Send 'Connection: close' in all 400 responses to HTTP/1.1 requests (#840).

Cesar Blum Silveira · Cesar Blum Silveira · commit 8c8ee150f79d · 2016-05-18T15:03:31.000-07:00
diff --git a/src/Microsoft.AspNetCore.Server.Kestrel/Http/Frame.cs b/src/Microsoft.AspNetCore.Server.Kestrel/Http/Frame.cs
@@ -30,7 +30,7 @@ public abstract partial class Frame : FrameContext, IFrameControl
         private static readonly byte[] _bytesConnectionClose = Encoding.ASCII.GetBytes("\r\nConnection: close");
         private static readonly byte[] _bytesConnectionKeepAlive = Encoding.ASCII.GetBytes("\r\nConnection: keep-alive");
         private static readonly byte[] _bytesTransferEncodingChunked = Encoding.ASCII.GetBytes("\r\nTransfer-Encoding: chunked");
-        private static readonly byte[] _bytesHttpVersion1_1 = Encoding.ASCII.GetBytes("HTTP/1.1 ");
+        private static readonly byte[] _bytesHttpVersion11 = Encoding.ASCII.GetBytes("HTTP/1.1 ");
         private static readonly byte[] _bytesContentLengthZero = Encoding.ASCII.GetBytes("\r\nContent-Length: 0");
         private static readonly byte[] _bytesSpace = Encoding.ASCII.GetBytes(" ");
         private static readonly byte[] _bytesEndHeaders = Encoding.ASCII.GetBytes("\r\n\r\n");
@@ -87,29 +87,30 @@ public string HttpVersion
         {
             get
             {
-                if (_httpVersion == HttpVersionType.Http1_1)
+                if (_httpVersion == HttpVersionType.Http11)
                 {
                     return "HTTP/1.1";
                 }
-                if (_httpVersion == HttpVersionType.Http1_0)
+                if (_httpVersion == HttpVersionType.Http10)
                 {
                     return "HTTP/1.0";
                 }
+
                 return string.Empty;
             }
             set
             {
                 if (value == "HTTP/1.1")
                 {
-                    _httpVersion = HttpVersionType.Http1_1;
+                    _httpVersion = HttpVersionType.Http11;
                 }
                 else if (value == "HTTP/1.0")
                 {
-                    _httpVersion = HttpVersionType.Http1_0;
+                    _httpVersion = HttpVersionType.Http10;
                 }
                 else
                 {
-                    _httpVersion = HttpVersionType.Unknown;
+                    _httpVersion = HttpVersionType.Unset;
                 }
             }
         }
@@ -229,7 +230,7 @@ public void Reset()
             PathBase = null;
             Path = null;
             QueryString = null;
-            _httpVersion = HttpVersionType.Unknown;
+            _httpVersion = HttpVersionType.Unset;
             StatusCode = 200;
             ReasonPhrase = null;
 
@@ -512,7 +513,7 @@ public void ProduceContinue()
             }
 
             StringValues expect;
-            if (_httpVersion == HttpVersionType.Http1_1 &&
+            if (_httpVersion == HttpVersionType.Http11 &&
                 RequestHeaders.TryGetValue("Expect", out expect) &&
                 (expect.FirstOrDefault() ?? "").Equals("100-continue", StringComparison.OrdinalIgnoreCase))
             {
@@ -595,6 +596,7 @@ protected Task ProduceEnd()
                 {
                     // 400 Bad Request
                     StatusCode = 400;
+                    _keepAlive = false;
                 }
                 else
                 {
@@ -712,7 +714,7 @@ private void CreateResponseHeader(
                     //
                     // A server MUST NOT send a response containing Transfer-Encoding unless the corresponding
                     // request indicates HTTP/1.1 (or later).
-                    if (_httpVersion == HttpVersionType.Http1_1)
+                    if (_httpVersion == HttpVersionType.Http11)
                     {
                         _autoChunk = true;
                         responseHeaders.SetRawTransferEncoding("chunked", _bytesTransferEncodingChunked);
@@ -724,16 +726,16 @@ private void CreateResponseHeader(
                 }
             }
 
