Merge branch 'release' into dev

Author: Tratcher

src/Microsoft.AspNetCore.Http/Features/FormFeature.cs

@@ -14,7 +14,10 @@ namespace Microsoft.AspNetCore.Http.Features
 {
     public class FormFeature : IFormFeature
     {
+        private static readonly FormOptions DefaultFormOptions = new FormOptions();
+
         private readonly HttpRequest _request;
+        private readonly FormOptions _options;
         private Task<IFormCollection> _parsedFormTask;
         private IFormCollection _form;
 
@@ -27,15 +30,24 @@ public FormFeature(IFormCollection form)
 
             Form = form;
         }
-
         public FormFeature(HttpRequest request)
+            : this(request, DefaultFormOptions)
+        {
+        }
+
+        public FormFeature(HttpRequest request, FormOptions options)
         {
             if (request == null)
             {
                 throw new ArgumentNullException(nameof(request));
             }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
 
             _request = request;
+            _options = options;
         }
 
         private MediaTypeHeaderValue ContentType
@@ -118,6 +130,11 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
 
             cancellationToken.ThrowIfCancellationRequested();
 
+            if (_options.BufferBody)
+            {
+                _request.EnableRewind(_options.MemoryBufferThreshold, _options.BufferBodyLengthLimit);
+            }
+
             FormCollection formFields = null;
             FormFileCollection files = null;
 
@@ -129,14 +146,27 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                 if (HasApplicationFormContentType(contentType))
                 {
                     var encoding = FilterEncoding(contentType.Encoding);
-                    formFields = new FormCollection(await FormReader.ReadFormAsync(_request.Body, encoding, cancellationToken));
+                    using (var formReader = new FormReader(_request.Body, encoding)
+                    {
+                        KeyCountLimit = _options.KeyCountLimit,
+                        KeyLengthLimit = _options.KeyLengthLimit,
+                        ValueLengthLimit = _options.ValueLengthLimit,
+                    })
+                    {
+                        formFields = new FormCollection(await formReader.ReadFormAsync(cancellationToken));
+                    }
                 }
                 else if (HasMultipartFormContentType(contentType))
                 {
                     var formAccumulator = new KeyValueAccumulator();
 
-                    var boundary = GetBoundary(contentType);
-                    var multipartReader = new MultipartReader(boundary, _request.Body);
+                    var boundary = GetBoundary(contentType, _options.MultipartBoundaryLengthLimit);
+                    var multipartReader = new MultipartReader(boundary, _request.Body)
+                    {
+                        HeadersCountLimit = _options.MultipartHeadersCountLimit,
+                        HeadersLengthLimit = _options.MultipartHeadersLengthLimit,
+                        BodyLengthLimit = _options.MultipartBodyLengthLimit,
+                    };
                     var section = await multipartReader.ReadNextSectionAsync(cancellationToken);
                     while (section != null)
                     {
@@ -145,7 +175,8 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                         if (HasFileContentDisposition(contentDisposition))
                         {
                             // Enable buffering for the file if not already done for the full body
-                            section.EnableRewind(_request.HttpContext.Response.RegisterForDispose);
+                            section.EnableRewind(_request.HttpContext.Response.RegisterForDispose,
+                                _options.MemoryBufferThreshold, _options.MultipartBodyLengthLimit);
                             // Find the end
                             await section.Body.DrainAsync(cancellationToken);
 
@@ -169,6 +200,10 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                             {
                                 files = new FormFileCollection();
                             }
+                            if (files.Count >= _options.KeyCountLimit)
+                            {
+                                throw new InvalidDataException($"Form key count limit {_options.KeyCountLimit} exceeded.");
+                            }
                             files.Add(file);
                         }
                         else if (HasFormDataContentDisposition(contentDisposition))
@@ -177,14 +212,20 @@ private async Task<IFormCollection> InnerReadFormAsync(CancellationToken cancell
                             //
                             // value
 
+                            // Do not limit the key name length here because the mulipart headers length limit is already in effect.
                             var key = HeaderUtilities.RemoveQuotes(contentDisposition.Name);
                             MediaTypeHeaderValue mediaType;
                             MediaTypeHeaderValue.TryParse(section.ContentType, out mediaType);
                             var encoding = FilterEncoding(mediaType?.Encoding);
                             using (var reader = new StreamReader(section.Body, encoding, detectEncodingFromByteOrderMarks: true, bufferSize: 1024, leaveOpen: true))
                             {
+                                // The value length limit is enforced by MultipartBodyLengthLimit
                                 var value = await reader.ReadToEndAsync();
                                 formAccumulator.Append(key, value);
+                                if (formAccumulator.Count > _options.KeyCountLimit)
+                                {
+                                    throw new InvalidDataException($"Form key count limit {_options.KeyCountLimit} exceeded.");
+                                }
                             }
                         }
                         else
@@ -261,13 +302,17 @@ private bool HasFileContentDisposition(ContentDispositionHeaderValue contentDisp
         }
 
