Reject POST and PUT requests with no Content-Length or Transfer-Encoding (#1130).

Cesar Blum Silveira · Cesar Blum Silveira · commit 9f82daa60cd8 · 2016-11-04T16:00:41.000-07:00
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/BadHttpRequestException.cs b/src/Microsoft.AspNetCore.Server.Kestrel/BadHttpRequestException.cs
@@ -102,6 +102,9 @@ internal static BadHttpRequestException GetException(RequestRejectionReason reas
                 case RequestRejectionReason.FinalTransferCodingNotChunked:
                     ex = new BadHttpRequestException($"Final transfer coding is not \"chunked\": \"{value}\"", 400);
                     break;
+                case RequestRejectionReason.LengthRequired:
+                    ex = new BadHttpRequestException($"{value} request contains no length indication (no Content-Length or Transfer-Encoding header)", 411);
+                    break;
                 default:
                     ex = new BadHttpRequestException("Bad request.", 400);
                     break;
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/MessageBody.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/MessageBody.cs
@@ -6,6 +6,7 @@
 using System.Numerics;
 using System.Threading;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Server.Kestrel.Internal.Infrastructure;
 using Microsoft.Extensions.Internal;
 using Microsoft.Extensions.Primitives;
@@ -266,11 +267,11 @@ public static MessageBody For(
                 return new ForChunkedEncoding(keepAlive, headers, context);
             }
 
-            var unparsedContentLength = headers.HeaderContentLength.ToString();
-            if (unparsedContentLength.Length > 0)
+            var unparsedContentLength = headers.HeaderContentLength;
+            if (unparsedContentLength.Count > 0)
             {
                 long contentLength;
-                if (!long.TryParse(unparsedContentLength, out contentLength) || contentLength < 0)
+                if (!long.TryParse(unparsedContentLength.ToString(), out contentLength) || contentLength < 0)
                 {
                     context.RejectRequest(RequestRejectionReason.InvalidContentLength, unparsedContentLength);
                 }
@@ -280,6 +281,13 @@ public static MessageBody For(
                 }
             }
 
+            // If we got here, request contains no Content-Length or Transfer-Encoding header.
+            // Reject with 411 Length Required.
+            if (HttpMethods.IsPost(context.Method) || HttpMethods.IsPut(context.Method))
+            {
+                context.RejectRequest(RequestRejectionReason.LengthRequired, context.Method);
+            }
+
             return new ForContentLength(keepAlive, 0, context);
         }
 
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/RequestRejectionReason.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Internal/Http/RequestRejectionReason.cs
@@ -27,6 +27,7 @@ public enum RequestRejectionReason
         MissingCRInHeaderLine,
         TooManyHeaders,
         RequestTimeout,
-        FinalTransferCodingNotChunked
+        FinalTransferCodingNotChunked,
+        LengthRequired
     }
 }
diff --git a/test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/MaxRequestLineSizeTests.cs b/test/Microsoft.AspNetCore.Server.Kestrel.FunctionalTests/MaxRequestLineSizeTests.cs
@@ -11,27 +11,27 @@ namespace Microsoft.AspNetCore.Server.Kestrel.FunctionalTests
     public class MaxRequestLineSizeTests
     {
         [Theory]
-        [InlineData("GET / HTTP/1.1\r\n", 16)]
-        [InlineData("GET / HTTP/1.1\r\n", 17)]
-        [InlineData("GET / HTTP/1.1\r\n", 137)]
-        [InlineData("POST /abc/de HTTP/1.1\r\n", 23)]
-        [InlineData("POST /abc/de HTTP/1.1\r\n", 24)]
-        [InlineData("POST /abc/de HTTP/1.1\r\n", 287)]
-        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\n", 28)]
-        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\n", 29)]
-        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\n", 589)]
-        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n", 40)]
-        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n", 41)]
-        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n", 1027)]
-        public async Task ServerAcceptsRequestLineWithinLimit(string requestLine, int limit)
+        [InlineData("GET / HTTP/1.1\r\n\r\n", 16)]
+        [InlineData("GET / HTTP/1.1\r\n\r\n", 17)]
+        [InlineData("GET / HTTP/1.1\r\n\r\n", 137)]
+        [InlineData("POST /abc/de HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 23)]
+        [InlineData("POST /abc/de HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 24)]
+        [InlineData("POST /abc/de HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 287)]
+        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 28)]
+        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 29)]
+        [InlineData("PUT /abc/de?f=ghi HTTP/1.1\r\nContent-Length: 0\r\n\r\n", 589)]
+        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n\r\n", 40)]
+        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n\r\n", 41)]
+        [InlineData("DELETE /a%20b%20c/d%20e?f=ghi HTTP/1.1\r\n\r\n", 1027)]
+        public async Task ServerAcceptsRequestLineWithinLimit(string request, int limit)
         {
             var maxRequestLineSize = limit;
 
             using (var server = CreateServer(limit))
             {
                 using (var connection = new TestConnection(server.Port))
                 {
-                    await connection.SendEnd($"{requestLine}\r\n");
+                    await connection.SendEnd(request);
                     await connection.ReceiveEnd(
                         "HTTP/1.1 200 OK",
                         $"Date: {server.Context.DateHeaderValue}",
diff --git a/test/Microsoft.AspNetCore.Server.KestrelTests/BadHttpRequestTests.cs b/test/Microsoft.AspNetCore.Server.KestrelTests/BadHttpRequestTests.cs
@@ -174,6 +174,21 @@ public async Task BadRequestIfPathContainsNullCharacters(string path)
             }
         }
 
