From ad533b76fbfd9e2609893b2151ef156ec3e1c2f5 Mon Sep 17 00:00:00 2001 From: Brennan Date: Mon, 29 Jul 2019 16:34:25 -0700 Subject: [PATCH] Limit max handshake size (#12678) --- ...t.AspNetCore.SignalR.Core.netcoreapp3.0.cs | 1 + .../server/Core/src/HubConnectionContext.cs | 30 ++++++++++++++-- .../Core/src/HubConnectionContextOptions.cs | 5 +++ .../server/Core/src/HubConnectionHandler.cs | 1 + .../SignalR/test/HubConnectionHandlerTests.cs | 34 +++++++++++++++++++ 5 files changed, 69 insertions(+), 2 deletions(-) diff --git a/src/SignalR/server/Core/ref/Microsoft.AspNetCore.SignalR.Core.netcoreapp3.0.cs b/src/SignalR/server/Core/ref/Microsoft.AspNetCore.SignalR.Core.netcoreapp3.0.cs index 6e2f3f1f71..5309dae32c 100644 --- a/src/SignalR/server/Core/ref/Microsoft.AspNetCore.SignalR.Core.netcoreapp3.0.cs +++ b/src/SignalR/server/Core/ref/Microsoft.AspNetCore.SignalR.Core.netcoreapp3.0.cs @@ -144,6 +144,7 @@ namespace Microsoft.AspNetCore.SignalR public HubConnectionContextOptions() { } public System.TimeSpan ClientTimeoutInterval { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } public System.TimeSpan KeepAliveInterval { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } + public long? MaximumReceiveMessageSize { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } public int StreamBufferCapacity { [System.Runtime.CompilerServices.CompilerGeneratedAttribute]get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute]set { } } } public partial class HubConnectionHandler : Microsoft.AspNetCore.Connections.ConnectionHandler where THub : Microsoft.AspNetCore.SignalR.Hub diff --git a/src/SignalR/server/Core/src/HubConnectionContext.cs b/src/SignalR/server/Core/src/HubConnectionContext.cs index 22400fa702..eba7eafce4 100644 --- a/src/SignalR/server/Core/src/HubConnectionContext.cs +++ b/src/SignalR/server/Core/src/HubConnectionContext.cs @@ -43,6 +43,7 @@ namespace Microsoft.AspNetCore.SignalR private bool _clientTimeoutActive; private bool _connectionAborted; private int _streamBufferCapacity; + private long? _maxMessageSize; /// /// Initializes a new instance of the class. @@ -55,6 +56,7 @@ namespace Microsoft.AspNetCore.SignalR _keepAliveInterval = contextOptions.KeepAliveInterval.Ticks; _clientTimeoutInterval = contextOptions.ClientTimeoutInterval.Ticks; _streamBufferCapacity = contextOptions.StreamBufferCapacity; + _maxMessageSize = contextOptions.MaximumReceiveMessageSize; _connectionContext = connectionContext; _logger = loggerFactory.CreateLogger(); @@ -406,10 +408,20 @@ namespace Microsoft.AspNetCore.SignalR if (!buffer.IsEmpty) { - if (HandshakeProtocol.TryParseRequestMessage(ref buffer, out var handshakeRequestMessage)) + var segment = buffer; + var overLength = false; + + if (_maxMessageSize != null && buffer.Length > _maxMessageSize.Value) + { + // We give the parser a sliding window of the default message size + segment = segment.Slice(segment.Start, _maxMessageSize.Value); + overLength = true; + } + + if (HandshakeProtocol.TryParseRequestMessage(ref segment, out var handshakeRequestMessage)) { // We parsed the handshake - consumed = buffer.Start; + consumed = segment.Start; examined = consumed; Protocol = protocolResolver.GetProtocol(handshakeRequestMessage.Protocol, supportedProtocols); @@ -461,6 +473,12 @@ namespace Microsoft.AspNetCore.SignalR await WriteHandshakeResponseAsync(HandshakeResponseMessage.Empty); return true; } + else if (overLength) + { + Log.HandshakeSizeLimitExceeded(_logger, _maxMessageSize.Value); + await WriteHandshakeResponseAsync(new HandshakeResponseMessage("Handshake was canceled.")); + return false; + } } if (result.IsCompleted) @@ -619,6 +637,9 @@ namespace Microsoft.AspNetCore.SignalR