         // Content-Type: multipart/form-data; boundary="----WebKitFormBoundarymx2fSWqWSd0OxQqq"
-        // TODO: Limit the length of boundary we accept. The spec says ~70 chars.
-        private static string GetBoundary(MediaTypeHeaderValue contentType)
+        // The spec says 70 characters is a reasonable limit.
+        private static string GetBoundary(MediaTypeHeaderValue contentType, int lengthLimit)
         {
             var boundary = HeaderUtilities.RemoveQuotes(contentType.Boundary);
             if (string.IsNullOrWhiteSpace(boundary))
             {
-                throw new InvalidOperationException("Missing content-type boundary.");
+                throw new InvalidDataException("Missing content-type boundary.");
+            }
+            if (boundary.Length > lengthLimit)
+            {
+                throw new InvalidDataException($"Multipart boundary length limit {lengthLimit} exceeded.");
             }
             return boundary;
         }

src/Microsoft.AspNetCore.Http/Features/FormOptions.cs

@@ -0,0 +1,26 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.AspNetCore.WebUtilities;
+
+namespace Microsoft.AspNetCore.Http.Features
+{
+    public class FormOptions
+    {
+        public const int DefaultMemoryBufferThreshold = 1024 * 64;
+        public const int DefaultBufferBodyLengthLimit = 1024 * 1024 * 128;
+        public const int DefaultMultipartBoundaryLengthLimit = 128;
+        public const long DefaultMultipartBodyLengthLimit = 1024 * 1024 * 128;
+
+        public bool BufferBody { get; set; } = false;
+        public int MemoryBufferThreshold { get; set; } = DefaultMemoryBufferThreshold;
+        public long BufferBodyLengthLimit { get; set; } = DefaultBufferBodyLengthLimit;
+        public int KeyCountLimit { get; set; } = FormReader.DefaultKeyCountLimit;
+        public int KeyLengthLimit { get; set; } = FormReader.DefaultKeyLengthLimit;
+        public int ValueLengthLimit { get; set; } = FormReader.DefaultValueLengthLimit;
+        public int MultipartBoundaryLengthLimit { get; set; } = DefaultMultipartBoundaryLengthLimit;
+        public int MultipartHeadersCountLimit { get; set; } = MultipartReader.DefaultHeadersCountLimit;
+        public int MultipartHeadersLengthLimit { get; set; } = MultipartReader.DefaultHeadersLengthLimit;
+        public long MultipartBodyLengthLimit { get; set; } = DefaultMultipartBodyLengthLimit;
+    }
+}

src/Microsoft.AspNetCore.Http/HttpContextFactory.cs

@@ -5,27 +5,34 @@
 using System.Text;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.Extensions.ObjectPool;
+using Microsoft.Extensions.Options;
 
 namespace Microsoft.AspNetCore.Http
 {
     public class HttpContextFactory : IHttpContextFactory
     {
         private readonly ObjectPool<StringBuilder> _builderPool;
         private readonly IHttpContextAccessor _httpContextAccessor;
+        private readonly FormOptions _formOptions;
 
-        public HttpContextFactory(ObjectPoolProvider poolProvider)
-            : this(poolProvider, httpContextAccessor: null)
+        public HttpContextFactory(ObjectPoolProvider poolProvider, IOptions<FormOptions> formOptions)
+            : this(poolProvider, formOptions, httpContextAccessor: null)
         {
         }
 
-        public HttpContextFactory(ObjectPoolProvider poolProvider, IHttpContextAccessor httpContextAccessor)
+        public HttpContextFactory(ObjectPoolProvider poolProvider, IOptions<FormOptions> formOptions, IHttpContextAccessor httpContextAccessor)
         {
             if (poolProvider == null)
             {
                 throw new ArgumentNullException(nameof(poolProvider));
             }
+            if (formOptions == null)
+            {
+                throw new ArgumentNullException(nameof(formOptions));
+            }
 
             _builderPool = poolProvider.CreateStringBuilderPool();
+            _formOptions = formOptions.Value;
             _httpContextAccessor = httpContextAccessor;
         }
 
@@ -45,6 +52,9 @@ public HttpContext Create(IFeatureCollection featureCollection)
                 _httpContextAccessor.HttpContext = httpContext;
             }
 