+        [Theory]
+        [InlineData("POST")]
+        [InlineData("PUT")]
+        public async Task BadRequestIfMethodRequiresLengthButNoContentLengthOrTransferEncodingInRequest(string method)
+        {
+            using (var server = new TestServer(context => { return Task.FromResult(0); }))
+            {
+                using (var connection = server.CreateConnection())
+                {
+                    await connection.SendEnd($"{method} / HTTP/1.1\r\n\r\n");
+                    await ReceiveBadRequestResponse(connection, "411 Length Required", server.Context.DateHeaderValue);
+                }
+            }
+        }
+
         private async Task ReceiveBadRequestResponse(TestConnection connection, string expectedResponseStatusCode, string expectedDateHeaderValue)
         {
             await connection.ReceiveForcedEnd(
diff --git a/test/Microsoft.AspNetCore.Server.KestrelTests/MessageBodyTests.cs b/test/Microsoft.AspNetCore.Server.KestrelTests/MessageBodyTests.cs
@@ -196,13 +196,29 @@ public void ForThrowsWhenFinalTransferCodingIsNotChunked()
             using (var input = new TestInput())
             {
                 var ex = Assert.Throws<BadHttpRequestException>(() =>
-                    MessageBody.For(HttpVersion.Http10, new FrameRequestHeaders { HeaderTransferEncoding = "chunked, not-chunked" }, input.FrameContext));
+                    MessageBody.For(HttpVersion.Http11, new FrameRequestHeaders { HeaderTransferEncoding = "chunked, not-chunked" }, input.FrameContext));
 
                 Assert.Equal(400, ex.StatusCode);
                 Assert.Equal("Final transfer coding is not \"chunked\": \"chunked, not-chunked\"", ex.Message);
             }
         }
 
+        [Theory]
+        [InlineData("POST")]
+        [InlineData("PUT")]
+        public void ForThrowsWhenMethodRequiresLengthButNoContentLengthOrTransferEncodingIsSet(string method)
+        {
+            using (var input = new TestInput())
+            {
+                input.FrameContext.Method = method;
+                var ex = Assert.Throws<BadHttpRequestException>(() =>
+                    MessageBody.For(HttpVersion.Http11, new FrameRequestHeaders(), input.FrameContext));
+
+                Assert.Equal(411, ex.StatusCode);
+                Assert.Equal($"{method} request contains no length indication (no Content-Length or Transfer-Encoding header)", ex.Message);
+            }
+        }
+
         public static IEnumerable<object[]> StreamData => new[]
         {
             new object[] { new ThrowOnWriteSynchronousStream() },

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`using System.Numerics;`
`7`	`7`	`using System.Threading;`
`8`	`8`	`using System.Threading.Tasks;`
	`9`	`+using Microsoft.AspNetCore.Http;`
`9`	`10`	`using Microsoft.AspNetCore.Server.Kestrel.Internal.Infrastructure;`
`10`	`11`	`using Microsoft.Extensions.Internal;`
`11`	`12`	`using Microsoft.Extensions.Primitives;`
`@@ -266,11 +267,11 @@ public static MessageBody For(`
`266`	`267`	`return new ForChunkedEncoding(keepAlive, headers, context);`
`267`	`268`	`}`
`268`	`269`
`269`		`- var unparsedContentLength = headers.HeaderContentLength.ToString();`
`270`		`- if (unparsedContentLength.Length > 0)`
	`270`	`+ var unparsedContentLength = headers.HeaderContentLength;`
	`271`	`+ if (unparsedContentLength.Count > 0)`
`271`	`272`	`{`
`272`	`273`	`long contentLength;`
`273`		`- if (!long.TryParse(unparsedContentLength, out contentLength) \|\| contentLength < 0)`
	`274`	`+ if (!long.TryParse(unparsedContentLength.ToString(), out contentLength) \|\| contentLength < 0)`
`274`	`275`	`{`
`275`	`276`	`context.RejectRequest(RequestRejectionReason.InvalidContentLength, unparsedContentLength);`
`276`	`277`	`}`
`@@ -280,6 +281,13 @@ public static MessageBody For(`
`280`	`281`	`}`
`281`	`282`	`}`
`282`	`283`
	`284`	`+ // If we got here, request contains no Content-Length or Transfer-Encoding header.`
	`285`	`+ // Reject with 411 Length Required.`
	`286`	`+ if (HttpMethods.IsPost(context.Method) \|\| HttpMethods.IsPut(context.Method))`
	`287`	`+ {`
	`288`	`+ context.RejectRequest(RequestRejectionReason.LengthRequired, context.Method);`
	`289`	`+ }`
	`290`	`+`
`283`	`291`	`return new ForContentLength(keepAlive, 0, context);`
`284`	`292`	`}`
`285`	`293`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ public enum RequestRejectionReason`
`27`	`27`	`MissingCRInHeaderLine,`
`28`	`28`	`TooManyHeaders,`
`29`	`29`	`RequestTimeout,`
`30`		`- FinalTransferCodingNotChunked`
	`30`	`+ FinalTransferCodingNotChunked,`
	`31`	`+ LengthRequired`
`31`	`32`	`}`
`32`	`33`	`}`