diff options
Diffstat (limited to 'Jellyfin.Server/SocketSharp/RequestMono.cs')
| -rw-r--r-- | Jellyfin.Server/SocketSharp/RequestMono.cs | 375 |
1 files changed, 91 insertions, 284 deletions
diff --git a/Jellyfin.Server/SocketSharp/RequestMono.cs b/Jellyfin.Server/SocketSharp/RequestMono.cs index a8ba4cdb5..8396ad600 100644 --- a/Jellyfin.Server/SocketSharp/RequestMono.cs +++ b/Jellyfin.Server/SocketSharp/RequestMono.cs @@ -11,9 +11,9 @@ namespace Jellyfin.Server.SocketSharp { public partial class WebSocketSharpRequest : IHttpRequest { - internal static string GetParameter(string header, string attr) + internal static string GetParameter(ReadOnlySpan<char> header, string attr) { - int ap = header.IndexOf(attr); + int ap = header.IndexOf(attr, StringComparison.Ordinal); if (ap == -1) { return null; @@ -31,13 +31,14 @@ namespace Jellyfin.Server.SocketSharp ending = ' '; } - int end = header.IndexOf(ending, ap + 1); + var slice = header.Slice(ap + 1); + int end = slice.IndexOf(ending); if (end == -1) { - return ending == '"' ? null : header.Substring(ap); + return ending == '"' ? null : header.Slice(ap).ToString(); } - return header.Substring(ap + 1, end - ap - 1); + return slice.Slice(0, end - ap - 1).ToString(); } private async Task LoadMultiPart(WebROCollection form) @@ -82,9 +83,7 @@ namespace Jellyfin.Server.SocketSharp } else { - // // We use a substream, as in 2.x we will support large uploads streamed to disk, - // var sub = new HttpPostedFile(e.Filename, e.ContentType, input, e.Start, e.Length); files[e.Name] = sub; } @@ -127,8 +126,12 @@ namespace Jellyfin.Server.SocketSharp public string Authorization => string.IsNullOrEmpty(request.Headers["Authorization"]) ? null : request.Headers["Authorization"]; - protected bool validate_cookies, validate_query_string, validate_form; - protected bool checked_cookies, checked_query_string, checked_form; + protected bool validate_cookies { get; set; } + protected bool validate_query_string { get; set; } + protected bool validate_form { get; set; } + protected bool checked_cookies { get; set; } + protected bool checked_query_string { get; set; } + protected bool checked_form { get; set; } private static void ThrowValidationException(string name, string key, string value) { @@ -138,8 +141,12 @@ namespace Jellyfin.Server.SocketSharp v = v.Substring(0, 16) + "...\""; } - string msg = string.Format("A potentially dangerous Request.{0} value was " + - "detected from the client ({1}={2}).", name, key, v); + string msg = string.Format( + CultureInfo.InvariantCulture, + "A potentially dangerous Request.{0} value was detected from the client ({1}={2}).", + name, + key, + v); throw new Exception(msg); } @@ -179,6 +186,7 @@ namespace Jellyfin.Server.SocketSharp for (int idx = 1; idx < len; idx++) { char next = val[idx]; + // See http://secunia.com/advisories/14325 if (current == '<' || current == '\xff1c') { @@ -218,7 +226,7 @@ namespace Jellyfin.Server.SocketSharp if (starts_with) { - return StrUtils.StartsWith(ContentType, ct, true); + return ContentType.StartsWith(ct, StringComparison.OrdinalIgnoreCase); } return string.Equals(ContentType, ct, StringComparison.OrdinalIgnoreCase); @@ -256,6 +264,7 @@ namespace Jellyfin.Server.SocketSharp value.Append((char)c); } } + if (c == -1) { AddRawKeyValue(form, key, value); @@ -271,6 +280,7 @@ namespace Jellyfin.Server.SocketSharp key.Append((char)c); } } + if (c == -1) { AddRawKeyValue(form, key, value); @@ -308,254 +318,54 @@ namespace Jellyfin.Server.SocketSharp result.Append(key); result.Append('='); } + result.Append(pair.Value); } return result.ToString(); } } - - public sealed class HttpPostedFile + private class HttpMultipart { - private string name; - private string content_type; - private Stream stream; - private class ReadSubStream : Stream + public class Element { - private Stream s; - private long offset; - private long end; - private long position; - - public ReadSubStream(Stream s, long offset, long length) - { - this.s = s; - this.offset = offset; - this.end = offset + length; - position = offset; - } - - public override void Flush() - { - } - - public override int Read(byte[] buffer, int dest_offset, int count) - { - if (buffer == null) - { - throw new ArgumentNullException(nameof(buffer)); - } - - if (dest_offset < 0) - { - throw new ArgumentOutOfRangeException(nameof(dest_offset), "< 0"); - } - - if (count < 0) - { - throw new ArgumentOutOfRangeException(nameof(count), "< 0"); - } - - int len = buffer.Length; - if (dest_offset > len) - { - throw new ArgumentException("destination offset is beyond array size", nameof(dest_offset)); - } - - // reordered to