Handle response content length mismatches (#175).

Author: Cesar Blum Silveira

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/Frame.cs

@@ -75,7 +75,8 @@ public abstract partial class Frame : IFrameControl
         protected readonly long _keepAliveMilliseconds;
         private readonly long _requestHeadersTimeoutMilliseconds;
 
-        private int _responseBytesWritten;
+        protected long? _responseContentLength;
+        protected long _responseBytesWritten;
 
         public Frame(ConnectionContext context)
         {
@@ -116,7 +117,7 @@ public Action<IFeatureCollection> PrepareRequest
         private KestrelServerOptions ServerOptions { get; }
         private IPEndPoint LocalEndPoint => ConnectionContext.LocalEndPoint;
         private IPEndPoint RemoteEndPoint => ConnectionContext.RemoteEndPoint;
-        private string ConnectionId => ConnectionContext.ConnectionId;
+        protected string ConnectionId => ConnectionContext.ConnectionId;
 
         public string ConnectionIdFeature { get; set; }
         public IPAddress RemoteIpAddress { get; set; }
@@ -350,6 +351,7 @@ public void Reset()
             _remainingRequestHeadersBytesAllowed = ServerOptions.Limits.MaxRequestHeadersTotalSize;
             _requestHeadersParsed = 0;
 
+            _responseContentLength = null;
             _responseBytesWritten = 0;
         }
 
@@ -516,8 +518,9 @@ public async Task FlushAsync(CancellationToken cancellationToken)
 
         public void Write(ArraySegment<byte> data)
         {
-            ProduceStartAndFireOnStarting().GetAwaiter().GetResult();
             _responseBytesWritten += data.Count;
+            VerifyWrite();
+            ProduceStartAndFireOnStarting().GetAwaiter().GetResult();
 
             if (_canHaveBody)
             {
@@ -548,6 +551,7 @@ public Task WriteAsync(ArraySegment<byte> data, CancellationToken cancellationTo
             }
 
             _responseBytesWritten += data.Count;
+            VerifyWrite();
 
             if (_canHaveBody)
             {
@@ -573,8 +577,10 @@ public Task WriteAsync(ArraySegment<byte> data, CancellationToken cancellationTo
 
         public async Task WriteAsyncAwaited(ArraySegment<byte> data, CancellationToken cancellationToken)
         {
-            await ProduceStartAndFireOnStarting();
             _responseBytesWritten += data.Count;
+            VerifyWrite();
+
+            await ProduceStartAndFireOnStarting();
 
             if (_canHaveBody)
             {
@@ -598,6 +604,34 @@ public async Task WriteAsyncAwaited(ArraySegment<byte> data, CancellationToken c
             }
         }
 
+        private void VerifyWrite()
+        {
+            TryInitializeResponseContentLength();
+
+            if (_responseContentLength.HasValue && _responseBytesWritten > _responseContentLength.Value)
+            {
+                ThrowContentLengthMismatchException();
+            }
+        }
+
+        protected void TryInitializeResponseContentLength()
+        {
+            if (!_responseContentLength.HasValue)
+            {
+                var responseHeaders = FrameResponseHeaders;
+                if (responseHeaders != null && responseHeaders.HasContentLength)
+                {
+                    _responseContentLength = int.Parse(responseHeaders.HeaderContentLength.ToString());
+                }
+            }
+        }
+
+        protected void ThrowContentLengthMismatchException()
+        {
+            _keepAlive = false;
+            throw new InvalidOperationException($"Response content length mismatch: wrote {_responseBytesWritten} bytes to {_responseContentLength.Value}-byte response.");
+        }
+
         private void WriteChunked(ArraySegment<byte> data)
         {
             SocketOutput.Write(data, chunk: true);
@@ -684,7 +718,7 @@ private void ProduceStart(bool appCompleted)
 
         protected Task TryProduceInvalidRequestResponse()
         {
-            if (_requestRejected)
+            if (_requestRejected || _applicationException != null)
             {
                 if (FrameRequestHeaders == null || FrameResponseHeaders == null)
                 {

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/FrameOfT.cs

@@ -92,6 +92,13 @@ public override async Task RequestProcessingAsync()
                         try
                         {
                             await _application.ProcessRequestAsync(context).ConfigureAwait(false);
+
+                            TryInitializeResponseContentLength();
+
+                            if (_responseContentLength.HasValue && _responseBytesWritten < _responseContentLength.Value)
+                            {
+                                ThrowContentLengthMismatchException();
+                            }
                         }
                         catch (Exception ex)
                         {

