diff options
| author | Andrew Clark <aclark@enlivenhq.com> | 2022-04-23 01:03:38 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-23 01:03:38 +0300 |
| commit | 2f68ef8d42646046eb36ff2db5f17965a7893545 (patch) | |
| tree | cec432eaa83a7f1efb5e8f6bc2a3acb667b19c2a | |
| parent | 323b8985bbd28cfa9c9d325562058ab8ea6302f7 (diff) | |
Remove quotes from MultipartReader boundary (#41308)
| -rw-r--r-- | src/Http/WebUtilities/src/MultipartReader.cs | 2 | ||||
| -rw-r--r-- | src/Http/WebUtilities/test/MultipartReaderTests.cs | 12 |
2 files changed, 14 insertions, 0 deletions
diff --git a/src/Http/WebUtilities/src/MultipartReader.cs b/src/Http/WebUtilities/src/MultipartReader.cs index 847b263dd8..64e3948d09 100644 --- a/src/Http/WebUtilities/src/MultipartReader.cs +++ b/src/Http/WebUtilities/src/MultipartReader.cs @@ -2,6 +2,7 @@ // The .NET Foundation licenses this file to you under the MIT license. using Microsoft.Extensions.Primitives; +using Microsoft.Net.Http.Headers; namespace Microsoft.AspNetCore.WebUtilities; @@ -61,6 +62,7 @@ public class MultipartReader throw new ArgumentOutOfRangeException(nameof(bufferSize), bufferSize, "Insufficient buffer space, the buffer must be larger than the boundary: " + boundary); } _stream = new BufferedReadStream(stream, bufferSize); + boundary = HeaderUtilities.RemoveQuotes(new StringSegment(boundary)).ToString(); _boundary = new MultipartBoundary(boundary, false); // This stream will drain any preamble data and remove the first boundary marker. // TODO: HeadersLengthLimit can't be modified until after the constructor. diff --git a/src/Http/WebUtilities/test/MultipartReaderTests.cs b/src/Http/WebUtilities/test/MultipartReaderTests.cs index ba6ddf7e52..8231ec472b 100644 --- a/src/Http/WebUtilities/test/MultipartReaderTests.cs +++ b/src/Http/WebUtilities/test/MultipartReaderTests.cs @@ -10,6 +10,7 @@ namespace Microsoft.AspNetCore.WebUtilities; public class MultipartReaderTests { private const string Boundary = "9051914041544843365972754266"; + private const string BoundaryWithQuotes = @"""9051914041544843365972754266"""; // Note that CRLF (\r\n) is required. You can't use multi-line C# strings here because the line breaks on Linux are just LF. private const string OnePartBody = "--9051914041544843365972754266\r\n" + @@ -377,4 +378,15 @@ public class MultipartReaderTests Assert.Null(await reader.ReadNextSectionAsync()); } + + // MultiPartReader should strip any quotes from the boundary passed in instead of throwing an exception + [Fact] + public async Task MultipartReader_StripQuotesFromBoundary() + { + var stream = MakeStream(OnePartBody); + var reader = new MultipartReader(BoundaryWithQuotes, stream); + + var section = await reader.ReadNextSectionAsync(); + Assert.NotNull(section); + } } |