diff --git a/NuGet.config b/NuGet.config
index 4b821f800992e3c37517c61bef0dc570f13f4abf..06e49041de2f1213d98f44fccc327a90ab92ba64 100644
--- a/NuGet.config
+++ b/NuGet.config
@@ -4,8 +4,10 @@
<clear />
<!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
<!-- Begin: Package sources from dotnet-runtime -->
+ <add key="darc-int-dotnet-runtime-70ae3df" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-runtime-70ae3df4/nuget/v3/index.json" />
<!-- End: Package sources from dotnet-runtime -->
<!-- Begin: Package sources from dotnet-efcore -->
+ <add key="darc-int-dotnet-efcore-9b03633" value="https://pkgs.dev.azure.com/dnceng/internal/_packaging/darc-int-dotnet-efcore-9b03633b/nuget/v3/index.json" />
<!-- End: Package sources from dotnet-efcore -->
<!--End: Package sources managed by Dependency Flow automation. Do not edit the sources above.-->
<add key="dotnet-eng" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-eng/nuget/v3/index.json" />
@@ -25,8 +27,10 @@
<clear />
<!--Begin: Package sources managed by Dependency Flow automation. Do not edit the sources below.-->
<!-- Begin: Package sources from dotnet-efcore -->
+ <add key="darc-int-dotnet-efcore-9b03633" value="true" />
<!-- End: Package sources from dotnet-efcore -->
<!-- Begin: Package sources from dotnet-runtime -->
+ <add key="darc-int-dotnet-runtime-70ae3df" value="true" />
<!-- End: Package sources from dotnet-runtime -->
<!--End: Package sources managed by Dependency Flow automation. Do not edit the sources above.-->
</disabledPackageSources>
diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 761f0375d247fdb9621d4e691fcfad3456df3cd0..985831034f907632ff7ec7d35fedc51dd04400c7 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -9,37 +9,37 @@
-->
<Dependencies>
<ProductDependencies>
- <Dependency Name="dotnet-ef" Version="6.0.4">
+ <Dependency Name="dotnet-ef" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.InMemory" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.Relational" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.Relational" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.Sqlite" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.SqlServer" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.Tools" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.Tools" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
- <Dependency Name="Microsoft.EntityFrameworkCore.Design" Version="6.0.4">
+ <Dependency Name="Microsoft.EntityFrameworkCore.Design" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-efcore</Uri>
- <Sha>aca50aef8604cc23910d18edce820e0fa7c61910</Sha>
+ <Sha>9b03633bb18b617088b32260065ee385bf9c4491</Sha>
</Dependency>
<Dependency Name="Microsoft.Extensions.Caching.Abstractions" Version="6.0.0">
<Uri>https://github.com/dotnet/runtime</Uri>
@@ -177,9 +177,9 @@
<Uri>https://github.com/dotnet/runtime</Uri>
<Sha>4822e3c3aa77eb82b2fb33c9321f923cf11ddde6</Sha>
</Dependency>
- <Dependency Name="Microsoft.Internal.Runtime.AspNetCore.Transport" Version="6.0.4-servicing.22164.4">
+ <Dependency Name="Microsoft.Internal.Runtime.AspNetCore.Transport" Version="6.0.5-servicing.22213.9">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
<Dependency Name="System.Diagnostics.DiagnosticSource" Version="6.0.0">
<Uri>https://github.com/dotnet/runtime</Uri>
@@ -193,9 +193,9 @@
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
<Sha>839cdfb0ecca5e0be3dbccd926e7651ef50fdf10</Sha>
</Dependency>
- <Dependency Name="System.IO.Pipelines" Version="6.0.2">
+ <Dependency Name="System.IO.Pipelines" Version="6.0.3">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>839cdfb0ecca5e0be3dbccd926e7651ef50fdf10</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
<Dependency Name="System.Net.Http.Json" Version="6.0.0">
<Uri>https://github.com/dotnet/runtime</Uri>
@@ -217,9 +217,9 @@
<Uri>https://github.com/dotnet/runtime</Uri>
<Sha>4822e3c3aa77eb82b2fb33c9321f923cf11ddde6</Sha>
</Dependency>
- <Dependency Name="System.Security.Cryptography.Pkcs" Version="6.0.0">
- <Uri>https://github.com/dotnet/runtime</Uri>
- <Sha>4822e3c3aa77eb82b2fb33c9321f923cf11ddde6</Sha>
+ <Dependency Name="System.Security.Cryptography.Pkcs" Version="6.0.1">
+ <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
<Dependency Name="System.Security.Cryptography.Xml" Version="6.0.0">
<Uri>https://github.com/dotnet/runtime</Uri>
@@ -233,9 +233,9 @@
<Uri>https://github.com/dotnet/runtime</Uri>
<Sha>4822e3c3aa77eb82b2fb33c9321f923cf11ddde6</Sha>
</Dependency>
- <Dependency Name="System.Text.Json" Version="6.0.3">
+ <Dependency Name="System.Text.Json" Version="6.0.4">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
<Dependency Name="System.Threading.Channels" Version="6.0.0">
<Uri>https://github.com/dotnet/runtime</Uri>
@@ -245,33 +245,33 @@
<Uri>https://github.com/dotnet/runtime</Uri>
<Sha>4822e3c3aa77eb82b2fb33c9321f923cf11ddde6</Sha>
</Dependency>
- <Dependency Name="Microsoft.NETCore.App.Ref" Version="6.0.4">
+ <Dependency Name="Microsoft.NETCore.App.Ref" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
- <Dependency Name="Microsoft.NET.Runtime.MonoAOTCompiler.Task" Version="6.0.4">
+ <Dependency Name="Microsoft.NET.Runtime.MonoAOTCompiler.Task" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
- <Dependency Name="Microsoft.NET.Runtime.WebAssembly.Sdk" Version="6.0.4">
+ <Dependency Name="Microsoft.NET.Runtime.WebAssembly.Sdk" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
<!--
Win-x64 is used here because we have picked an arbitrary runtime identifier to flow the version of the latest NETCore.App runtime.
All Runtime.$rid packages should have the same version.
-->
- <Dependency Name="Microsoft.NETCore.App.Runtime.win-x64" Version="6.0.4">
+ <Dependency Name="Microsoft.NETCore.App.Runtime.win-x64" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
- <Dependency Name="Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm" Version="6.0.4">
+ <Dependency Name="Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm" Version="6.0.5">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
- <Dependency Name="Microsoft.NETCore.BrowserDebugHost.Transport" Version="6.0.4-servicing.22164.4">
+ <Dependency Name="Microsoft.NETCore.BrowserDebugHost.Transport" Version="6.0.5-servicing.22213.9">
<Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-runtime</Uri>
- <Sha>be98e88c760526452df94ef452fff4602fb5bded</Sha>
+ <Sha>70ae3df4a6f3c92fb6b315afc405edd10ff38579</Sha>
</Dependency>
</ProductDependencies>
<ToolsetDependencies>
diff --git a/eng/Versions.props b/eng/Versions.props
index 3e7361d33eb6ff3edc1f4d20482a949c4df8eb81..0b450c71dac7b0334e2d7f68b2e31a90eea8823a 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -63,12 +63,12 @@
<PropertyGroup Label="Automated">
<!-- Packages from dotnet/runtime -->
<MicrosoftExtensionsDependencyModelVersion>6.0.0</MicrosoftExtensionsDependencyModelVersion>
- <MicrosoftNETCoreAppRefVersion>6.0.4</MicrosoftNETCoreAppRefVersion>
- <MicrosoftNETCoreAppRuntimewinx64Version>6.0.4</MicrosoftNETCoreAppRuntimewinx64Version>
- <MicrosoftNETRuntimeMonoAOTCompilerTaskVersion>6.0.4</MicrosoftNETRuntimeMonoAOTCompilerTaskVersion>
- <MicrosoftNETRuntimeWebAssemblySdkVersion>6.0.4</MicrosoftNETRuntimeWebAssemblySdkVersion>
- <MicrosoftNETCoreAppRuntimeAOTwinx64CrossbrowserwasmVersion>6.0.4</MicrosoftNETCoreAppRuntimeAOTwinx64CrossbrowserwasmVersion>
- <MicrosoftNETCoreBrowserDebugHostTransportVersion>6.0.4-servicing.22164.4</MicrosoftNETCoreBrowserDebugHostTransportVersion>
+ <MicrosoftNETCoreAppRefVersion>6.0.5</MicrosoftNETCoreAppRefVersion>
+ <MicrosoftNETCoreAppRuntimewinx64Version>6.0.5</MicrosoftNETCoreAppRuntimewinx64Version>
+ <MicrosoftNETRuntimeMonoAOTCompilerTaskVersion>6.0.5</MicrosoftNETRuntimeMonoAOTCompilerTaskVersion>
+ <MicrosoftNETRuntimeWebAssemblySdkVersion>6.0.5</MicrosoftNETRuntimeWebAssemblySdkVersion>
+ <MicrosoftNETCoreAppRuntimeAOTwinx64CrossbrowserwasmVersion>6.0.5</MicrosoftNETCoreAppRuntimeAOTwinx64CrossbrowserwasmVersion>
+ <MicrosoftNETCoreBrowserDebugHostTransportVersion>6.0.5-servicing.22213.9</MicrosoftNETCoreBrowserDebugHostTransportVersion>
<MicrosoftExtensionsCachingAbstractionsVersion>6.0.0</MicrosoftExtensionsCachingAbstractionsVersion>
<MicrosoftExtensionsCachingMemoryVersion>6.0.1</MicrosoftExtensionsCachingMemoryVersion>
<MicrosoftExtensionsConfigurationAbstractionsVersion>6.0.0</MicrosoftExtensionsConfigurationAbstractionsVersion>
@@ -103,33 +103,33 @@
<MicrosoftExtensionsOptionsDataAnnotationsVersion>6.0.0</MicrosoftExtensionsOptionsDataAnnotationsVersion>
<MicrosoftExtensionsOptionsVersion>6.0.0</MicrosoftExtensionsOptionsVersion>
<MicrosoftExtensionsPrimitivesVersion>6.0.0</MicrosoftExtensionsPrimitivesVersion>
- <MicrosoftInternalRuntimeAspNetCoreTransportVersion>6.0.4-servicing.22164.4</MicrosoftInternalRuntimeAspNetCoreTransportVersion>
+ <MicrosoftInternalRuntimeAspNetCoreTransportVersion>6.0.5-servicing.22213.9</MicrosoftInternalRuntimeAspNetCoreTransportVersion>
<SystemDiagnosticsDiagnosticSourceVersion>6.0.0</SystemDiagnosticsDiagnosticSourceVersion>
<SystemDiagnosticsEventLogVersion>6.0.0</SystemDiagnosticsEventLogVersion>
<SystemDirectoryServicesProtocolsVersion>6.0.1</SystemDirectoryServicesProtocolsVersion>
- <SystemIOPipelinesVersion>6.0.2</SystemIOPipelinesVersion>
+ <SystemIOPipelinesVersion>6.0.3</SystemIOPipelinesVersion>
