.NET Bestfit Unicode Conversion for P/Invoke

When performing a standard p/invoke method call in which a .NET string must be converted to an unmanaged LPSTR (char*), the .NET runtime performs a “bestfit” conversion.  This means some Unicode characters will be converted down to ASCII characters based on some mapping information.  This “bestfit” conversion can allow an attacker to bypass input validation filters.  For example, a filename might be checked to make sure it does not contain a backslash (“\”) character, or two periods (“..”).  By using Unicode characters an attacker could by pass those checks by providing a Unicode character that will be converted to the required ASCII character during the marshaling of the string.

The following table lists Unicode character numbers that are mapped down into ASCII during a “bestfit” conversion in .NET:


Unicode # ASCII Character Description
256 A
257 a
262 C
263 c
270 D
271 d
274 E
275 e
284 G
285 g
292 H
293 h
296 I
297 i
308 J
309 j
310 K
311 k
313 L
314 l
323 N
324 n
332 O
333 o
340 R
341 r
346 S
347 s
354 T
355 t
360 U
361 u
372 W
373 w
374 Y
375 y
377 Z
378 z
384 b
448 |
451 !
697
698 double quote
708 ^
715 `
717 _
771 ~
894 ;
934 F
960 p
966 f
1417 :
1642 %
8192
8208 -
8215 =
8260 /
8308 4
8309 5
8310 6
8311 7
8312 8
8320 0
8321 1
8322 2
8323 3
8329 9
8359 P
8474 Q
8492 B
8499 M
8726 \
8727 *
8730 v
8992 (
8993 )
9001 <
9002 >
9484 +
12314 [
12315 ]
65283 #
65284 $
65286 &
65292
65294 .
65312 @
65334 V
65336 X
65357 m
65361 q
65368 x
65371 {
65373 }

5 Responses to “.NET Bestfit Unicode Conversion for P/Invoke”

  1. [...] Full article with character map. [...]

    phed.org » .NET Bestfit Unicode Conversion for P/Invoke said this on February 21, 2008 at 12:42 am | Reply

  2. [...] been looking into this recently, and was inspired to write a bit more about this from Michael Eddington’s post on the [...]

    String handling when marshalling from .Net to a platform invoke said this on December 6, 2008 at 6:47 am | Reply

  3. [...] Full article with character map. [...]

    .NET Bestfit Unicode Conversion for P/Invoke « phed.org said this on November 7, 2010 at 1:05 am | Reply

  4. Where is the table? lol this site doesn’t have much to it – just a tease

    Anon said this on April 1, 2011 at 3:45 am | Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.