Merged PR 21363: [MSRC 69437] Apply MaxResponseHeadersLength limit for trailing headers

Miha Zupan · mmitche · commit f9c64756e86a · 2022-04-13T15:35:20.000Z
diff --git a/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ChunkedEncodingReadStream.cs b/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/ChunkedEncodingReadStream.cs
@@ -22,8 +22,6 @@ private sealed class ChunkedEncodingReadStream : HttpContentReadStream
             /// infinite chunk length is sent.  This value is arbitrary and can be changed as needed.
             /// </remarks>
             private const int MaxChunkBytesAllowed = 16*1024;
-            /// <summary>How long a trailing header can be.  This value is arbitrary and can be changed as needed.</summary>
-            private const int MaxTrailingHeaderLength = 16*1024;
             /// <summary>The number of bytes remaining in the chunk.</summary>
             private ulong _chunkBytesRemaining;
             /// <summary>The current state of the parsing state machine for the chunked response.</summary>
@@ -298,6 +296,9 @@ private ReadOnlyMemory<byte> ReadChunkFromConnectionBuffer(int maxBytesToRead, C
                             else
                             {
                                 _state = ParsingState.ConsumeTrailers;
+                                // Apply the MaxResponseHeadersLength limit to all trailing headers.
+                                // The limit is applied to regular response headers and trailing headers separately.
+                                _connection._allowedReadLineBytes = _connection.MaxResponseHeadersLength;
                                 goto case ParsingState.ConsumeTrailers;
                             }
 
@@ -345,7 +346,6 @@ private ReadOnlyMemory<byte> ReadChunkFromConnectionBuffer(int maxBytesToRead, C
                             while (true)
                             {
                                 // TODO: Consider adding folded trailing header support #35769.
-                                _connection._allowedReadLineBytes = MaxTrailingHeaderLength;
                                 if (!_connection.TryReadNextLine(out currentLine))
                                 {
                                     break;
diff --git a/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnection.cs b/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnection.cs
@@ -205,6 +205,8 @@ public bool EnsureReadAheadAndPollRead()
 
         public HttpConnectionKind Kind => _pool.Kind;
 
+        private int MaxResponseHeadersLength => (int)Math.Min(int.MaxValue, _pool.Settings._maxResponseHeadersLength * 1024L);
+
         private int ReadBufferSize => _readBuffer.Length;
 
         private ReadOnlyMemory<byte> RemainingBuffer => new ReadOnlyMemory<byte>(_readBuffer, _readOffset, _readLength - _readOffset);
@@ -480,7 +482,7 @@ public async Task<HttpResponseMessage> SendAsyncCore(HttpRequestMessage request,
                 }
 
                 // Start to read response.
-                _allowedReadLineBytes = (int)Math.Min(int.MaxValue, _pool.Settings._maxResponseHeadersLength * 1024L);
+                _allowedReadLineBytes = MaxResponseHeadersLength;
 
                 // We should not have any buffered data here; if there was, it should have been treated as an error
                 // by the previous request handling.  (Note we do not support HTTP pipelining.)
@@ -1243,7 +1245,7 @@ private bool TryReadNextLine(out ReadOnlySpan<byte> line)
             {
                 if (_allowedReadLineBytes < buffer.Length)
                 {
-                    throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, _pool.Settings._maxResponseHeadersLength * 1024L));
+                    throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, MaxResponseHeadersLength));
                 }
 
                 line = default;
@@ -1354,7 +1356,7 @@ private void ThrowIfExceededAllowedReadLineBytes()
         {
             if (_allowedReadLineBytes < 0)
             {
-                throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, _pool.Settings._maxResponseHeadersLength * 1024L));
+                throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, MaxResponseHeadersLength));
             }
         }
 
diff --git a/src/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs b/src/System.Net.Http/tests/FunctionalTests/SocketsHttpHandlerTest.cs
@@ -767,6 +767,60 @@ await TestHelper.WhenAllCompletedOrAnyFailed(
                 }
             });
         }
+
+        [Theory]
+        [InlineData(1024, 64, false)]
+        [InlineData(1024, 1024 - 2, false)] // we need at least 2 spare bytes for the next CRLF
+        [InlineData(1024, 1024 - 1, true)]
+        [InlineData(1024, 1024, true)]
+        [InlineData(1024, 1024 + 1, true)]
+        [InlineData(1024 * 1024, 1024 * 1024 - 2, false)]
+        [InlineData(1024 * 1024, 1024 * 1024 - 1, true)]
+        [InlineData(1024 * 1024, 1024 * 1024, true)]
+        public async Task GetAsync_MaxResponseHeadersLength_EnforcedOnTrailingHeaders(int maxResponseHeadersLength, int trailersLength, bool shouldThrow)
+        {
+            await LoopbackServer.CreateClientAndServerAsync(
+                async uri =>
+                {
+                    using HttpClientHandler handler = CreateHttpClientHandler();
+                    using HttpClient client = CreateHttpClient(handler);
+
+                    handler.MaxResponseHeadersLength = maxResponseHeadersLength / 1024;
+
+                    if (shouldThrow)
+                    {
+                        await Assert.ThrowsAsync<HttpRequestException>(() => client.GetAsync(uri));
+                    }
+                    else
+                    {
+                        (await client.GetAsync(uri)).Dispose();
+                    }
+                },
+                async server =>
+                {
+                    try
+                    {
+                        const string TrailerName1 = "My-Trailer-1";
+                        const string TrailerName2 = "My-Trailer-2";
+
+                        int trailerOneLength = trailersLength / 2;
+                        int trailerTwoLength = trailersLength - trailerOneLength;
+
+                        await server.AcceptConnectionSendCustomResponseAndCloseAsync(
+                            "HTTP/1.1 200 OK\r\n" +
+                            "Connection: close\r\n" +
+                            "Transfer-Encoding: chunked\r\n" +
+                            "\r\n" +
+                            "4\r\n" +
+                            "data\r\n" +
+                            "0\r\n" +
+                            $"{TrailerName1}: {new string('a', trailerOneLength - TrailerName1.Length - 4)}\r\n" +
+                            $"{TrailerName2}: {new string('b', trailerTwoLength - TrailerName2.Length - 4)}\r\n" +
+                            "\r\n");
+                    }
+                    catch { }
+                });
+        }
     }
 
