#175 - Decode multipart headers as UTF-8.

Tratcher · Tratcher · commit 15a51e423f52 · 2015-01-22T09:42:09.000-08:00
diff --git a/src/Microsoft.AspNet.WebUtilities/BufferedReadStream.cs b/src/Microsoft.AspNet.WebUtilities/BufferedReadStream.cs
@@ -11,8 +11,8 @@ namespace Microsoft.AspNet.WebUtilities
 {
     internal class BufferedReadStream : Stream
     {
-        private const char CR = '\r';
-        private const char LF = '\n';
+        private const byte CR = (byte)'\r';
+        private const byte LF = (byte)'\n';
 
         private readonly Stream _inner;
         private readonly byte[] _buffer;
@@ -310,8 +310,9 @@ public async Task<bool> EnsureBufferedAsync(int minCount, CancellationToken canc
         public string ReadLine(int lengthLimit)
         {
             CheckDisposed();
-            StringBuilder builder = new StringBuilder();
+            var builder = new MemoryStream(200);
             bool foundCR = false, foundCRLF = false;
+
             while (!foundCRLF && EnsureBuffered())
             {
                 if (builder.Length > lengthLimit)
@@ -321,19 +322,15 @@ public string ReadLine(int lengthLimit)
                 ProcessLineChar(builder, ref foundCR, ref foundCRLF);
             }
 
-            if (foundCRLF)
-            {
-                return builder.ToString(0, builder.Length - 2); // Drop the CRLF
-            }
-            // Stream ended with no CRLF.
-            return builder.ToString();
+            return DecodeLine(builder, foundCRLF);
         }
 
         public async Task<string> ReadLineAsync(int lengthLimit, CancellationToken cancellationToken)
         {
             CheckDisposed();
-            StringBuilder builder = new StringBuilder();
+            var builder = new MemoryStream(200);
             bool foundCR = false, foundCRLF = false;
+
             while (!foundCRLF && await EnsureBufferedAsync(cancellationToken))
             {
                 if (builder.Length > lengthLimit)
@@ -344,25 +341,20 @@ public async Task<string> ReadLineAsync(int lengthLimit, CancellationToken cance
                 ProcessLineChar(builder, ref foundCR, ref foundCRLF);
             }
 
-            if (foundCRLF)
-            {
-                return builder.ToString(0, builder.Length - 2); // Drop the CRLF
-            }
-            // Stream ended with no CRLF.
-            return builder.ToString();
+            return DecodeLine(builder, foundCRLF);
         }
 
-        private void ProcessLineChar(StringBuilder builder, ref bool foundCR, ref bool foundCRLF)
+        private void ProcessLineChar(MemoryStream builder, ref bool foundCR, ref bool foundCRLF)
         {
-            char ch = (char)_buffer[_bufferOffset]; // TODO: Encoding enforcement
-            builder.Append(ch);
+            var b = _buffer[_bufferOffset];
+            builder.WriteByte(b);
             _bufferOffset++;
             _bufferCount--;
-            if (ch == CR)
+            if (b == CR)
             {
                 foundCR = true;
             }
-            else if (ch == LF)
+            else if (b == LF)
             {
                 if (foundCR)
                 {
@@ -375,6 +367,13 @@ private void ProcessLineChar(StringBuilder builder, ref bool foundCR, ref bool f
             }
         }
 
+        private string DecodeLine(MemoryStream builder, bool foundCRLF)
+        {
+            // Drop the final CRLF, if any
+            var length = foundCRLF ? builder.Length - 2 : builder.Length;
+            return Encoding.UTF8.GetString(builder.ToArray(), 0, (int)length);
+        }
+
         private void CheckDisposed()
         {
             if (_disposed)
diff --git a/test/Microsoft.AspNet.WebUtilities.Tests/MultipartReaderTests.cs b/test/Microsoft.AspNet.WebUtilities.Tests/MultipartReaderTests.cs
@@ -43,6 +43,19 @@ public class MultipartReaderTests
 
 Content of a.txt.
 
+--9051914041544843365972754266--
+";
+        private const string TwoPartBodyWithUnicodeFileName =
+@"--9051914041544843365972754266
+Content-Disposition: form-data; name=""text""
+
+text default
+--9051914041544843365972754266
+Content-Disposition: form-data; name=""file1""; filename=""a色.txt""
+Content-Type: text/plain
+
+Content of a.txt.
+
 --9051914041544843365972754266--
 ";
         private const string ThreePartBody =
@@ -147,6 +160,32 @@ public async Task MutipartReader_ReadTwoPartBody_Success()
             Assert.Null(await reader.ReadNextSectionAsync());
         }
 
+        [Fact]
+        public async Task MutipartReader_ReadTwoPartBodyWithUnicodeFileName_Success()
+        {
+            var stream = MakeStream(TwoPartBodyWithUnicodeFileName);
+            var reader = new MultipartReader(Boundary, stream);
+
+            var section = await reader.ReadNextSectionAsync();
+            Assert.NotNull(section);
+            Assert.Equal(1, section.Headers.Count);
+            Assert.Equal("form-data; name=\"text\"", section.Headers["Content-Disposition"][0]);
+            var buffer = new MemoryStream();
+            await section.Body.CopyToAsync(buffer);
+            Assert.Equal("text default", Encoding.ASCII.GetString(buffer.ToArray()));
+
+            section = await reader.ReadNextSectionAsync();
+            Assert.NotNull(section);
+            Assert.Equal(2, section.Headers.Count);
+            Assert.Equal("form-data; name=\"file1\"; filename=\"a色.txt\"", section.Headers["Content-Disposition"][0]);
+            Assert.Equal("text/plain", section.Headers["Content-Type"][0]);
+            buffer = new MemoryStream();
+            await section.Body.CopyToAsync(buffer);
+            Assert.Equal("Content of a.txt.\r\n", Encoding.ASCII.GetString(buffer.ToArray()));
+
+            Assert.Null(await reader.ReadNextSectionAsync());
+        }
+
         [Fact]
         public async Task MutipartReader_ThreePartBody_Success()
         {
@@ -181,5 +220,77 @@ public async Task MutipartReader_ThreePartBody_Success()
 