-            if (_keepAlive == false && responseHeaders.HasConnection == false && _httpVersion == HttpVersionType.Http1_1)
+            if (!_keepAlive && !responseHeaders.HasConnection && _httpVersion != HttpVersionType.Http10)
             {
                 responseHeaders.SetRawConnection("close", _bytesConnectionClose);
             }
-            else if (_keepAlive && responseHeaders.HasConnection == false && _httpVersion == HttpVersionType.Http1_0)
+            else if (_keepAlive && !responseHeaders.HasConnection && _httpVersion == HttpVersionType.Http10)
             {
                 responseHeaders.SetRawConnection("keep-alive", _bytesConnectionKeepAlive);
             }
 
-            end.CopyFrom(_bytesHttpVersion1_1);
+            end.CopyFrom(_bytesHttpVersion11);
             end.CopyFrom(statusBytes);
             responseHeaders.CopyTo(ref end);
             end.CopyFrom(_bytesEndHeaders, 0, _bytesEndHeaders.Length);
@@ -838,13 +840,10 @@ protected RequestLineStatus TakeStartLine(SocketInput input)
                     }
                     else if (httpVersion != "HTTP/1.0" && httpVersion != "HTTP/1.1")
                     {
-                        RejectRequest("Malformed request.");
+                        RejectRequest("Unrecognized HTTP version.");
                     }
                 }
 
-                // HttpVersion must be set here to send correct response when request is rejected
-                HttpVersion = httpVersion;
-
                 scan.Take();
                 var next = scan.Take();
                 if (next == -1)
@@ -879,6 +878,7 @@ protected RequestLineStatus TakeStartLine(SocketInput input)
                 Method = method;
                 RequestUri = requestUrlPath;
                 QueryString = queryString;
+                HttpVersion = httpVersion;
 
                 bool caseMatches;
 
@@ -1099,9 +1099,9 @@ protected void ReportApplicationError(Exception ex)
 
         private enum HttpVersionType
         {
-            Unknown = -1,
-            Http1_0 = 0,
-            Http1_1 = 1
+            Unset = -1,
+            Http10 = 0,
+            Http11 = 1
         }
 