     public sealed class SocketsHttpHandler_Http2_TrailingHeaders_Test : SocketsHttpHandler_TrailingHeaders_Test

Original file line number	Diff line number	Diff line change
`@@ -22,8 +22,6 @@ private sealed class ChunkedEncodingReadStream : HttpContentReadStream`
`22`	`22`	`/// infinite chunk length is sent. This value is arbitrary and can be changed as needed.`
`23`	`23`	`/// </remarks>`
`24`	`24`	`private const int MaxChunkBytesAllowed = 16*1024;`
`25`		`- /// <summary>How long a trailing header can be. This value is arbitrary and can be changed as needed.</summary>`
`26`		`- private const int MaxTrailingHeaderLength = 16*1024;`
`27`	`25`	`/// <summary>The number of bytes remaining in the chunk.</summary>`
`28`	`26`	`private ulong _chunkBytesRemaining;`
`29`	`27`	`/// <summary>The current state of the parsing state machine for the chunked response.</summary>`
`@@ -298,6 +296,9 @@ private ReadOnlyMemory<byte> ReadChunkFromConnectionBuffer(int maxBytesToRead, C`
`298`	`296`	`else`
`299`	`297`	`{`
`300`	`298`	`_state = ParsingState.ConsumeTrailers;`
	`299`	`+ // Apply the MaxResponseHeadersLength limit to all trailing headers.`
	`300`	`+ // The limit is applied to regular response headers and trailing headers separately.`
	`301`	`+ _connection._allowedReadLineBytes = _connection.MaxResponseHeadersLength;`
`301`	`302`	`goto case ParsingState.ConsumeTrailers;`
`302`	`303`	`}`
`303`	`304`
`@@ -345,7 +346,6 @@ private ReadOnlyMemory<byte> ReadChunkFromConnectionBuffer(int maxBytesToRead, C`
`345`	`346`	`while (true)`
`346`	`347`	`{`
`347`	`348`	`// TODO: Consider adding folded trailing header support #35769.`
`348`		`- _connection._allowedReadLineBytes = MaxTrailingHeaderLength;`
`349`	`349`	`if (!_connection.TryReadNextLine(out currentLine))`
`350`	`350`	`{`
`351`	`351`	`break;`
Original file line number	Diff line number	Diff line change
`@@ -205,6 +205,8 @@ public bool EnsureReadAheadAndPollRead()`
`205`	`205`
`206`	`206`	`public HttpConnectionKind Kind => _pool.Kind;`
`207`	`207`
	`208`	`+ private int MaxResponseHeadersLength => (int)Math.Min(int.MaxValue, _pool.Settings._maxResponseHeadersLength * 1024L);`
	`209`	`+`
`208`	`210`	`private int ReadBufferSize => _readBuffer.Length;`
`209`	`211`
`210`	`212`	`private ReadOnlyMemory<byte> RemainingBuffer => new ReadOnlyMemory<byte>(_readBuffer, _readOffset, _readLength - _readOffset);`
`@@ -480,7 +482,7 @@ public async Task<HttpResponseMessage> SendAsyncCore(HttpRequestMessage request,`
`480`	`482`	`}`
`481`	`483`
`482`	`484`	`// Start to read response.`
`483`		`- _allowedReadLineBytes = (int)Math.Min(int.MaxValue, _pool.Settings._maxResponseHeadersLength * 1024L);`
	`485`	`+ _allowedReadLineBytes = MaxResponseHeadersLength;`
`484`	`486`
`485`	`487`	`// We should not have any buffered data here; if there was, it should have been treated as an error`
`486`	`488`	`// by the previous request handling. (Note we do not support HTTP pipelining.)`
`@@ -1243,7 +1245,7 @@ private bool TryReadNextLine(out ReadOnlySpan<byte> line)`
`1243`	`1245`	`{`
`1244`	`1246`	`if (_allowedReadLineBytes < buffer.Length)`
`1245`	`1247`	`{`
`1246`		`- throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, _pool.Settings._maxResponseHeadersLength * 1024L));`
	`1248`	`+ throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, MaxResponseHeadersLength));`
`1247`	`1249`	`}`
`1248`	`1250`
`1249`	`1251`	`line = default;`
`@@ -1354,7 +1356,7 @@ private void ThrowIfExceededAllowedReadLineBytes()`
`1354`	`1356`	`{`
`1355`	`1357`	`if (_allowedReadLineBytes < 0)`
`1356`	`1358`	`{`
`1357`		`- throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, _pool.Settings._maxResponseHeadersLength * 1024L));`
	`1359`	`+ throw new HttpRequestException(SR.Format(SR.net_http_response_headers_exceeded_length, MaxResponseHeadersLength));`
`1358`	`1360`	`}`
`1359`	`1361`	`}`
`1360`	`1362`