Limits on header stack size parsing

benaadams · benaadams · commit 6282d0bc1a66 · 2015-11-01T08:43:25.000Z
diff --git a/src/Microsoft.AspNet.Server.Kestrel/Infrastructure/MemoryPoolIterator2.cs b/src/Microsoft.AspNet.Server.Kestrel/Infrastructure/MemoryPoolIterator2.cs
@@ -10,6 +10,8 @@ namespace Microsoft.AspNet.Server.Kestrel.Infrastructure
 {
     public struct MemoryPoolIterator2
     {
+        private const int _maxHeaderStackLength = 16384;
+
         /// <summary>
         /// Array of "minus one" bytes of the length of SIMD operations on the current hardware. Used as an argument in the
         /// vector dot product that counts matching character occurrence.
@@ -549,12 +551,19 @@ public string GetAsciiString(MemoryPoolIterator2 end)
                 return default(string);
             }
 
+            var length = GetLength(end);
+
+            if (length > _maxHeaderStackLength)
+            {
+                return GetUtf8String(end);
+            }
+
             if (end._block == _block)
             {
-                return SingleBlockAsciiString(_block.Array, _index, end._index - _index);
+                return SingleBlockAsciiString(_block.Array, _index, length);
             }
 
-            return MultiBlockAsciiString(_block, _index, GetLength(end));
+            return MultiBlockAsciiString(_block, _index, length);
         }
 
         public string GetUtf8String(MemoryPoolIterator2 end)
@@ -567,10 +576,10 @@ public string GetUtf8String(MemoryPoolIterator2 end)
             {
                 return _utf8.GetString(_block.Array, _index, end._index - _index);
             }
-
+            
             var decoder = _utf8.GetDecoder();
-
             var length = GetLength(end);
+
             var charLength = length * 2;
             var chars = new char[charLength];
             var charIndex = 0;

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,8 @@ namespace Microsoft.AspNet.Server.Kestrel.Infrastructure`
`10`	`10`	`{`
`11`	`11`	`public struct MemoryPoolIterator2`
`12`	`12`	`{`
	`13`	`+ private const int _maxHeaderStackLength = 16384;`
	`14`	`+`
`13`	`15`	`/// <summary>`
`14`	`16`	`/// Array of "minus one" bytes of the length of SIMD operations on the current hardware. Used as an argument in the`
`15`	`17`	`/// vector dot product that counts matching character occurrence.`
`@@ -549,12 +551,19 @@ public string GetAsciiString(MemoryPoolIterator2 end)`
`549`	`551`	`return default(string);`
`550`	`552`	`}`
`551`	`553`
	`554`	`+ var length = GetLength(end);`
	`555`	`+`
	`556`	`+ if (length > _maxHeaderStackLength)`
	`557`	`+ {`
	`558`	`+ return GetUtf8String(end);`
	`559`	`+ }`
	`560`	`+`
`552`	`561`	`if (end._block == _block)`
`553`	`562`	`{`
`554`		`- return SingleBlockAsciiString(_block.Array, _index, end._index - _index);`
	`563`	`+ return SingleBlockAsciiString(_block.Array, _index, length);`
`555`	`564`	`}`
`556`	`565`
`557`		`- return MultiBlockAsciiString(_block, _index, GetLength(end));`
	`566`	`+ return MultiBlockAsciiString(_block, _index, length);`
`558`	`567`	`}`
`559`	`568`
`560`	`569`	`public string GetUtf8String(MemoryPoolIterator2 end)`
`@@ -567,10 +576,10 @@ public string GetUtf8String(MemoryPoolIterator2 end)`
`567`	`576`	`{`
`568`	`577`	`return _utf8.GetString(_block.Array, _index, end._index - _index);`
`569`	`578`	`}`
`570`		`-`
	`579`	`+`
`571`	`580`	`var decoder = _utf8.GetDecoder();`
`572`		`-`
`573`	`581`	`var length = GetLength(end);`
	`582`	`+`
`574`	`583`	`var charLength = length * 2;`
`575`	`584`	`var chars = new char[charLength];`
`576`	`585`	`var charIndex = 0;`