search

Master0007 / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

C# Library uses incorrect sort in signing algorithm #102

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Use the ruby library to send a request to an app using the c# library 
with uppercase parameters (ex. User.FirstName=Joe)
2. C# library will report that it is incorrectly signed

In OAuthBase.cs, it uses the default sort from the environment when sorting 
the parameter values to generate signatures:

return string.Compare(x.Value, y.Value);
return string.Compare(x.Name, y.Name);

As per the .NET documentation ( http://msdn.microsoft.com/en-
us/library/84787k22.aspx ), when you don't tell it how to do the sort, it 
will use "the current culture" to do the comparison.  In the case of OAuth, 
the sort order is predefined and should not be varied.

I've found that changing the line to use the case-sensitive ordinal sort 
resolves the issue:

return string.Compare(x.Value, y.Value, StringComparison.Ordinal);
return string.Compare(x.Name, y.Name, StringComparison.Ordinal);

Tom

Original issue reported on code.google.com by tlia...@gmail.com on 14 May 2009 at 6:26

GoogleCodeExporter commented 9 years ago

Original comment by morten.f...@gmail.com on 16 May 2009 at 2:56