private static readonly Action _clientTimeout = LoggerMessage.Define(LogLevel.Debug, new EventId(9, "ClientTimeout"), "Client timeout ({ClientTimeout}ms) elapsed without receiving a message from the client. Closing connection."); + private static readonly Action _handshakeSizeLimitExceeded = + LoggerMessage.Define(LogLevel.Debug, new EventId(10, "HandshakeSizeLimitExceeded"), "The maximum message size of {MaxMessageSize}B was exceeded while parsing the Handshake. The message size can be configured in AddHubOptions."); + public static void HandshakeComplete(ILogger logger, string hubProtocol) { _handshakeComplete(logger, hubProtocol, null); @@ -663,6 +684,11 @@ namespace Microsoft.AspNetCore.SignalR { _clientTimeout(logger, (int)timeout.TotalMilliseconds, null); } + + public static void HandshakeSizeLimitExceeded(ILogger logger, long maxMessageSize) + { + _handshakeSizeLimitExceeded(logger, maxMessageSize, null); + } } } } diff --git a/src/SignalR/server/Core/src/HubConnectionContextOptions.cs b/src/SignalR/server/Core/src/HubConnectionContextOptions.cs index a38096cbef..c95c58afe6 100644 --- a/src/SignalR/server/Core/src/HubConnectionContextOptions.cs +++ b/src/SignalR/server/Core/src/HubConnectionContextOptions.cs @@ -24,5 +24,10 @@ namespace Microsoft.AspNetCore.SignalR /// Gets or sets the max buffer size for client upload streams. /// public int StreamBufferCapacity { get; set; } + + /// + /// Gets or sets the maximum message size the client can send. + /// + public long? MaximumReceiveMessageSize { get; set; } } } diff --git a/src/SignalR/server/Core/src/HubConnectionHandler.cs b/src/SignalR/server/Core/src/HubConnectionHandler.cs index 252f7436da..cce8383200 100644 --- a/src/SignalR/server/Core/src/HubConnectionHandler.cs +++ b/src/SignalR/server/Core/src/HubConnectionHandler.cs @@ -89,6 +89,7 @@ namespace Microsoft.AspNetCore.SignalR KeepAliveInterval = _hubOptions.KeepAliveInterval ?? _globalHubOptions.KeepAliveInterval ?? HubOptionsSetup.DefaultKeepAliveInterval, ClientTimeoutInterval = _hubOptions.ClientTimeoutInterval ?? _globalHubOptions.ClientTimeoutInterval ?? HubOptionsSetup.DefaultClientTimeoutInterval, StreamBufferCapacity = _hubOptions.StreamBufferCapacity ?? _globalHubOptions.StreamBufferCapacity ?? HubOptionsSetup.DefaultStreamBufferCapacity, + MaximumReceiveMessageSize = _maximumMessageSize, }; Log.ConnectedStarting(_logger); diff --git a/src/SignalR/server/SignalR/test/HubConnectionHandlerTests.cs b/src/SignalR/server/SignalR/test/HubConnectionHandlerTests.cs index c61a1b1c00..2b8c146494 100644 --- a/src/SignalR/server/SignalR/test/HubConnectionHandlerTests.cs +++ b/src/SignalR/server/SignalR/test/HubConnectionHandlerTests.cs @@ -310,6 +310,40 @@ namespace Microsoft.AspNetCore.SignalR.Tests } } + [Fact] + public async Task ConnectionClosedWhenHandshakeLargerThanMaxMessageSize() + { + using (StartVerifiableLog()) + { + var connectionHandler = HubConnectionHandlerTestUtils.GetHubConnectionHandler(typeof(HubT), loggerFactory: LoggerFactory, + builder => + { + builder.AddSignalR(o => + { + o.MaximumReceiveMessageSize = 1; + }); + }); + + using (var client = new TestClient()) + { + client.SupportedFormats = TransferFormat.Text; + + var connectionHandlerTask = await client.ConnectAsync(connectionHandler, + sendHandshakeRequestMessage: true, + expectedHandshakeResponseMessage: false); + + var message = await client.ReadAsync(isHandshake: true).OrTimeout(); + + Assert.Equal("Handshake was canceled.", ((HandshakeResponseMessage)message).Error); + + // Connection closes + await connectionHandlerTask.OrTimeout(); + + client.Dispose(); + } + } + } + [Fact] public async Task SendingHandshakeRequestInChunksWorks() {