You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are reading the list of values via HttpHeaders.TryGetValueshere. This involves validation, so it goes through the AltSvcHeaderParser, which creates a list of AltSvcHeaderValues. Those values are then ToStringed and returned from TryGetValues. Then the loop feeds those strings back to AltSvcHeaderParser and looks at parsed values.
AltSvcHeaderValue.ToString is broken for clear and it will return clear=":0"; ma=0, which is an invalid value and won't roundtrip through the parser.
As an example, the following code throws on the second Add
varheaders=new HttpResponseMessage().Headers;
headers.Add("Alt-Svc","clear");stringvalue= headers.GetValues("Alt-Svc").Single();
headers.Clear();
headers.Add("Alt-Svc", value);// The format of value 'clear=":0"; ma=0' is invalid
Similarly, the second call to the AltSvcHeaderParser will fail, and so that loop can never observe the clear value
Even if the loop could see clear, we're still going to use the first authority we saw, even though clear should have been the only value present. (We breakhere, but maybe we should be returning?)
We're comparing authorities against each other in a few places with == and !=, but the HttpAuthority class doesn't override these operators, so this is doing reference equality. This is suspicious at best and potentially an error in some places.
GetHttp3ConnectionAsync could end up returning nullhere in a race, leading to a NRE here.
We are reading the list of values via HttpHeaders.TryGetValueshere. This involves validation, so it goes through the AltSvcHeaderParser, which creates a list of AltSvcHeaderValues. Those values are then ToStringed and returned from TryGetValues. Then the loop feeds those strings back to AltSvcHeaderParser and looks at parsed values.
AltSvcHeaderValue.ToString is broken for clear and it will return clear=":0"; ma=0, which is an invalid value and won't roundtrip through the parser.
As an example, the following code throws on the second Add
varheaders=new HttpResponseMessage().Headers;
headers.Add("Alt-Svc","clear");stringvalue= headers.GetValues("Alt-Svc").Single();
headers.Clear();
headers.Add("Alt-Svc", value);// The format of value 'clear=":0"; ma=0' is invalid
Similarly, the second call to the AltSvcHeaderParser will fail, and so that loop can never observe the clear value
Even if the loop could see clear, we're still going to use the first authority we saw, even though clear should have been the only value present. (We breakhere, but maybe we should be returning?)
We're comparing authorities against each other in a few places with == and !=, but the HttpAuthority class doesn't override these operators, so this is doing reference equality. This is suspicious at best and potentially an error in some places.
GetHttp3ConnectionAsync could end up returning nullhere in a race, leading to a NRE here.
Looking at the current Alt-Svc logic, there are other weird things going on:
clear
is unreachableHttpHeaders.TryGetValues
here. This involves validation, so it goes through theAltSvcHeaderParser
, which creates a list ofAltSvcHeaderValue
s. Those values are thenToString
ed and returned fromTryGetValues
. Then the loop feeds those strings back toAltSvcHeaderParser
and looks at parsed values.AltSvcHeaderValue.ToString
is broken forclear
and it will returnclear=":0"; ma=0
, which is an invalid value and won't roundtrip through the parser.Add
AltSvcHeaderParser
will fail, and so that loop can never observe theclear
valueclear
, we're still going to use the first authority we saw, even though clear should have been the only value present. (Webreak
here, but maybe we should bereturn
ing?)==
and!=
, but theHttpAuthority
class doesn't override these operators, so this is doing reference equality. This is suspicious at best and potentially an error in some places.GetHttp3ConnectionAsync
could end up returningnull
here in a race, leading to a NRE here.Originally posted by @MihaZupan in #83775 (comment)
The text was updated successfully, but these errors were encountered: