diff --git a/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs b/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs
index 22e2f8bd1987aa567f74a03855fd2557e7ab61f5..f862f43d3a4791763ce7caac462160f53be2152d 100644
--- a/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs
+++ b/src/Shared/runtime/Http2/Hpack/HPackDecoder.cs
@@ -572,7 +572,7 @@ namespace System.Net.Http.HPack
throw new HPackDecodingException(SR.Format(SR.net_http_headers_exceeded_length, _maxHeadersLength));
}
- _stringOctets = new byte[Math.Max(length, _stringOctets.Length * 2)];
+ _stringOctets = new byte[Math.Max(length, Math.Min(_stringOctets.Length * 2, _maxHeadersLength))];
}
_stringLength = length;
@@ -620,7 +620,7 @@ namespace System.Net.Http.HPack
{
if (dst.Length < _stringLength)
{
- dst = new byte[Math.Max(_stringLength, dst.Length * 2)];
+ dst = new byte[Math.Max(_stringLength, Math.Min(dst.Length * 2, _maxHeadersLength))];
}
}
diff --git a/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs b/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs
index f73d72d3dd32dbaac3f86742279cb7a6b1319d37..974d71e12ff03714707f5acc2b2028b31dbde0a1 100644
--- a/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs
+++ b/src/Shared/test/Shared.Tests/runtime/Http2/HPackDecoderTest.cs
@@ -493,6 +493,41 @@ namespace System.Net.Http.Unit.Tests.HPack
Assert.Equal(string8193, _handler.DecodedHeaders[string8193]);
}
+ [Fact]
+ public void DecodesStringLength_ExceedsLimit_Throws()
+ {
+ HPackDecoder decoder = new HPackDecoder(DynamicTableInitialMaxSize, MaxHeaderFieldSize + 1);
+ string string8191 = new string('a', MaxHeaderFieldSize - 1);
+ string string8193 = new string('a', MaxHeaderFieldSize + 1);
+ string string8194 = new string('a', MaxHeaderFieldSize + 2);
+
+ var bytes = new byte[3];
+ var success = IntegerEncoder.Encode(8194, 7, bytes, out var written);
+
+ byte[] encoded = _literalHeaderFieldWithoutIndexingNewName
+ .Concat(new byte[] { 0x7f, 0x80, 0x3f }) // 8191 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8191))
+ .Concat(new byte[] { 0x7f, 0x80, 0x3f }) // 8191 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8191))
+ .Concat(_literalHeaderFieldWithoutIndexingNewName)
+ .Concat(new byte[] { 0x7f, 0x82, 0x3f }) // 8193 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8193))
+ .Concat(new byte[] { 0x7f, 0x82, 0x3f }) // 8193 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8193))
+ .Concat(_literalHeaderFieldWithoutIndexingNewName)
+ .Concat(new byte[] { 0x7f, 0x83, 0x3f }) // 8194 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8194))
+ .Concat(new byte[] { 0x7f, 0x83, 0x3f }) // 8194 encoded with 7-bit prefix, no Huffman encoding
+ .Concat(Encoding.ASCII.GetBytes(string8194))
+ .ToArray();
+
+ var ex = Assert.Throws<HPackDecodingException>(() => decoder.Decode(encoded, endHeaders: true, handler: _handler));
+ Assert.Equal(SR.Format(SR.net_http_headers_exceeded_length, MaxHeaderFieldSize + 1), ex.Message);
+ Assert.Equal(string8191, _handler.DecodedHeaders[string8191]);
+ Assert.Equal(string8193, _handler.DecodedHeaders[string8193]);
+ Assert.False(_handler.DecodedHeaders.ContainsKey(string8194));
+ }
+
[Fact]
public void DecodesStringLength_IndividualBytes()
{