avoid possible integer overflow - if (dest_offset > len - count) - { - throw new ArgumentException("Reading would overrun buffer", nameof(count)); - } - - if (count > end - position) - { - count = (int)(end - position); - } - - if (count <= 0) - { - return 0; - } - - s.Position = position; - int result = s.Read(buffer, dest_offset, count); - if (result > 0) - { - position += result; - } - else - { - position = end; - } - - return result; - } - - public override int ReadByte() - { - if (position >= end) - { - return -1; - } - - s.Position = position; - int result = s.ReadByte(); - if (result < 0) - { - position = end; - } - else - { - position++; - } - - return result; - } + public string ContentType { get; set; } - public override long Seek(long d, SeekOrigin origin) - { - long real; - switch (origin) - { - case SeekOrigin.Begin: - real = offset + d; - break; - case SeekOrigin.End: - real = end + d; - break; - case SeekOrigin.Current: - real = position + d; - break; - default: - throw new ArgumentException(nameof(origin)); - } - - long virt = real - offset; - if (virt < 0 || virt > Length) - { - throw new ArgumentException(); - } - - position = s.Seek(real, SeekOrigin.Begin); - return position; - } - - public override void SetLength(long value) - { - throw new NotSupportedException(); - } - - public override void Write(byte[] buffer, int offset, int count) - { - throw new NotSupportedException(); - } + public string Name { get; set; } - public override bool CanRead => true; + public string Filename { get; set; } - public override bool CanSeek => true; + public Encoding Encoding { get; set; } - public override bool CanWrite => false; + public long Start { get; set; } - public override long Length => end - offset; + public long Length { get; set; } - public override long Position + public override string ToString() { - get => position - offset; - set - { - if (value > Length) - { - throw new ArgumentOutOfRangeException(nameof(value)); - } - - position = Seek(value, SeekOrigin.Begin); - } + return "ContentType " + ContentType + ", Name " + Name + ", Filename " + Filename + ", Start " + + Start.ToString(CultureInfo.CurrentCulture) + ", Length " + Length.ToString(CultureInfo.CurrentCulture); } } - internal HttpPostedFile(string name, string content_type, Stream base_stream, long offset, long length) - { - this.name = name; - this.content_type = content_type; - this.stream = new ReadSubStream(base_stream, offset, length); - } - - public string ContentType => content_type; + private const byte LF = (byte)'\n'; - public int ContentLength => (int)stream.Length; - - public string FileName => name; - - public Stream InputStream => stream; - } - - private class Helpers - { - public static readonly CultureInfo InvariantCulture = CultureInfo.InvariantCulture; - } - - internal static class StrUtils - { - public static bool StartsWith(string str1, string str2, bool ignore_case) - { - if (string.IsNullOrEmpty(str1)) - { - return false; - } + private const byte CR = (byte)'\r'; - var comparison = ignore_case ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal; - return str1.IndexOf(str2, comparison) == 0; - } - - public static bool EndsWith(string str1, string str2, bool ignore_case) - { - int l2 = str2.Length; - if (l2 == 0) - { - return true; - } - - int l1 = str1.Length; - if (l2 > l1) - { - return false; - } + private Stream data; - var comparison = ignore_case ? StringComparison.OrdinalIgnoreCase : StringComparison.Ordinal; - return str1.IndexOf(str2, comparison) == str1.Length - str2.Length - 1; - } - } + private string boundary; - private class HttpMultipart - { + private byte[] boundaryBytes; - public class Element - { - public string ContentType; - public string Name; - public string Filename; - public Encoding Encoding; - public long Start; - public long Length; + private byte[] buffer; - public override string ToString() - { - return "ContentType " + ContentType + ", Name " + Name + ", Filename " + Filename + ", Start " + - Start.ToString(CultureInfo.CurrentCulture) + ", Length " + Length.ToString(CultureInfo.CurrentCulture); - } - } + private bool atEof; - private Stream data; - private string boundary; - private byte[] boundary_bytes; - private byte[] buffer; - private bool at_eof; private Encoding encoding; - private StringBuilder sb; - private const byte LF = (byte)'\n', CR = (byte)'\r'; + private StringBuilder sb; // See RFC 2046 // In the case of multipart entities, in which one or more different @@ -570,18 +380,48 @@ namespace Jellyfin.Server.SocketSharp public HttpMultipart(Stream data, string b, Encoding encoding) { this.data = data; - //DB: 