlConnectionString, true);
                this.CheckSchemaVersion(connection.Connection);
                SqlCommand command = new SqlCommand("dbo.aspnet_Membership_GetPasswordWithFormat", connection.Connection) {
                    CommandTimeout = this.CommandTimeout,
                    CommandType = CommandType.StoredProcedure
                };
                command.Parameters.Add(this.CreateInputParam("@ApplicationName", SqlDbType.NVarChar, this.ApplicationName));
                command.Parameters.Add(this.CreateInputParam("@UserName", SqlDbType.NVarChar, username));
                command.Parameters.Add(this.CreateInputParam("@UpdateLastLoginActivityDate", SqlDbType.Bit, updateLastLoginActivityDate));
                command.Parameters.Add(this.CreateInputParam("@CurrentTimeUtc", SqlDbType.DateTime, DateTime.UtcNow));
                parameter = new SqlParameter("@ReturnValue", SqlDbType.Int) {
                    Direction = ParameterDirection.ReturnValue
                };
                command.Parameters.Add(parameter);
                reader = command.ExecuteReader(CommandBehavior.SingleRow);
                status = -1;
                if (reader.Read())
                {
                    password = reader.GetString(0);
                    passwordFormat = reader.GetInt32(1);
                    passwordSalt = reader.GetString(2);
                    failedPasswordAttemptCount = reader.GetInt32(3);
                    failedPasswordAnswerAttemptCount = reader.GetInt32(4);
                    isApproved = reader.GetBoolean(5);
                    lastLoginDate = reader.GetDateTime(6);
                    lastActivityDate = reader.GetDateTime(7);
                }
                else
                {
                    password = null;
                    passwordFormat = 0;
                    passwordSalt = null;
                    failedPasswordAttemptCount = 0;
                    failedPasswordAnswerAttemptCount = 0;
                    isApproved = false;
                    lastLoginDate = DateTime.UtcNow;
                    lastActivityDate = DateTime.UtcNow;
                }
            }
            finally
            {
                if (reader != null)
                {
                    reader.Close();
                    reader = null;
                    status = (parameter.Value != null) ? ((int) parameter.Value) : -1;
                }
                if (connection != null)
                {
                    connection.Close();
                    connection = null;
                }
            }
        }
        catch
        {
            throw;
        }
    }

    Notice the fact that the following line doesn't even appear in the JustDecompile version:

    password = reader.GetString(0);


    This is a major problem and hurts my ability to trust the output.  Please fix this ASAP.

    Thank you,
    Matt

     

  2. Nikolay G Rusev
    Admin
    Nikolay G Rusev avatar
    44 posts

    Posted 02 Jan 2012 Link to this post

    Hi Matt,

     Thank you for pointing out this problem and sorry for the inconvenience. We're definitely going to take care of it. So, please, stay tuned and update regularly.

    Kind regards,
    Nikolay G Rusev
    the Telerik team

    Explore the entire Telerik portfolio by downloading the Ultimate Collection trial package. Get it now >>

  3. DevCraft banner
Back to Top