diff options
author | Chris Ross <Tratcher@Outlook.com> | 2022-11-04 06:10:49 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-04 06:10:49 +0300 |
commit | 8350b948d04cd04dcd2f0628c8e04ba17b902d9b (patch) | |
tree | 1b70dac8487c5bff19935d8f36cb5bca7e7ffb86 | |
parent | 761eec97e6c8a7c9e4f5f84d80d39f480dfb6cef (diff) |
[7.0] Limit the hpack buffer resize (#44644)
* Limit the hpack buffer resize #44643
* More resizes
-rw-r--r-- | src/Shared/runtime/Http2/Hpack/HPackDecoder.cs | 4 | ||||
-rw-r--r-- | src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs | 35 |
2 files changed, 37 insertions, 2 deletions
diff --git a/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs b/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs index cefb377f40..fb8739999a 100644 --- a/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs +++ b/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs @@ -577,7 +577,7 @@ namespace System.Net.Http.HPack throw new HPackDecodingException(SR.Format(SR.net_http_headers_exceeded_length, _maxHeadersLength)); } - _stringOctets = new byte[Math.Max(length, _stringOctets.Length * 2)]; + _stringOctets = new byte[Math.Max(length, Math.Min(_stringOctets.Length * 2, _maxHeadersLength))]; } _stringLength = length; @@ -625,7 +625,7 @@ namespace System.Net.Http.HPack { if (dst.Length < _stringLength) { - dst = new byte[Math.Max(_stringLength, dst.Length * 2)]; + dst = new byte[Math.Max(_stringLength, Math.Min(dst.Length * 2, _maxHeadersLength))]; } } diff --git a/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs b/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs index e5f3c3b698..b7f4c19072 100644 --- a/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs +++ b/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs @@ -494,6 +494,41 @@ namespace System.Net.Http.Unit.Tests.HPack } [Fact] + public void DecodesStringLength_ExceedsLimit_Throws() + { + HPackDecoder decoder = new HPackDecoder(DynamicTableInitialMaxSize, MaxHeaderFieldSize + 1); + string string8191 = new string('a', MaxHeaderFieldSize - 1); + string string8193 = new string('a', MaxHeaderFieldSize + 1); + string string8194 = new string('a', MaxHeaderFieldSize + 2); + + var bytes = new byte[3]; + var success = IntegerEncoder.Encode(8194, 7, bytes, out var written); + + byte[] encoded = _literalHeaderFieldWithoutIndexingNewName + .Concat(new byte[] { 0x7f, 0x80, 0x3f }) // 8191 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8191)) + .Concat(new byte[] { 0x7f, 0x80, 0x3f }) // 8191 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8191)) + .Concat(_literalHeaderFieldWithoutIndexingNewName) + .Concat(new byte[] { 0x7f, 0x82, 0x3f }) // 8193 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8193)) + .Concat(new byte[] { 0x7f, 0x82, 0x3f }) // 8193 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8193)) + .Concat(_literalHeaderFieldWithoutIndexingNewName) + .Concat(new byte[] { 0x7f, 0x83, 0x3f }) // 8194 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8194)) + .Concat(new byte[] { 0x7f, 0x83, 0x3f }) // 8194 encoded with 7-bit prefix, no Huffman encoding + .Concat(Encoding.ASCII.GetBytes(string8194)) + .ToArray(); + + var ex = Assert.Throws<HPackDecodingException>(() => decoder.Decode(encoded, endHeaders: true, handler: _handler)); + Assert.Equal(SR.Format(SR.net_http_headers_exceeded_length, MaxHeaderFieldSize + 1), ex.Message); + Assert.Equal(string8191, _handler.DecodedHeaders[string8191]); + Assert.Equal(string8193, _handler.DecodedHeaders[string8193]); + Assert.False(_handler.DecodedHeaders.ContainsKey(string8194)); + } + + [Fact] public void DecodesStringLength_IndividualBytes() { HPackDecoder decoder = new HPackDecoder(DynamicTableInitialMaxSize, MaxHeaderFieldSize + 1); |