         protected enum RequestLineStatus
diff --git a/test/Microsoft.AspNetCore.Server.KestrelTests/BadHttpRequestTests.cs b/test/Microsoft.AspNetCore.Server.KestrelTests/BadHttpRequestTests.cs
@@ -1,72 +1,114 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
 using System.Threading.Tasks;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Server.KestrelTests
 {
     public class BadHttpRequestTests
     {
-        [Theory(Skip = "This test fails intermittently and needs to be investigated.")]
-        [InlineData("/ HTTP/1.1\r\n\r\n")]
-        [InlineData(" / HTTP/1.1\r\n\r\n")]
-        [InlineData("  / HTTP/1.1\r\n\r\n")]
-        [InlineData("GET  / HTTP/1.1\r\n\r\n")]
-        [InlineData("GET  /  HTTP/1.1\r\n\r\n")]
-        [InlineData("GET  HTTP/1.1\r\n\r\n")]
+        // Don't send more data than necessary to fail, otherwise the test throws trying to
+        // send data after the server has already closed the connection. This would cause the
+        // test to fail on Windows, due to a winsock limitation: after the error when trying
+        // to write to the socket closed by the server, winsock disposes all resources used
+        // by that socket. The test then fails when we try to read the expected response
+        // from the server because, although it would have been buffered, it got discarded
+        // by winsock on the send() error.
+        // The solution for this is for the client to always try to receive before doing
+        // any sends, that way it can detect that the connection has been closed by the server
+        // and not try to send() on the closed connection, triggering the error that would cause
+        // any buffered received data to be lost.
+        // We do not deem necessary to mitigate this issue in TestConnection, since it would only
+        // be ensuring that we have a properly implemented HTTP client that can handle the
+        // winsock issue. There is nothing to be verified in Kestrel in this situation.
+        [Theory]
+        // Incomplete request lines
+        [InlineData("G")]
+        [InlineData("GE")]
+        [InlineData("GET")]
+        [InlineData("GET ")]
         [InlineData("GET /")]
         [InlineData("GET / ")]
         [InlineData("GET / H")]
+        [InlineData("GET / HT")]
+        [InlineData("GET / HTT")]
+        [InlineData("GET / HTTP")]
+        [InlineData("GET / HTTP/")]
+        [InlineData("GET / HTTP/1")]
         [InlineData("GET / HTTP/1.")]
+        [InlineData("GET / HTTP/1.1")]
+        [InlineData("GET / HTTP/1.1\r")]
+        [InlineData("GET / HTTP/1.0")]
+        [InlineData("GET / HTTP/1.0\r")]
+        // Missing method
+        [InlineData(" ")]
+        // Missing second space
+        [InlineData("/ HTTP/1.1\r\n\r\n")]
         [InlineData("GET /\r\n")]
-        [InlineData("GET / \r\n")]
+        // Missing target
+        [InlineData("GET  ")]
+        // Missing version
+        [InlineData("GET / \r")]
+        // Missing CR
         [InlineData("GET / \n")]
-        [InlineData("GET / http/1.0\r\n\r\n")]
-        [InlineData("GET / http/1.1\r\n\r\n")]
-        [InlineData("GET / HTTP/1.1 \r\n\r\n")]
-        [InlineData("GET / HTTP/1.1a\r\n\r\n")]
-        [InlineData("GET / HTTP/1.0\n\r\n")]
-        [InlineData("GET / HTTP/3.0\r\n\r\n")]
-        [InlineData("GET / H\r\n\r\n")]
-        [InlineData("GET / HTTP/1.\r\n\r\n")]
-        [InlineData("GET / hello\r\n\r\n")]
-        [InlineData("GET / 8charact\r\n\r\n")]
-        public async Task TestBadRequests(string request)
+        // Unrecognized HTTP version
+        [InlineData("GET / http/1.0\r")]
+        [InlineData("GET / http/1.1\r")]
+        [InlineData("GET / HTTP/1.1 \r")]
+        [InlineData("GET / HTTP/1.1a\r")]
+        [InlineData("GET / HTTP/1.0\n\r")]
+        [InlineData("GET / HTTP/1.2\r")]
+        [InlineData("GET / HTTP/3.0\r")]
+        [InlineData("GET / H\r")]
+        [InlineData("GET / HTTP/1.\r")]
+        [InlineData("GET / hello\r")]
+        [InlineData("GET / 8charact\r")]
+        // Missing LF
+        [InlineData("GET / HTTP/1.0\rA")]
+        public async Task TestBadRequestLines(string request)
         {
             using (var server = new TestServer(context => { return Task.FromResult(0); }))
             {
                 using (var connection = new TestConnection(server.Port))
                 {
-                    var receiveTask = Task.Run(async () =>
-                    {
-                        await connection.Receive(
-                            "HTTP/1.1 400 Bad Request",
-                            "");
-                        await connection.ReceiveStartsWith("Date: ");
-                        await connection.ReceiveForcedEnd(
-                            "Content-Length: 0",
-                            "Server: Kestrel",
-                            "",
-                            "");
-                    });
-
-                    try
-                    {
-                        await connection.SendEnd(request).ConfigureAwait(false);
-                    }
-                    catch (Exception)
-                    {
-                        // TestConnection.SendEnd will start throwing while sending characters
-                        // in cases where the server rejects the request as soon as it
-                        // determines the request line is malformed, even though there
-                        // are more characters following.
-                    }
+                    await connection.SendEnd(request);
+                    await ReceiveBadRequestResponse(connection);
+                }
+            }
+        }
 