+            var formFeature = new FormFeature(httpContext.Request, _formOptions);
+            featureCollection.Set<IFormFeature>(formFeature);
+
             return httpContext;
         }
 

src/Microsoft.AspNetCore.Http/Internal/BufferingHelper.cs

@@ -38,7 +38,7 @@ public static string TempDirectory
             }
         }
 
-        public static HttpRequest EnableRewind(this HttpRequest request, int bufferThreshold = DefaultBufferThreshold)
+        public static HttpRequest EnableRewind(this HttpRequest request, int bufferThreshold = DefaultBufferThreshold, long? bufferLimit = null)
         {
             if (request == null)
             {
@@ -48,14 +48,15 @@ public static HttpRequest EnableRewind(this HttpRequest request, int bufferThres
             var body = request.Body;
             if (!body.CanSeek)
             {
-                var fileStream = new FileBufferingReadStream(body, bufferThreshold, _getTempDirectory);
+                var fileStream = new FileBufferingReadStream(body, bufferThreshold, bufferLimit, _getTempDirectory);
                 request.Body = fileStream;
                 request.HttpContext.Response.RegisterForDispose(fileStream);
             }
             return request;
         }
 
-        public static MultipartSection EnableRewind(this MultipartSection section, Action<IDisposable> registerForDispose, int bufferThreshold = DefaultBufferThreshold)
+        public static MultipartSection EnableRewind(this MultipartSection section, Action<IDisposable> registerForDispose,
+            int bufferThreshold = DefaultBufferThreshold, long? bufferLimit = null)
         {
             if (section == null)
             {
@@ -69,7 +70,7 @@ public static MultipartSection EnableRewind(this MultipartSection section, Actio
             var body = section.Body;
             if (!body.CanSeek)
             {
-                var fileStream = new FileBufferingReadStream(body, bufferThreshold, _getTempDirectory);
+                var fileStream = new FileBufferingReadStream(body, bufferThreshold, bufferLimit, _getTempDirectory);
                 section.Body = fileStream;
                 registerForDispose(fileStream);
             }

src/Microsoft.AspNetCore.Http/RequestFormReaderExtensions.cs

@@ -0,0 +1,48 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http.Features;
+
+namespace Microsoft.AspNetCore.Http
+{
+    public static class RequestFormReaderExtensions
+    {
+        /// <summary>
+        /// Read the request body as a form with the given options. These options will only be used
+        /// if the form has not already been read.
+        /// </summary>
+        /// <param name="request">The request.</param>
+        /// <param name="options">Options for reading the form.</param>
+        /// <param name="cancellationToken"></param>
+        /// <returns>The parsed form.</returns>
+        public static Task<IFormCollection> ReadFormAsync(this HttpRequest request, FormOptions options,
+            CancellationToken cancellationToken = new CancellationToken())
+        {
+            if (request == null)
+            {
+                throw new ArgumentNullException(nameof(request));
+            }
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            if (!request.HasFormContentType)
+            {
+                throw new InvalidOperationException("Incorrect Content-Type: " + request.ContentType);
+            }
+
+            var features = request.HttpContext.Features;
+            var formFeature = features.Get<IFormFeature>();
+            if (formFeature == null || formFeature.Form == null)
+            {
+                // We haven't read the form yet, replace the reader with one using our own options.
+                features.Set<IFormFeature>(new FormFeature(request, options));
+            }
+            return request.ReadFormAsync(cancellationToken);
+        }
+    }
+}

src/Microsoft.AspNetCore.Http/project.json

@@ -21,6 +21,7 @@
     "Microsoft.AspNetCore.Http.Abstractions": "1.0.0-*",
     "Microsoft.AspNetCore.WebUtilities": "1.0.0-*",
     "Microsoft.Extensions.ObjectPool": "1.0.0-*",
+    "Microsoft.Extensions.Options": "1.0.0-*",
     "Microsoft.Net.Http.Headers": "1.0.0-*",
     "System.Buffers": "4.0.0-*"
   },

src/Microsoft.AspNetCore.WebUtilities/BufferedReadStream.cs

@@ -352,7 +352,7 @@ public string ReadLine(int lengthLimit)
                 {
                     if (builder.Length > lengthLimit)
                     {
-                        throw new InvalidOperationException("Line length limit exceeded: " + lengthLimit.ToString());
+                        throw new InvalidDataException($"Line length limit {lengthLimit} exceeded.");
                     }
                     ProcessLineChar(builder, ref foundCR, ref foundCRLF);
                 }
@@ -372,7 +372,7 @@ public async Task<string> ReadLineAsync(int lengthLimit, CancellationToken cance
                 {
                     if (builder.Length > lengthLimit)
                     {
-                        throw new InvalidOperationException("Line length limit exceeded: " + lengthLimit.ToString());
+                        throw new InvalidDataException($"Line length limit {lengthLimit} exceeded.");
                     }
 
                     ProcessLineChar(builder, ref foundCR, ref foundCRLF);