Configure max request line size limits to be the same as maxHeaderSize (#312)

pranavkm · web-flow · commit ef4296eff8da · 2022-01-14T13:47:15.000-08:00
* Configure max request line size limits to be the same as maxHeaderSize As part of ReadAsHttpRequestMessageAsync, the parsing of the HTTP request line is limited by a non-configurable 2k limit. The size does not affect buffer sizes, only the maximum allowed length. This PR updates the ReadAsHttpRequestMessageAsync API to use the same limits for HTTP request line as the HTTP header line, the latter which is configurable by user code. In the default case, this means the HTTP request line size now supports a 16k limit before it throws. Fixes #307
diff --git a/src/System.Net.Http.Formatting/HttpContentMessageExtensions.cs b/src/System.Net.Http.Formatting/HttpContentMessageExtensions.cs
@@ -223,7 +223,7 @@ private static async Task<HttpRequestMessage> ReadAsHttpRequestMessageAsyncCore(
 
             HttpUnsortedRequest httpRequest = new HttpUnsortedRequest();
             HttpRequestHeaderParser parser = new HttpRequestHeaderParser(httpRequest,
-                HttpRequestHeaderParser.DefaultMaxRequestLineSize, maxHeaderSize);
+                Math.Max(HttpRequestHeaderParser.DefaultMaxRequestLineSize, maxHeaderSize), maxHeaderSize);
             ParserState parseStatus;
 
             byte[] buffer = new byte[bufferSize];
diff --git a/test/System.Net.Http.Formatting.Test/HttpContentMessageExtensionsTests.cs b/test/System.Net.Http.Formatting.Test/HttpContentMessageExtensionsTests.cs
@@ -482,16 +482,50 @@ public Task ReadAsHttpResponseMessageAsync_LargeHeaderSize()
         }
 
         [Fact]
-        public Task ReadAsHttpRequestMessageAsync_LargeHeaderSize()
+        public async Task ReadAsHttpRequestMessageAsync_LargeHeaderSize()
         {
+            string cookieValue = string.Format("{0}={1}", new String('a', 16 * 1024), new String('b', 16 * 1024));
             string[] request = new[] {
                 @"GET / HTTP/1.1",
                 @"Host: msdn.microsoft.com",
-                String.Format("Cookie: {0}={1}", new String('a', 16 * 1024), new String('b', 16 * 1024))
+                string.Format("Cookie: {0}", cookieValue),
+            };
+
+            HttpContent content = CreateContent(true, request, "sample body");
+            var httpRequestMessage = await content.ReadAsHttpRequestMessageAsync(Uri.UriSchemeHttp, 64 * 1024, 64 * 1024);
+
+            Assert.Equal(HttpMethod.Get, httpRequestMessage.Method);
+            Assert.Equal("/", httpRequestMessage.RequestUri.PathAndQuery);
+            Assert.Equal("msdn.microsoft.com", httpRequestMessage.Headers.Host);
+            IEnumerable<string> actualCookieValue;
+            Assert.True(httpRequestMessage.Headers.TryGetValues("Cookie", out actualCookieValue));
+            Assert.Equal(cookieValue, Assert.Single(actualCookieValue));
+        }
+
+        [Fact]
+        public async Task ReadAsHttpRequestMessageAsync_LargeHttpRequestLine()
+        {
+            string requestPath = string.Format("/myurl?{0}={1}", new string('a', 4 * 1024), new string('b', 4 * 1024));
+            string cookieValue = string.Format("{0}={1}", new String('a', 4 * 1024), new String('b', 4 * 1024));
+            string[] request = new[]
+            {
+                string.Format("GET {0} HTTP/1.1", requestPath),
+                @"Host: msdn.microsoft.com",
+                string.Format("Cookie: {0}", cookieValue),
             };
 
             HttpContent content = CreateContent(true, request, "sample body");
-            return content.ReadAsHttpRequestMessageAsync(Uri.UriSchemeHttp, 64 * 1024, 64 * 1024);
+            var httpRequestMessage = await content.ReadAsHttpRequestMessageAsync(
+                Uri.UriSchemeHttp,
+                bufferSize: 64 * 1024,
+                maxHeaderSize: 64 * 1024);
+
+            Assert.Equal(HttpMethod.Get, httpRequestMessage.Method);
+            Assert.Equal(requestPath, httpRequestMessage.RequestUri.PathAndQuery);
+            Assert.Equal("msdn.microsoft.com", httpRequestMessage.Headers.Host);
+            IEnumerable<string> actualCookieValue;
+            Assert.True(httpRequestMessage.Headers.TryGetValues("Cookie", out actualCookieValue));
+            Assert.Equal(cookieValue, Assert.Single(actualCookieValue));
         }
 
         [Theory]