<SystemNetHttpJsonVersion>6.0.0</SystemNetHttpJsonVersion>
<SystemNetHttpWinHttpHandlerVersion>6.0.1</SystemNetHttpWinHttpHandlerVersion>
<SystemReflectionMetadataVersion>6.0.1</SystemReflectionMetadataVersion>
<SystemResourcesExtensionsVersion>6.0.0</SystemResourcesExtensionsVersion>
<SystemRuntimeCompilerServicesUnsafeVersion>6.0.0</SystemRuntimeCompilerServicesUnsafeVersion>
- <SystemSecurityCryptographyPkcsVersion>6.0.0</SystemSecurityCryptographyPkcsVersion>
+ <SystemSecurityCryptographyPkcsVersion>6.0.1</SystemSecurityCryptographyPkcsVersion>
<SystemSecurityCryptographyXmlVersion>6.0.0</SystemSecurityCryptographyXmlVersion>
<SystemServiceProcessServiceControllerVersion>6.0.0</SystemServiceProcessServiceControllerVersion>
<SystemTextEncodingsWebVersion>6.0.0</SystemTextEncodingsWebVersion>
- <SystemTextJsonVersion>6.0.3</SystemTextJsonVersion>
+ <SystemTextJsonVersion>6.0.4</SystemTextJsonVersion>
<SystemThreadingChannelsVersion>6.0.0</SystemThreadingChannelsVersion>
<!-- Only listed explicitly to workaround https://github.com/dotnet/cli/issues/10528 -->
<MicrosoftNETCorePlatformsVersion>6.0.3</MicrosoftNETCorePlatformsVersion>
<!-- Packages from dotnet/efcore -->
- <dotnetefVersion>6.0.4</dotnetefVersion>
- <MicrosoftEntityFrameworkCoreInMemoryVersion>6.0.4</MicrosoftEntityFrameworkCoreInMemoryVersion>
- <MicrosoftEntityFrameworkCoreRelationalVersion>6.0.4</MicrosoftEntityFrameworkCoreRelationalVersion>
- <MicrosoftEntityFrameworkCoreSqliteVersion>6.0.4</MicrosoftEntityFrameworkCoreSqliteVersion>
- <MicrosoftEntityFrameworkCoreSqlServerVersion>6.0.4</MicrosoftEntityFrameworkCoreSqlServerVersion>
- <MicrosoftEntityFrameworkCoreToolsVersion>6.0.4</MicrosoftEntityFrameworkCoreToolsVersion>
- <MicrosoftEntityFrameworkCoreVersion>6.0.4</MicrosoftEntityFrameworkCoreVersion>
- <MicrosoftEntityFrameworkCoreDesignVersion>6.0.4</MicrosoftEntityFrameworkCoreDesignVersion>
+ <dotnetefVersion>6.0.5</dotnetefVersion>
+ <MicrosoftEntityFrameworkCoreInMemoryVersion>6.0.5</MicrosoftEntityFrameworkCoreInMemoryVersion>
+ <MicrosoftEntityFrameworkCoreRelationalVersion>6.0.5</MicrosoftEntityFrameworkCoreRelationalVersion>
+ <MicrosoftEntityFrameworkCoreSqliteVersion>6.0.5</MicrosoftEntityFrameworkCoreSqliteVersion>
+ <MicrosoftEntityFrameworkCoreSqlServerVersion>6.0.5</MicrosoftEntityFrameworkCoreSqlServerVersion>
+ <MicrosoftEntityFrameworkCoreToolsVersion>6.0.5</MicrosoftEntityFrameworkCoreToolsVersion>
+ <MicrosoftEntityFrameworkCoreVersion>6.0.5</MicrosoftEntityFrameworkCoreVersion>
+ <MicrosoftEntityFrameworkCoreDesignVersion>6.0.5</MicrosoftEntityFrameworkCoreDesignVersion>
<!-- Packages from dotnet/arcade -->
<MicrosoftDotNetBuildTasksInstallersVersion>6.0.0-beta.22254.3</MicrosoftDotNetBuildTasksInstallersVersion>
<MicrosoftDotNetBuildTasksTemplatingVersion>6.0.0-beta.22254.3</MicrosoftDotNetBuildTasksTemplatingVersion>
diff --git a/eng/helix/helix.proj b/eng/helix/helix.proj
index b9b16f9f858fc060b3b163bee1a7454a5aecf182..f1f7e4a3d42e09b2a9b0e99865d3fe50b415a264 100644
--- a/eng/helix/helix.proj
+++ b/eng/helix/helix.proj
@@ -10,7 +10,7 @@
not HelixCorrelationPayload.