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/IKestrelTrace.cs

@@ -33,7 +33,7 @@ public interface IKestrelTrace : ILogger
 
         void ConnectionDisconnectedWrite(string connectionId, int count, Exception ex);
 
-        void ConnectionHeadResponseBodyWrite(string connectionId, int count);
+        void ConnectionHeadResponseBodyWrite(string connectionId, long count);
 
         void ConnectionBadRequest(string connectionId, BadHttpRequestException ex);
 

src/Microsoft.AspNetCore.Server.Kestrel/Internal/Infrastructure/KestrelTrace.cs

@@ -24,7 +24,7 @@ public class KestrelTrace : IKestrelTrace
         private static readonly Action<ILogger, string, Exception> _applicationError;
         private static readonly Action<ILogger, string, Exception> _connectionError;
         private static readonly Action<ILogger, string, int, Exception> _connectionDisconnectedWrite;
-        private static readonly Action<ILogger, string, int, Exception> _connectionHeadResponseBodyWrite;
+        private static readonly Action<ILogger, string, long, Exception> _connectionHeadResponseBodyWrite;
         private static readonly Action<ILogger, Exception> _notAllConnectionsClosedGracefully;
         private static readonly Action<ILogger, string, string, Exception> _connectionBadRequest;
 
@@ -49,7 +49,7 @@ static KestrelTrace()
             _connectionDisconnectedWrite = LoggerMessage.Define<string, int>(LogLevel.Debug, 15, @"Connection id ""{ConnectionId}"" write of ""{count}"" bytes to disconnected client.");
             _notAllConnectionsClosedGracefully = LoggerMessage.Define(LogLevel.Debug, 16, "Some connections failed to close gracefully during server shutdown.");
             _connectionBadRequest = LoggerMessage.Define<string, string>(LogLevel.Information, 17, @"Connection id ""{ConnectionId}"" bad request data: ""{message}""");
-            _connectionHeadResponseBodyWrite = LoggerMessage.Define<string, int>(LogLevel.Debug, 18, @"Connection id ""{ConnectionId}"" write of ""{count}"" body bytes to non-body HEAD response.");
+            _connectionHeadResponseBodyWrite = LoggerMessage.Define<string, long>(LogLevel.Debug, 18, @"Connection id ""{ConnectionId}"" write of ""{count}"" body bytes to non-body HEAD response.");
         }
 
         public KestrelTrace(ILogger logger)
@@ -135,7 +135,7 @@ public virtual void ConnectionDisconnectedWrite(string connectionId, int count,
             _connectionDisconnectedWrite(_logger, connectionId, count, ex);
         }
 
-        public virtual void ConnectionHeadResponseBodyWrite(string connectionId, int count)
+        public virtual void ConnectionHeadResponseBodyWrite(string connectionId, long count)
         {
             _connectionHeadResponseBodyWrite(_logger, connectionId, count, null);
         }

test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/ResponseTests.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using System.IO;
 using System.Linq;
 using System.Net;
 using System.Net.Http;
@@ -14,6 +15,7 @@
 using Microsoft.AspNetCore.Server.Kestrel.Internal.Infrastructure;
 using Microsoft.AspNetCore.Testing;
 using Microsoft.Extensions.Internal;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Moq;
 using Xunit;
@@ -85,7 +87,7 @@ public async Task IgnoreNullHeaderValues(string headerName, StringValues headerV
                     app.Run(async context =>
                     {
                         context.Response.Headers.Add(headerName, headerValue);
-                        
+
                         await context.Response.WriteAsync("");
                     });
                 });
@@ -299,7 +301,7 @@ await connection.Receive(
         }
 
         [Fact]
-        public async Task ResponseBodyNotWrittenOnHeadResponse()
+        public async Task ResponseBodyNotWrittenOnHeadResponseAndLoggedOnlyOnce()
         {
             var mockKestrelTrace = new Mock<IKestrelTrace>();
 