-                    await receiveTask;
+        [Theory]
+        [InlineData(" ")]
+        [InlineData("GET  ")]
+        [InlineData("GET / HTTP/1.2\r")]
+        [InlineData("GET / HTTP/1.0\rA")]
+        public async Task ServerClosesConnectionAsSoonAsBadRequestLineIsDetected(string request)
+        {
+            using (var server = new TestServer(context => { return Task.FromResult(0); }))
+            {
+                using (var connection = new TestConnection(server.Port))
+                {
+                    await connection.Send(request);
+                    await ReceiveBadRequestResponse(connection);
                 }
             }
         }
+
+        private async Task ReceiveBadRequestResponse(TestConnection connection)
+        {
+            await connection.Receive(
+                "HTTP/1.1 400 Bad Request",
+                "");
+            await connection.Receive(
+                "Connection: close",
+                "");
+            await connection.ReceiveStartsWith("Date: ");
+            await connection.ReceiveEnd(
+                "Content-Length: 0",
+                "Server: Kestrel",
+                "",
+                "");
+        }
     }
 }
diff --git a/test/Microsoft.AspNetCore.Server.KestrelTests/ChunkedRequestTests.cs b/test/Microsoft.AspNetCore.Server.KestrelTests/ChunkedRequestTests.cs
@@ -371,6 +371,7 @@ await connection.Send(
 
                     await connection.Receive(
                         "HTTP/1.1 400 Bad Request",
+                        "Connection: close",
                         "");
                     await connection.ReceiveStartsWith("Date:");
                     await connection.ReceiveForcedEnd(
@@ -415,6 +416,7 @@ await connection.Send(
 
                     await connection.Receive(
                         "HTTP/1.1 400 Bad Request",
+                        "Connection: close",
                         "");
                     await connection.ReceiveStartsWith("Date:");
                     await connection.ReceiveForcedEnd(
diff --git a/test/Microsoft.AspNetCore.Server.KestrelTests/EngineTests.cs b/test/Microsoft.AspNetCore.Server.KestrelTests/EngineTests.cs
@@ -724,21 +724,6 @@ public async Task ConnectionClosesWhenFinReceivedBeforeRequestCompletes(ServiceC
         {
             using (var server = new TestServer(AppChunked, testContext))
             {
-                using (var connection = new TestConnection(server.Port))
-                {
-                    await connection.SendEnd(
-                        "GET /");
-                    await connection.Receive(
-                        "HTTP/1.1 400 Bad Request",
-                        "");
-                    await connection.ReceiveStartsWith("Date:");
-                    await connection.ReceiveForcedEnd(
-                        "Content-Length: 0",
-                        "Server: Kestrel",
-                        "",
-                        "");
-                }
-
                 using (var connection = new TestConnection(server.Port))
                 {
                     await connection.SendEnd(
@@ -750,6 +735,7 @@ await connection.Receive(
                         "Content-Length: 0",
                         "",
                         "HTTP/1.1 400 Bad Request",
+                        "Connection: close",
                         "");
                     await connection.ReceiveStartsWith("Date:");
                     await connection.ReceiveForcedEnd(