-->
<PropertyGroup>
- <IsPublicRuntime>true</IsPublicRuntime>
+ <IsPublicRuntime>false</IsPublicRuntime>
</PropertyGroup>
<PropertyGroup>
diff --git a/src/Http/Http/src/Features/FormFeature.cs b/src/Http/Http/src/Features/FormFeature.cs
index e758b1b0354c1a6713fccdf58a7e6adc33efc0da..173904e8c19496a93dcc8e6b913e5f8f58f2fd12 100644
--- a/src/Http/Http/src/Features/FormFeature.cs
+++ b/src/Http/Http/src/Features/FormFeature.cs
@@ -184,6 +184,7 @@ namespace Microsoft.AspNetCore.Http.Features
else if (HasMultipartFormContentType(contentType))
{
var formAccumulator = new KeyValueAccumulator();
+ var nonFormOrFileContentDispositionCount = 0;
var boundary = GetBoundary(contentType, _options.MultipartBoundaryLengthLimit);
var multipartReader = new MultipartReader(boundary, _request.Body)
@@ -259,7 +260,11 @@ namespace Microsoft.AspNetCore.Http.Features
}
else
{
- System.Diagnostics.Debug.Assert(false, "Unrecognized content-disposition for this section: " + section.ContentDisposition);
+ if (nonFormOrFileContentDispositionCount++ >= _options.ValueCountLimit)
+ {
+ throw new InvalidDataException($"Unrecognized Content-Disposition. Form value count limit {_options.ValueCountLimit} exceeded.");
+
+ }
}
section = await multipartReader.ReadNextSectionAsync(cancellationToken);
diff --git a/src/Http/Http/test/Features/FormFeatureTests.cs b/src/Http/Http/test/Features/FormFeatureTests.cs
index 9426ce6dd1b2a6b4a347834cc023285b7b770a94..67873e223c4d2fb7739553ce5493c08080fba34b 100644
--- a/src/Http/Http/test/Features/FormFeatureTests.cs
+++ b/src/Http/Http/test/Features/FormFeatureTests.cs
@@ -165,6 +165,12 @@ namespace Microsoft.AspNetCore.Http.Features
InvalidContentDispositionValue +
"\r\n" +
"\r\n" +
+"Foo\r\n";
+
+ private const string MultipartFormFileNonFormOrFileContentDispositionValue = "--WebKitFormBoundary5pDRpGheQXaM8k3T\r\n" +
+"Content-Disposition:x" +
+"\r\n" +
+"\r\n" +
"Foo\r\n";
private const string MultipartFormWithField =
@@ -468,6 +474,30 @@ InvalidContentDispositionValue +
Assert.Equal("Form value count limit 2 exceeded.", exception.Message);
}
+ [Theory]
+ [InlineData(true)]
+ [InlineData(false)]
+ public async Task ReadFormAsync_NonFormOrFieldContentDisposition_ValueCountLimitExceeded_Throw(bool bufferRequest)
+ {
+ var formContent = new List<byte>();
+ formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFileNonFormOrFileContentDispositionValue));
+ formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFileNonFormOrFileContentDispositionValue));
+ formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormFileNonFormOrFileContentDispositionValue));
+ formContent.AddRange(Encoding.UTF8.GetBytes(MultipartFormEnd));
+
+ var context = new DefaultHttpContext();
+ var responseFeature = new FakeResponseFeature();
+ context.Features.Set<IHttpResponseFeature>(responseFeature);
+ context.Request.ContentType = MultipartContentType;
+ context.Request.Body = new NonSeekableReadStream(formContent.ToArray());
+
+ IFormFeature formFeature = new FormFeature(context.Request, new FormOptions() { BufferBody = bufferRequest, ValueCountLimit = 2 });
+ context.Features.Set<IFormFeature>(formFeature);
+
+ var exception = await Assert.ThrowsAsync<InvalidDataException>(() => context.Request.ReadFormAsync());
+ Assert.Equal("Unrecognized Content-Disposition. Form value count limit 2 exceeded.", exception.Message);
+ }
+
[Theory]
[InlineData(true)]
[InlineData(false)]
diff --git a/src/Security/CookiePolicy/test/CookieChunkingTests.cs b/src/Security/CookiePolicy/test/CookieChunkingTests.cs