30/01/11: cannot set or read the Position in HttpListener in Win.NET - //var ms = new MemoryStream(32 * 1024); - //data.CopyTo(ms); - //this.data = ms; - boundary = b; - boundary_bytes = encoding.GetBytes(b); - buffer = new byte[boundary_bytes.Length + 2]; // CRLF or '--' + boundaryBytes = encoding.GetBytes(b); + buffer = new byte[boundaryBytes.Length + 2]; // CRLF or '--' this.encoding = encoding; sb = new StringBuilder(); } + public Element ReadNextElement() + { + if (atEof || ReadBoundary()) + { + return null; + } + + var elem = new Element(); + ReadOnlySpan<char> header; + while ((header = ReadHeaders()) != null) + { + if (header.StartsWith("Content-Disposition:", StringComparison.OrdinalIgnoreCase)) + { + elem.Name = GetContentDispositionAttribute(header, "name"); + elem.Filename = StripPath(GetContentDispositionAttributeWithEncoding(header, "filename")); + } + else if (header.StartsWith("Content-Type:", StringComparison.OrdinalIgnoreCase)) + { + elem.ContentType = header.Slice("Content-Type:".Length).Trim().ToString(); + elem.Encoding = GetEncoding(elem.ContentType); + } + } + + long start = data.Position; + elem.Start = start; + long pos = MoveToNextBoundary(); + if (pos == -1) + { + return null; + } + + elem.Length = pos - start; + return elem; + } + private string ReadLine() { // CRLF or LF are ok as line endings. @@ -600,6 +440,7 @@ namespace Jellyfin.Server.SocketSharp { break; } + got_cr = b == CR; sb.Append((char)b); } @@ -612,7 +453,7 @@ namespace Jellyfin.Server.SocketSharp return sb.ToString(); } - private static string GetContentDispositionAttribute(string l, string name) + private static string GetContentDispositionAttribute(ReadOnlySpan<char> l, string name) { int idx = l.IndexOf(name + "=\"", StringComparison.Ordinal); if (idx < 0) @@ -621,7 +462,7 @@ namespace Jellyfin.Server.SocketSharp } int begin = idx + name.Length + "=\"".Length; - int end = l.IndexOf('"', begin); + int end = l.Slice(begin).IndexOf('"'); if (end < 0) { return null; @@ -632,10 +473,10 @@ namespace Jellyfin.Server.SocketSharp return string.Empty; } - return l.Substring(begin, end - begin); + return l.Slice(begin, end - begin).ToString(); } - private string GetContentDispositionAttributeWithEncoding(string l, string name) + private string GetContentDispositionAttributeWithEncoding(ReadOnlySpan<char> l, string name) { int idx = l.IndexOf(name + "=\"", StringComparison.Ordinal); if (idx < 0) @@ -644,7 +485,7 @@ namespace Jellyfin.Server.SocketSharp } int begin = idx + name.Length + "=\"".Length; - int end = l.IndexOf('"', begin); + int end = l.Slice(begin).IndexOf('"'); if (end < 0) { return null; @@ -655,7 +496,7 @@ namespace Jellyfin.Server.SocketSharp return string.Empty; } - string temp = l.Substring(begin, end - begin); + ReadOnlySpan<char> temp = l.Slice(begin, end - begin); byte[] source = new byte[temp.Length]; for (int i = temp.Length - 1; i >= 0; i--) { @@ -681,13 +522,14 @@ namespace Jellyfin.Server.SocketSharp return false; } - if (!StrUtils.EndsWith(line, boundary, false)) + if (!line.EndsWith(boundary, StringComparison.Ordinal)) { return true; } } catch { + } return false; @@ -769,7 +611,7 @@ namespace Jellyfin.Server.SocketSharp return -1; } - if (!CompareBytes(boundary_bytes, buffer)) + if (!CompareBytes(boundaryBytes, buffer)) { state = 0; data.Position = retval + 2; @@ -785,7 +627,7 @@ namespace Jellyfin.Server.SocketSharp if (buffer[bl - 2] == '-' && buffer[bl - 1] == '-') { - at_eof = true; + atEof = true; } else if (buffer[bl - 2] != CR || buffer[bl - 1] != LF) { @@ -800,6 +642,7 @@ namespace Jellyfin.Server.SocketSharp c = data.ReadByte(); continue; } + data.Position = retval + 2; if (got_cr) { @@ -818,42 +661,6 @@ namespace Jellyfin.Server.SocketSharp return retval; } - public Element ReadNextElement() - { - if (at_eof || ReadBoundary()) - { - return null; - } - - var elem = new Element(); - string header; - while ((header = ReadHeaders()) != null) - { - if (StrUtils.StartsWith(header, "Content-Disposition:", true)) - { - elem.Name = GetContentDispositionAttribute(header, "name"); - elem.Filename = StripPath(GetContentDispositionAttributeWithEncoding(header, "filename")); - } - else if (StrUtils.StartsWith(header, "Content-Type:", true)) - { - elem.ContentType = header.Substring("Content-Type:".Length).Trim(); - elem.Encoding = GetEncoding(elem.ContentType); - } - } - - long start = 0; - start = data.Position; - elem.Start = start; - long pos = MoveToNextBoundary(); - if (pos == -1) - { - return null; - } - - elem.Length = pos - start; - return elem; - } - private static string StripPath(string path) { if (path == null || path.Length == 0) |