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ public abstract partial class Frame : FrameContext, IFrameControl`
`30`	`30`	`private static readonly byte[] _bytesConnectionClose = Encoding.ASCII.GetBytes("\r\nConnection: close");`
`31`	`31`	`private static readonly byte[] _bytesConnectionKeepAlive = Encoding.ASCII.GetBytes("\r\nConnection: keep-alive");`
`32`	`32`	`private static readonly byte[] _bytesTransferEncodingChunked = Encoding.ASCII.GetBytes("\r\nTransfer-Encoding: chunked");`
`33`		`- private static readonly byte[] _bytesHttpVersion1_1 = Encoding.ASCII.GetBytes("HTTP/1.1 ");`
	`33`	`+ private static readonly byte[] _bytesHttpVersion11 = Encoding.ASCII.GetBytes("HTTP/1.1 ");`
`34`	`34`	`private static readonly byte[] _bytesContentLengthZero = Encoding.ASCII.GetBytes("\r\nContent-Length: 0");`
`35`	`35`	`private static readonly byte[] _bytesSpace = Encoding.ASCII.GetBytes(" ");`
`36`	`36`	`private static readonly byte[] _bytesEndHeaders = Encoding.ASCII.GetBytes("\r\n\r\n");`
`@@ -87,29 +87,30 @@ public string HttpVersion`
`87`	`87`	`{`
`88`	`88`	`get`
`89`	`89`	`{`
`90`		`- if (_httpVersion == HttpVersionType.Http1_1)`
	`90`	`+ if (_httpVersion == HttpVersionType.Http11)`
`91`	`91`	`{`
`92`	`92`	`return "HTTP/1.1";`
`93`	`93`	`}`
`94`		`- if (_httpVersion == HttpVersionType.Http1_0)`
	`94`	`+ if (_httpVersion == HttpVersionType.Http10)`
`95`	`95`	`{`
`96`	`96`	`return "HTTP/1.0";`
`97`	`97`	`}`
	`98`	`+`
`98`	`99`	`return string.Empty;`
`99`	`100`	`}`
`100`	`101`	`set`
`101`	`102`	`{`
`102`	`103`	`if (value == "HTTP/1.1")`
`103`	`104`	`{`
`104`		`- _httpVersion = HttpVersionType.Http1_1;`
	`105`	`+ _httpVersion = HttpVersionType.Http11;`
`105`	`106`	`}`
`106`	`107`	`else if (value == "HTTP/1.0")`
`107`	`108`	`{`
`108`		`- _httpVersion = HttpVersionType.Http1_0;`
	`109`	`+ _httpVersion = HttpVersionType.Http10;`
`109`	`110`	`}`
`110`	`111`	`else`
`111`	`112`	`{`
`112`		`- _httpVersion = HttpVersionType.Unknown;`
	`113`	`+ _httpVersion = HttpVersionType.Unset;`
`113`	`114`	`}`
`114`	`115`	`}`
`115`	`116`	`}`
`@@ -229,7 +230,7 @@ public void Reset()`
`229`	`230`	`PathBase = null;`
`230`	`231`	`Path = null;`
`231`	`232`	`QueryString = null;`
`232`		`- _httpVersion = HttpVersionType.Unknown;`
	`233`	`+ _httpVersion = HttpVersionType.Unset;`
`233`	`234`	`StatusCode = 200;`
`234`	`235`	`ReasonPhrase = null;`
`235`	`236`
`@@ -512,7 +513,7 @@ public void ProduceContinue()`
`512`	`513`	`}`
`513`	`514`
`514`	`515`	`StringValues expect;`
`515`		`- if (_httpVersion == HttpVersionType.Http1_1 &&`
	`516`	`+ if (_httpVersion == HttpVersionType.Http11 &&`
`516`	`517`	`RequestHeaders.TryGetValue("Expect", out expect) &&`
`517`	`518`	`(expect.FirstOrDefault() ?? "").Equals("100-continue", StringComparison.OrdinalIgnoreCase))`
`518`	`519`	`{`
`@@ -595,6 +596,7 @@ protected Task ProduceEnd()`
`595`	`596`	`{`
`596`	`597`	`// 400 Bad Request`
