From 66026a289034dcbc679ad9d2c3280475dc73c6f1 Mon Sep 17 00:00:00 2001 From: Zafer Balkan Date: Tue, 3 Feb 2026 17:08:12 +0200 Subject: [PATCH 1/3] Added content-length and guard clauses to HttpContentStream --- .../Http/HttpContentStream.cs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/TechnitiumLibrary.Net/Http/HttpContentStream.cs b/TechnitiumLibrary.Net/Http/HttpContentStream.cs index ebbc7bb4..e4dc509f 100644 --- a/TechnitiumLibrary.Net/Http/HttpContentStream.cs +++ b/TechnitiumLibrary.Net/Http/HttpContentStream.cs @@ -19,6 +19,7 @@ You should have received a copy of the GNU General Public License using System; using System.IO; +using System.Net.Http; using System.Threading; using System.Threading.Tasks; @@ -43,6 +44,23 @@ class HttpContentStream : Stream public HttpContentStream(Stream baseStream, byte[] buffer, int offset, int length, int contentLength = -1) { + ArgumentOutOfRangeException.ThrowIfNegative(length); + ArgumentNullException.ThrowIfNull(baseStream); + ArgumentNullException.ThrowIfNull(buffer); + if (offset < 0 || offset + length > buffer.Length) + throw new ArgumentOutOfRangeException(nameof(offset)); + + // Validate Content-Length semantics + if (contentLength < -1) + throw new InvalidDataException("Invalid Content-Length value."); + + int bufferedBodyBytes = length - offset; + + // RFC 9112 §6.3 — recipient MUST NOT read beyond Content-Length + if (contentLength != -1 && bufferedBodyBytes > contentLength) + throw new HttpRequestException( + $"HTTP protocol violation: buffered {bufferedBodyBytes} body bytes, " + + $"but Content-Length is {contentLength}."); _baseStream = baseStream; _buffer = buffer; From 3e2774d4b8b6f16189a9f4c272658ecf0e31aa13 Mon Sep 17 00:00:00 2001 From: Zafer Balkan Date: Tue, 3 Feb 2026 17:18:58 +0200 Subject: [PATCH 2/3] Added copyright --- TechnitiumLibrary.Net/Http/HttpContentStream.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/TechnitiumLibrary.Net/Http/HttpContentStream.cs b/TechnitiumLibrary.Net/Http/HttpContentStream.cs index e4dc509f..2e198795 100644 --- a/TechnitiumLibrary.Net/Http/HttpContentStream.cs +++ b/TechnitiumLibrary.Net/Http/HttpContentStream.cs @@ -1,6 +1,7 @@ /* Technitium Library Copyright (C) 2024 Shreyas Zare (shreyas@technitium.com) +Copyright (C) 2026 Zafer Balkan (zafer@zaferbalkan.com) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by From a5eed9cf418c74cb7606eed13870e69a29a589d5 Mon Sep 17 00:00:00 2001 From: Zafer Balkan Date: Mon, 9 Feb 2026 11:28:55 +0200 Subject: [PATCH 3/3] Revert "Added copyright" This reverts commit 3e2774d4b8b6f16189a9f4c272658ecf0e31aa13. --- TechnitiumLibrary.Net/Http/HttpContentStream.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/TechnitiumLibrary.Net/Http/HttpContentStream.cs b/TechnitiumLibrary.Net/Http/HttpContentStream.cs index 2e198795..e4dc509f 100644 --- a/TechnitiumLibrary.Net/Http/HttpContentStream.cs +++ b/TechnitiumLibrary.Net/Http/HttpContentStream.cs @@ -1,7 +1,6 @@ /* Technitium Library Copyright (C) 2024 Shreyas Zare (shreyas@technitium.com) -Copyright (C) 2026 Zafer Balkan (zafer@zaferbalkan.com) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by