@@ -324,7 +326,207 @@ await connection.Receive(
             }
 
             mockKestrelTrace.Verify(kestrelTrace =>
-                kestrelTrace.ConnectionHeadResponseBodyWrite(It.IsAny<string>(), "hello, world".Length));
+                kestrelTrace.ConnectionHeadResponseBodyWrite(It.IsAny<string>(), "hello, world".Length), Times.Once);
+        }
+
+        [Fact]
+        public async Task WhenAppWritesMoreThanContentLengthWriteThrowsAndConnectionCloses()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(httpContext =>
+            {
+                httpContext.Response.ContentLength = 11;
+                httpContext.Response.Body.Write(Encoding.ASCII.GetBytes("hello,"), 0, 6);
+                httpContext.Response.Body.Write(Encoding.ASCII.GetBytes(" world"), 0, 6);
+                return TaskCache.CompletedTask;
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.ReceiveEnd(
+                        $"HTTP/1.1 200 OK",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 11",
+                        "",
+                        "hello,");
+                }
+            }
+
+            var logMessage = Assert.Single(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
+            Assert.Equal(
+                $"Response content length mismatch: wrote 12 bytes to 11-byte response.",
+                logMessage.Exception.Message);
+        }
+
+        [Fact]
+        public async Task WhenAppWritesMoreThanContentLengthWriteAsyncThrowsAndConnectionCloses()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(async httpContext =>
+            {
+                httpContext.Response.ContentLength = 11;
+                await httpContext.Response.WriteAsync("hello,");
+                await httpContext.Response.WriteAsync(" world");
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.ReceiveEnd(
+                        $"HTTP/1.1 200 OK",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 11",
+                        "",
+                        "hello,");
+                }
+            }
+
+            var logMessage = Assert.Single(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
+            Assert.Equal(
+                $"Response content length mismatch: wrote 12 bytes to 11-byte response.",
+                logMessage.Exception.Message);
+        }
+
+        [Fact]
+        public async Task WhenAppWritesMoreThanContentLengthAndResponseNotStarted500ResponseSentAndConnectionCloses()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(async httpContext =>
+            {
+                httpContext.Response.ContentLength = 5;
+                await httpContext.Response.WriteAsync("hello, world");
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.ReceiveEnd(
+                        $"HTTP/1.1 500 Internal Server Error",
+                        "Connection: close",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 0",
+                        "",
+                        "");
+                }
+            }
+
+            var logMessage = Assert.Single(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
+            Assert.Equal(
+                $"Response content length mismatch: wrote 12 bytes to 5-byte response.",
+                logMessage.Exception.Message);
+        }
+
+        [Fact]
+        public async Task WhenAppWritesLessThanContentLengthErrorLogged()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(async httpContext =>
+            {
+                httpContext.Response.ContentLength = 13;
+                await httpContext.Response.WriteAsync("hello, world");
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.ReceiveEnd(
+                        $"HTTP/1.1 200 OK",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 13",
+                        "",
+                        "hello, world");
+                }
+            }
+
+            var errorMessage = Assert.Single(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
+            Assert.Equal(
+                $"Response content length mismatch: wrote 12 bytes to 13-byte response.",
+                errorMessage.Exception.Message);
+        }
+
+        [Fact]
+        public async Task WhenAppSetsContentLengthButDoesNotWriteBody500ResponseSentAndConnectionCloses()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(httpContext =>
+            {
+                httpContext.Response.ContentLength = 5;
+                return TaskCache.CompletedTask;
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.ReceiveEnd(
+                        $"HTTP/1.1 500 Internal Server Error",
+                        "Connection: close",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 0",
+                        "",
+                        "");
+                }
+            }
+
+            var errorMessage = Assert.Single(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
+            Assert.Equal(
+                $"Response content length mismatch: wrote 0 bytes to 5-byte response.",
+                errorMessage.Exception.Message);
+        }
+
+        [Fact]
+        public async Task WhenAppSetsContentLengthToZeroAndDoesNotWriteNoErrorIsThrown()
+        {
+            var testLogger = new TestApplicationErrorLogger();
+            var serviceContext = new TestServiceContext { Log = new TestKestrelTrace(testLogger) };
+
+            using (var server = new TestServer(httpContext =>
+            {
+                httpContext.Response.ContentLength = 0;
+                return TaskCache.CompletedTask;
+            }, serviceContext))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.Send(
+                        "GET / HTTP/1.1",
+                        "",
+                        "");
+                    await connection.Receive(
+                        $"HTTP/1.1 200 OK",
+                        $"Date: {server.Context.DateHeaderValue}",
+                        "Content-Length: 0",
+                        "",
+                        "");
+                }
+            }
+
+            Assert.DoesNotContain(testLogger.Messages, message => message.LogLevel == LogLevel.Error);
         }
 
         public static TheoryData<string, StringValues, string> NullHeaderData