             Assert.Null(await reader.ReadNextSectionAsync());
         }
+
+        [Fact]
+        public async Task MutipartReader_ReadInvalidUtf8Header_ReplacementCharacters()
+        {
+            var body1 =
+@"--9051914041544843365972754266
+Content-Disposition: form-data; name=""text"" filename=""a";
+
+            var body2 =
+@".txt""
+
+text default
+--9051914041544843365972754266--
+";
+            var stream = new MemoryStream();
+            var bytes = Encoding.UTF8.GetBytes(body1);
+            stream.Write(bytes, 0, bytes.Length);
+
+            // Write an invalid utf-8 segment in the middle
+            stream.Write(new byte[] { 0xC1, 0x21 }, 0, 2);
+
+            bytes = Encoding.UTF8.GetBytes(body2);
+            stream.Write(bytes, 0, bytes.Length);
+            stream.Seek(0, SeekOrigin.Begin);
+            var reader = new MultipartReader(Boundary, stream);
+
+            var section = await reader.ReadNextSectionAsync();
+            Assert.NotNull(section);
+            Assert.Equal(1, section.Headers.Count);
+            Assert.Equal("form-data; name=\"text\" filename=\"a\uFFFD!.txt\"", section.Headers["Content-Disposition"][0]);
+            var buffer = new MemoryStream();
+            await section.Body.CopyToAsync(buffer);
+            Assert.Equal("text default", Encoding.ASCII.GetString(buffer.ToArray()));
+
+            Assert.Null(await reader.ReadNextSectionAsync());
+        }
+
+        [Fact]
+        public async Task MutipartReader_ReadInvalidUtf8SurrogateHeader_ReplacementCharacters()
+        {
+            var body1 =
+@"--9051914041544843365972754266
+Content-Disposition: form-data; name=""text"" filename=""a";
+
+            var body2 =
+@".txt""
+
+text default
+--9051914041544843365972754266--
+";
+            var stream = new MemoryStream();
+            var bytes = Encoding.UTF8.GetBytes(body1);
+            stream.Write(bytes, 0, bytes.Length);
+
+            // Write an invalid utf-8 segment in the middle
+            stream.Write(new byte[] { 0xED, 0xA0, 85 }, 0, 3);
+
+            bytes = Encoding.UTF8.GetBytes(body2);
+            stream.Write(bytes, 0, bytes.Length);
+            stream.Seek(0, SeekOrigin.Begin);
+            var reader = new MultipartReader(Boundary, stream);
+
+            var section = await reader.ReadNextSectionAsync();
+            Assert.NotNull(section);
+            Assert.Equal(1, section.Headers.Count);
+            Assert.Equal("form-data; name=\"text\" filename=\"a\uFFFDU.txt\"", section.Headers["Content-Disposition"][0]);
+            var buffer = new MemoryStream();
+            await section.Body.CopyToAsync(buffer);
+            Assert.Equal("text default", Encoding.ASCII.GetString(buffer.ToArray()));
+
+            Assert.Null(await reader.ReadNextSectionAsync());
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -11,8 +11,8 @@ namespace Microsoft.AspNet.WebUtilities`
`11`	`11`	`{`
`12`	`12`	`internal class BufferedReadStream : Stream`
`13`	`13`	`{`
`14`		`- private const char CR = '\r';`
`15`		`- private const char LF = '\n';`
	`14`	`+ private const byte CR = (byte)'\r';`
	`15`	`+ private const byte LF = (byte)'\n';`
`16`	`16`
`17`	`17`	`private readonly Stream _inner;`
`18`	`18`	`private readonly byte[] _buffer;`
`@@ -310,8 +310,9 @@ public async Task<bool> EnsureBufferedAsync(int minCount, CancellationToken canc`
`310`	`310`	`public string ReadLine(int lengthLimit)`
`311`	`311`	`{`
`312`	`312`	`CheckDisposed();`
`313`		`- StringBuilder builder = new StringBuilder();`
	`313`	`+ var builder = new MemoryStream(200);`
`314`	`314`	`bool foundCR = false, foundCRLF = false;`
	`315`	`+`
`315`	`316`	`while (!foundCRLF && EnsureBuffered())`
`316`	`317`	`{`
`317`	`318`	`if (builder.Length > lengthLimit)`
`@@ -321,19 +322,15 @@ public string ReadLine(int lengthLimit)`
`321`	`322`	`ProcessLineChar(builder, ref foundCR, ref foundCRLF);`
`322`	`323`	`}`
`323`	`324`
`324`		`- if (foundCRLF)`
`325`		`- {`
`326`		`- return builder.ToString(0, builder.Length - 2); // Drop the CRLF`
`327`		`- }`
`328`		`- // Stream ended with no CRLF.`
`329`		`- return builder.ToString();`
	`325`	`+ return DecodeLine(builder, foundCRLF);`
`330`	`326`	`}`
`331`	`327`
`332`	`328`	`public async Task<string> ReadLineAsync(int lengthLimit, CancellationToken cancellationToken)`
`333`	`329`	`{`
`334`	`330`	`CheckDisposed();`
`335`		`- StringBuilder builder = new StringBuilder();`
	`331`	`+ var builder = new MemoryStream(200);`
`336`	`332`	`bool foundCR = false, foundCRLF = false;`
	`333`	`+`
`337`	`334`	`while (!foundCRLF && await EnsureBufferedAsync(cancellationToken))`
`338`	`335`	`{`
`339`	`336`	`if (builder.Length > lengthLimit)`
`@@ -344,25 +341,20 @@ public async Task<string> ReadLineAsync(int lengthLimit, CancellationToken cance`
`344`	`341`	`ProcessLineChar(builder, ref foundCR, ref foundCRLF);`
`345`	`342`	`}`
`346`	`343`
`347`		`- if (foundCRLF)`
`348`		`- {`
`349`		`- return builder.ToString(0, builder.Length - 2); // Drop the CRLF`
`350`		`- }`
`351`		`- // Stream ended with no CRLF.`
`352`		`- return builder.ToString();`
	`344`	`+ return DecodeLine(builder, foundCRLF);`
`353`	`345`	`}`
`354`	`346`
`355`		`- private void ProcessLineChar(StringBuilder builder, ref bool foundCR, ref bool foundCRLF)`
	`347`	`+ private void ProcessLineChar(MemoryStream builder, ref bool foundCR, ref bool foundCRLF)`
`356`	`348`	`{`
`357`		`- char ch = (char)_buffer[_bufferOffset]; // TODO: Encoding enforcement`
`358`		`- builder.Append(ch);`
	`349`	`+ var b = _buffer[_bufferOffset];`
	`350`	`+ builder.WriteByte(b);`
`359`	`351`	`_bufferOffset++;`
`360`	`352`	`_bufferCount--;`
`361`		`- if (ch == CR)`
	`353`	`+ if (b == CR)`
`362`	`354`	`{`
`363`	`355`	`foundCR = true;`
`364`	`356`	`}`
`365`		`- else if (ch == LF)`
	`357`	`+ else if (b == LF)`
`366`	`358`	`{`
`367`	`359`	`if (foundCR)`
`368`	`360`	`{`
`@@ -375,6 +367,13 @@ private void ProcessLineChar(StringBuilder builder, ref bool foundCR, ref bool f`
`375`	`367`	`}`
`376`	`368`	`}`
`377`	`369`
	`370`	`+ private string DecodeLine(MemoryStream builder, bool foundCRLF)`
	`371`	`+ {`
	`372`	`+ // Drop the final CRLF, if any`
	`373`	`+ var length = foundCRLF ? builder.Length - 2 : builder.Length;`
	`374`	`+ return Encoding.UTF8.GetString(builder.ToArray(), 0, (int)length);`
	`375`	`+ }`
	`376`	`+`
`378`	`377`	`private void CheckDisposed()`
`379`	`378`	`{`
`380`	`379`	`if (_disposed)`