Headers containing consecutive commas fails to parse

[Tratcher]

From @Haplois on June 19, 2016 0:52

I've just upgraded to RC2. I'm using custom built SCRAM for authentication, in RC2 following HTTP request fails:

POST http://localhost:5001/services/authorization HTTP/1.1
SCRAM-SHA-256: n,,n=1,r=mhtzCDgCf3ZBKUpiYNFctfnFaXYf2MlSuZgc1Oc3DUM=
Host: localhost:5001
Content-Length: 0
Connection: Keep-Alive
Pragma: no-cache

A repro can be found here: https://github.com/Haplois/HeaderParseErrorRepro

It's because of ",," in "SCRAM-SHA-256" header, if I remove it request hits the action without an exception.

Steps to reproduce

1. Download repro, and run it.

2. Open Fiddler, and send this request for error message

   POST http://localhost:3744/services/authorization HTTP/1.1
   SCRAM-SHA-256: n,n=1,,r=mhtzCDgCf3ZBKUpiYNFctfnFaXYf2MlSuZgc1Oc3DUM=
   Host: localhost:3744
   Content-Length: 0
   Connection: Keep-Alive
   Pragma: no-cache
   

3. Send this request for successful header parsing

   POST http://localhost:3744/services/authorization HTTP/1.1
   SCRAM-SHA-256: n,n=1,r=mhtzCDgCf3ZBKUpiYNFctfnFaXYf2MlSuZgc1Oc3DUM=
   Host: localhost:3744
   Content-Length: 0
   Connection: Keep-Alive
   Pragma: no-cache
   

You'll get following exception

System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
Parameter name: offset
  at Microsoft.Extensions.Primitives.StringSegment..ctor(String buffer, Int32 offset, Int32 length)
  at Microsoft.AspNetCore.Http.Internal.HeaderSegmentCollection.Enumerator.get_Current()
  at Microsoft.AspNetCore.Http.Internal.ParsingHelpers.<GetHeaderSplitImplementation>d__2.MoveNext()
  at System.Linq.Buffer`1..ctor(IEnumerable`1 source)
  at System.Linq.Enumerable.ToArray[TSource](IEnumerable`1 source)
  at Microsoft.AspNetCore.Http.Internal.ParsingHelpers.GetHeaderSplit(IHeaderDictionary headers, String key)
  at Microsoft.AspNetCore.Mvc.ModelBinding.Binders.HeaderModelBinder.BindModelAsync(ModelBindingContext bindingContext)
  at Microsoft.AspNetCore.Mvc.Internal.ControllerArgumentBinder.<BindModelAsync>d__7.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Mvc.Internal.ControllerArgumentBinder.<PopulateArgumentsAsync>d__10.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Mvc.Internal.FilterActionInvoker.<InvokeAllActionFiltersAsync>d__40.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Mvc.Internal.FilterActionInvoker.<InvokeExceptionFilterAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at Microsoft.AspNetCore.Mvc.Internal.FilterActionInvoker.<InvokeAsync>d__32.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Mvc.Internal.MvcRouteHandler.<InvokeActionAsync>d__8.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Builder.RouterMiddleware.<Invoke>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.<Invoke>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
  at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
  at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
  at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.<Invoke>d__7.MoveNext()

Copied from original issue: aspnet/Mvc#4883

[Tratcher]

From @rynowak on June 19, 2016 0:57

Thanks for the thorough report. What happens if you use IEnumerable<string> as your parameter type?

/cc @Tratcher

The ArgumentOutOfRangeException leads me to believe this is just a bug with zero-length segments.

SCRAM-SHA-256: n,n=1,,r=mhtzCDgCf3ZBKUpiYNFctfnFaXYf2MlSuZgc1Oc3DUM= fails
SCRAM-SHA-256: n,n=1,r=mhtzCDgCf3ZBKUpiYNFctfnFaXYf2MlSuZgc1Oc3DUM= does not

[Tratcher]

From @Haplois on June 19, 2016 0:59

@rynowak I just tried that, I get same exception.

[Tratcher]

#658