Added content-length and guard clauses to HttpContentStream#50
Conversation
zbalkan
force-pushed
the
fix/Add-Content-Length-framing-validation-in-HttpContentStream-ctor
branch
from
c4ec339 to
3e2774d
Compare
This reverts commit 3e2774d.
There was a problem hiding this comment.
Pull request overview
Adds HTTP/1.1 message framing validation to HttpContentStream so that when Content-Length is present, already-buffered body bytes cannot exceed the declared length (per RFC 9112 §6.3), addressing TechnitiumLibrary issue #49.
Changes:
- Added constructor guard clauses for
baseStream,buffer, and argument ranges. - Added
Content-Lengthvalidation and a protocol error when buffered body bytes exceedContent-Length. - Introduced
System.Net.Httpdependency to throwHttpRequestExceptionfor protocol violations.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ArgumentOutOfRangeException.ThrowIfNegative(length); | ||
| ArgumentNullException.ThrowIfNull(baseStream); | ||
| ArgumentNullException.ThrowIfNull(buffer); | ||
| if (offset < 0 || offset + length > buffer.Length) |
There was a problem hiding this comment.
The new bounds check if (offset < 0 || offset + length > buffer.Length) is incorrect for this type: in callers length is the number of bytes read into buffer (end index), and offset is the current position within those bytes. For common cases where offset > 0 (headers ended mid-buffer), offset + length can exceed buffer.Length even though both values are valid, causing the constructor to throw on well-formed messages. Validate the invariants as 0 <= offset && offset <= length && length <= buffer.Length (and only then compute bufferedBodyBytes = length - offset).
| if (offset < 0 || offset + length > buffer.Length) | |
| // Validate that 0 <= offset <= length <= buffer.Length | |
| if (offset < 0 || offset > length || length > buffer.Length) |
1 participant
Solves #49