index 735d7e23d554b7ddc777da3006cf882ff7df98ec..5c958fe0abcd4d58b50775c8b6986e961de3a393 100644
--- a/src/Security/CookiePolicy/test/CookieChunkingTests.cs
+++ b/src/Security/CookiePolicy/test/CookieChunkingTests.cs
@@ -129,7 +129,7 @@ namespace Microsoft.AspNetCore.Internal
public void DeleteChunkedCookieWithOptions_AllDeleted()
{
HttpContext context = new DefaultHttpContext();
- context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");
+ context.Request.Headers.Append("Cookie", "TestCookie=chunks-7;TestCookieC1=1;TestCookieC2=2;TestCookieC3=3;TestCookieC4=4;TestCookieC5=5;TestCookieC6=6;TestCookieC7=7");
new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
var cookies = context.Response.Headers["Set-Cookie"];
@@ -147,7 +147,40 @@ namespace Microsoft.AspNetCore.Internal
}, cookies);
}
+ [Fact]
+ public void DeleteChunkedCookieWithMissingRequestCookies_OnlyPresentCookiesDeleted()
+ {
+ HttpContext context = new DefaultHttpContext();
+ context.Request.Headers.Append("Cookie", "TestCookie=chunks-7;TestCookieC1=1;TestCookieC2=2");
+
+ new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
+ var cookies = context.Response.Headers["Set-Cookie"];
+ Assert.Equal(3, cookies.Count);
+ Assert.Equal(new[]
+ {
+ "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ }, cookies);
+ }
+ [Fact]
+ public void DeleteChunkedCookieWithMissingRequestCookies_StopsAtMissingChunk()
+ {
+ HttpContext context = new DefaultHttpContext();
+ // C3 is missing so we don't try to delete C4 either.
+ context.Request.Headers.Append("Cookie", "TestCookie=chunks-7;TestCookieC1=1;TestCookieC2=2;TestCookieC4=4");
+
+ new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
+ var cookies = context.Response.Headers["Set-Cookie"];
+ Assert.Equal(3, cookies.Count);
+ Assert.Equal(new[]
+ {
+ "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+ }, cookies);
+ }
[Fact]
public void DeleteChunkedCookieWithOptionsAndResponseCookies_AllDeleted()
diff --git a/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs b/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs
index 30ec3c66ed63fc175c16f36acc7e10a91123e076..9a66071ee5d4f439f0ac9e4686891cce275125c0 100644
--- a/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs
+++ b/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs
@@ -103,7 +103,7 @@ namespace Microsoft.AspNetCore.Internal
var chunksCount = ParseChunksCount(value);
if (chunksCount > 0)
{
- var chunks = new string[chunksCount];
+ var chunks = new List<string>(10); // chunksCount may be wrong, don't trust it.
for (var chunkId = 1; chunkId <= chunksCount; chunkId++)
{
var chunk = requestCookies[key + ChunkKeySuffix + chunkId.ToString(CultureInfo.InvariantCulture)];
@@ -128,7 +128,7 @@ namespace Microsoft.AspNetCore.Internal
return value;
}
- chunks[chunkId - 1] = chunk;
+ chunks.Add(chunk);
}
return string.Join(string.Empty, chunks);
@@ -254,13 +254,22 @@ namespace Microsoft.AspNetCore.Internal
key + "="
};
- var requestCookie = context.Request.Cookies[key];
- var chunks = ParseChunksCount(requestCookie);
+ var requestCookies = context.Request.Cookies;
+ var requestCookie = requestCookies[key];
+ long chunks = ParseChunksCount(requestCookie);
if (chunks > 0)
{
for (var i = 1; i <= chunks + 1; i++)
{
var subkey = key + ChunkKeySuffix + i.ToString(CultureInfo.InvariantCulture);
+
+ // Only delete cookies we received. We received the chunk count cookie so we should have received the others too.
+ if (string.IsNullOrEmpty(requestCookies[subkey]))
+ {
+ chunks = i - 1;
+ break;
+ }
+
keys.Add(subkey + "=");
}
}