return idx - startIndex;
}
- if (idx == value.Length || value[idx++] != '=')
+ // Make sure we have at least 2 characters and first one being an '='.
+ if (idx + 1 >= value.Length || value[idx++] != '=')
{
parsedValue = null;
return 0;
parsedValue = null;
- if (string.IsNullOrEmpty(input) || (startIndex >= input.Length))
+ if (string.IsNullOrEmpty(input) || (startIndex >= input.Length) || HttpRuleParser.ContainsNewLine(input, startIndex))
{
return 0;
}
int tagStartIndex = current;
int tagLength;
- if (HttpRuleParser.GetQuotedStringLength(input, current, out tagLength) != HttpParseResult.Parsed)
+ if (current == input.Length || HttpRuleParser.GetQuotedStringLength(input, current, out tagLength) != HttpParseResult.Parsed)
{
return 0;
}
{
public class AltSvcHeaderParserTest
{
+ [Fact]
+ public void TryParse_InvalidValueString_ReturnsFalse()
+ {
+ HttpHeaderParser parser = AltSvcHeaderParser.Parser;
+ string invalidInput = "a=";
+ int startIndex = 0;
+
+ Assert.False(parser.TryParseValue(invalidInput, null, ref startIndex, out var _));
+ }
+
[Theory]
[MemberData(nameof(SuccessfulParseData))]
public void TryParse_Success(string value, object[] expectedServicesObj)
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Net.Http.Headers;
+
+using Xunit;
+
+namespace System.Net.Http.Tests
+{
+ public class AuthenticationHeaderParserTest
+ {
+ [Fact]
+ public void TryParse_InvalidValueString_ReturnsFalse()
+ {
+ HttpHeaderParser parser = GenericHeaderParser.MultipleValueAuthenticationParser;
+ string invalidInput = "a \n";
+ int startIndex = 0;
+
+ Assert.False(parser.TryParseValue(invalidInput, null, ref startIndex, out var _));
+ }
+ }
+}
--- /dev/null
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Net.Http.Headers;
+
+using Xunit;
+
+namespace System.Net.Http.Tests
+{
+ public class EntityTagHeaderParserTest
+ {
+ [Fact]
+ public void TryParse_InvalidValueString_ReturnsFalse()
+ {
+ HttpHeaderParser parser = GenericHeaderParser.MultipleValueEntityTagParser;
+ string invalidInput = "w/\t\t";
+ int startIndex = 0;
+
+ Assert.False(parser.TryParseValue(invalidInput, null, ref startIndex, out var _));
+ }
+ }
+}
<Compile Include="Fakes\HttpTelemetry.cs" />
<Compile Include="Fakes\MacProxy.cs" Condition="'$(TargetPlatformIdentifier)' == 'osx' or '$(TargetPlatformIdentifier)' == 'ios' or '$(TargetPlatformIdentifier)' == 'tvos'" />
<Compile Include="Headers\AltSvcHeaderParserTest.cs" />
+ <Compile Include="Headers\AuthenticationHeaderParserTest.cs" />
<Compile Include="Headers\AuthenticationHeaderValueTest.cs" />
<Compile Include="Headers\ByteArrayHeaderParserTest.cs" />
<Compile Include="Headers\CacheControlHeaderParserTest.cs" />
<Compile Include="Headers\ContentDispositionHeaderValueTest.cs" />
<Compile Include="Headers\ContentRangeHeaderValueTest.cs" />
<Compile Include="Headers\DateHeaderParserTest.cs" />
+ <Compile Include="Headers\EntityTagHeaderParserTest.cs" />
<Compile Include="Headers\EntityTagHeaderValueTest.cs" />
<Compile Include="Headers\GenericHeaderParserTest\AuthenticationParserTest.cs" />
<Compile Include="Headers\GenericHeaderParserTest\ContentRangeParserTest.cs" />