Add check for index advance during parsing

JunTaoLuo · JunTaoLuo · commit 3289afe00764 · 2017-01-31T11:03:20.000-08:00
diff --git a/src/Microsoft.Net.Http.Headers/HeaderUtilities.cs b/src/Microsoft.Net.Http.Headers/HeaderUtilities.cs
@@ -3,6 +3,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Diagnostics;
 using System.Diagnostics.Contracts;
 using System.Globalization;
 using Microsoft.Extensions.Primitives;
@@ -200,6 +201,33 @@ internal static int GetNextNonEmptyOrWhitespaceIndex(
             return current;
         }
 
+        private static int AdvanceCacheDirectiveIndex(int current, string headerValue)
+        {
+            // Skip until the next potential name
+            current += HttpRuleParser.GetWhitespaceLength(headerValue, current);
+
+            // Skip the value if present
+            if (current < headerValue.Length && headerValue[current] == '=')
+            {
+                current++; // skip '='
+                current += NameValueHeaderValue.GetValueLength(headerValue, current);
+            }
+
+            // Find the next delimiter
+            current = headerValue.IndexOf(',', current);
+
+            if (current == -1)
+            {
+                // If no delimiter found, skip to the end
+                return headerValue.Length;
+            }
+
+            current++; // skip ','
+            current += HttpRuleParser.GetWhitespaceLength(headerValue, current);
+
+            return current;
+        }
+
         /// <summary>
         /// Try to find a target header value among the set of given header values and parse it as a
         /// <see cref="TimeSpan"/>.
@@ -237,6 +265,7 @@ public static bool TryParseSeconds(StringValues headerValues, string targetValue
                 while (current < headerValues[i].Length)
                 {
                     long seconds;
+                    var initial = current;
                     var tokenLength = HttpRuleParser.GetTokenLength(headerValues[i], current);
                     if (tokenLength == targetValue.Length
                         && string.Compare(headerValues[i], current, targetValue, 0, tokenLength, StringComparison.OrdinalIgnoreCase) == 0
@@ -246,26 +275,15 @@ public static bool TryParseSeconds(StringValues headerValues, string targetValue
                         value = TimeSpan.FromSeconds(seconds);
                         return true;
                     }
-                    else
-                    {
-                        // Skip until the next potential name
-                        current += tokenLength;
-                        current += HttpRuleParser.GetWhitespaceLength(headerValues[i], current);
 
-                        // Skip the value if present
-                        if (current < headerValues[i].Length && headerValues[i][current] == '=')
-                        {
-                            current++; // skip '='
-                            current += NameValueHeaderValue.GetValueLength(headerValues[i], current);
-                            current += HttpRuleParser.GetWhitespaceLength(headerValues[i], current);
-                        }
+                    current = AdvanceCacheDirectiveIndex(current + tokenLength, headerValues[i]);
 
-                        // Skip the delimiter
-                        if (current < headerValues[i].Length && headerValues[i][current] == ',')
-                        {
-                            current++; // skip ','
-                            current += HttpRuleParser.GetWhitespaceLength(headerValues[i], current);
-                        }
+                    // Ensure index was advanced
+                    if (current <= initial)
+                    {
+                        Debug.Assert(false, $"Index '{nameof(current)}' not advanced, this is a bug.");
+                        value = null;
+                        return false;
                     }
                 }
             }
@@ -293,41 +311,30 @@ public static bool ContainsCacheDirective(StringValues cacheControlDirectives, s
                 return false;
             }
 
-
             for (var i = 0; i < cacheControlDirectives.Count; i++)
             {
                 // Trim leading white space
                 var current = HttpRuleParser.GetWhitespaceLength(cacheControlDirectives[i], 0);
 
                 while (current < cacheControlDirectives[i].Length)
                 {
+                    var initial = current;
+
                     var tokenLength = HttpRuleParser.GetTokenLength(cacheControlDirectives[i], current);
                     if (tokenLength == targetDirectives.Length
                         && string.Compare(cacheControlDirectives[i], current, targetDirectives, 0, tokenLength, StringComparison.OrdinalIgnoreCase) == 0)
                     {
                         // Token matches target value
                         return true;
                     }
-                    else
-                    {
-                        // Skip until the next potential name
-                        current += tokenLength;
-                        current += HttpRuleParser.GetWhitespaceLength(cacheControlDirectives[i], current);
 
-                        // Skip the value if present
-                        if (current < cacheControlDirectives[i].Length && cacheControlDirectives[i][current] == '=')
-                        {
-                            current++; // skip '='
-                            current += NameValueHeaderValue.GetValueLength(cacheControlDirectives[i], current);
-                            current += HttpRuleParser.GetWhitespaceLength(cacheControlDirectives[i], current);
-                        }
+                    current = AdvanceCacheDirectiveIndex(current + tokenLength, cacheControlDirectives[i]);
 
-                        // Skip the delimiter
-                        if (current < cacheControlDirectives[i].Length && cacheControlDirectives[i][current] == ',')
-                        {
-                            current++; // skip ','
-                            current += HttpRuleParser.GetWhitespaceLength(cacheControlDirectives[i], current);
-                        }
+                    // Ensure index was advanced
+                    if (current <= initial)
+                    {
+                        Debug.Assert(false, $"Index '{nameof(current)}' not advanced, this is a bug.");
+                        return false;
                     }
                 }
             }
diff --git a/test/Microsoft.Net.Http.Headers.Tests/HeaderUtilitiesTest.cs b/test/Microsoft.Net.Http.Headers.Tests/HeaderUtilitiesTest.cs
@@ -71,6 +71,7 @@ public void TryParseSeconds_Succeeds(string headerValues, string targetValue, in
         [InlineData("directive1", "directive")]
         [InlineData("h=directive", "directive")]
         [InlineData("directive1, directive2=80", "directive")]
+        [InlineData("directive1=;, directive2=10", "directive1")]
         public void TryParseSeconds_Fails(string headerValues, string targetValue)
         {
             TimeSpan? value;
@@ -124,6 +125,7 @@ public void FormatInt64_MatchesToString(long value)
         [InlineData("directive1", "directive", false)]
         [InlineData("h=directive", "directive", false)]
         [InlineData("directive1, directive2=80", "directive", false)]
+        [InlineData("directive1;, directive2=80", "directive", false)]
         public void ContainsCacheDirective_MatchesExactValue(string headerValues, string targetValue, bool contains)
         {
             Assert.Equal(contains, HeaderUtilities.ContainsCacheDirective(new StringValues(headerValues), targetValue));