`597`	`598`	`StatusCode = 400;`
	`599`	`+ _keepAlive = false;`
`598`	`600`	`}`
`599`	`601`	`else`
`600`	`602`	`{`
`@@ -712,7 +714,7 @@ private void CreateResponseHeader(`
`712`	`714`	`//`
`713`	`715`	`// A server MUST NOT send a response containing Transfer-Encoding unless the corresponding`
`714`	`716`	`// request indicates HTTP/1.1 (or later).`
`715`		`- if (_httpVersion == HttpVersionType.Http1_1)`
	`717`	`+ if (_httpVersion == HttpVersionType.Http11)`
`716`	`718`	`{`
`717`	`719`	`_autoChunk = true;`
`718`	`720`	`responseHeaders.SetRawTransferEncoding("chunked", _bytesTransferEncodingChunked);`
`@@ -724,16 +726,16 @@ private void CreateResponseHeader(`
`724`	`726`	`}`
`725`	`727`	`}`
`726`	`728`
`727`		`- if (_keepAlive == false && responseHeaders.HasConnection == false && _httpVersion == HttpVersionType.Http1_1)`
	`729`	`+ if (!_keepAlive && !responseHeaders.HasConnection && _httpVersion != HttpVersionType.Http10)`
`728`	`730`	`{`
`729`	`731`	`responseHeaders.SetRawConnection("close", _bytesConnectionClose);`
`730`	`732`	`}`
`731`		`- else if (_keepAlive && responseHeaders.HasConnection == false && _httpVersion == HttpVersionType.Http1_0)`
	`733`	`+ else if (_keepAlive && !responseHeaders.HasConnection && _httpVersion == HttpVersionType.Http10)`
`732`	`734`	`{`
`733`	`735`	`responseHeaders.SetRawConnection("keep-alive", _bytesConnectionKeepAlive);`
`734`	`736`	`}`
`735`	`737`
`736`		`- end.CopyFrom(_bytesHttpVersion1_1);`
	`738`	`+ end.CopyFrom(_bytesHttpVersion11);`
`737`	`739`	`end.CopyFrom(statusBytes);`
`738`	`740`	`responseHeaders.CopyTo(ref end);`
`739`	`741`	`end.CopyFrom(_bytesEndHeaders, 0, _bytesEndHeaders.Length);`
`@@ -838,13 +840,10 @@ protected RequestLineStatus TakeStartLine(SocketInput input)`
`838`	`840`	`}`
`839`	`841`	`else if (httpVersion != "HTTP/1.0" && httpVersion != "HTTP/1.1")`
`840`	`842`	`{`
`841`		`- RejectRequest("Malformed request.");`
	`843`	`+ RejectRequest("Unrecognized HTTP version.");`
`842`	`844`	`}`
`843`	`845`	`}`
`844`	`846`
`845`		`- // HttpVersion must be set here to send correct response when request is rejected`
`846`		`- HttpVersion = httpVersion;`
`847`		`-`
`848`	`847`	`scan.Take();`
`849`	`848`	`var next = scan.Take();`
`850`	`849`	`if (next == -1)`
`@@ -879,6 +878,7 @@ protected RequestLineStatus TakeStartLine(SocketInput input)`
`879`	`878`	`Method = method;`
`880`	`879`	`RequestUri = requestUrlPath;`
`881`	`880`	`QueryString = queryString;`
	`881`	`+ HttpVersion = httpVersion;`
`882`	`882`
`883`	`883`	`bool caseMatches;`
`884`	`884`
`@@ -1099,9 +1099,9 @@ protected void ReportApplicationError(Exception ex)`
`1099`	`1099`
`1100`	`1100`	`private enum HttpVersionType`
`1101`	`1101`	`{`
`1102`		`- Unknown = -1,`
`1103`		`- Http1_0 = 0,`
`1104`		`- Http1_1 = 1`
	`1102`	`+ Unset = -1,`
	`1103`	`+ Http10 = 0,`
	`1104`	`+ Http11 = 1`
`1105`	`1105`	`}`
`1106`	`1106`
`1107`	`1107`	`protected enum RequestLineStatus`