Skip to content

Fix Integer Overflow in Header Processing #41757

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 20, 2022
Merged

Fix Integer Overflow in Header Processing #41757

merged 2 commits into from
May 20, 2022

Conversation

@nerddtvg
Copy link
Contributor

@nerddtvg nerddtvg commented May 19, 2022

Fix Integer Overflow in Header Processing

  • You've read the Contributor Guide and Code of Conduct.
  • You've included unit or integration tests for your change, where applicable.
  • You've included inline docs for your change, where applicable.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.

When MaxRequestHeadersTotalSize is set to int.MaxValue, an integer overflow occurs inside Http1Connection forcing connections to fail.

Description

A basic cast from int to long prior to the addition will solve this. I have attempted to include a Unit test, however I am unable to run unit tests to verify if this does in fact work as expected.

Fixes #41756

@ghost ghost added area-runtime community-contribution Indicates that the PR has been added by a community member labels May 19, 2022
@dnfadmin
Copy link

dnfadmin commented May 19, 2022
edited
Loading

CLA assistant check
All CLA requirements met.

@Tratcher Tratcher self-assigned this May 19, 2022
@Tratcher
Copy link
Member

Tratcher commented May 20, 2022

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented May 20, 2022

Azure Pipelines successfully started running 3 pipeline(s).

@Tratcher Tratcher enabled auto-merge (squash) May 20, 2022 19:54
@Tratcher Tratcher merged commit 8a4b4de into dotnet:main May 20, 2022
@ghost ghost added this to the 7.0-preview5 milestone May 20, 2022
@Tratcher
Copy link
Member

Tratcher commented May 20, 2022

Thanks

@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityamandaleeka adityamandaleeka adityamandaleeka approved these changes

@Tratcher Tratcher Tratcher approved these changes

@halter73 halter73 Awaiting requested review from halter73 halter73 is a code owner

@BrennanConroy BrennanConroy Awaiting requested review from BrennanConroy BrennanConroy is a code owner

@JamesNK JamesNK Awaiting requested review from JamesNK JamesNK is a code owner

Assignees

@Tratcher Tratcher

Labels

area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions community-contribution Indicates that the PR has been added by a community member

Projects

None yet

Milestone

7.0-preview5

Development

Successfully merging this pull request may close these issues.

Integer Overflow Causing HTTP1 Connections to Fail in Kestrel

5 participants

@nerddtvg @dnfadmin @Tratcher @adityamandaleeka @amcasey