aboutsummaryrefslogtreecommitdiff
path: root/MediaBrowser.Server.Implementations/HttpServer/SocketSharp
diff options
context:
space:
mode:
Diffstat (limited to 'MediaBrowser.Server.Implementations/HttpServer/SocketSharp')
-rw-r--r--MediaBrowser.Server.Implementations/HttpServer/SocketSharp/RequestMono.cs151
-rw-r--r--MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpRequest.cs87
-rw-r--r--MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpResponse.cs17
3 files changed, 182 insertions, 73 deletions
diff --git a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/RequestMono.cs b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/RequestMono.cs
index ed9e17b6b..bfa65ac6b 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/RequestMono.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/RequestMono.cs
@@ -3,7 +3,9 @@ using System.Collections.Specialized;
using System.Globalization;
using System.IO;
using System.Text;
+using System.Threading.Tasks;
using System.Web;
+using ServiceStack;
using ServiceStack.Web;
namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
@@ -31,53 +33,54 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
return header.Substring(ap + 1, end - ap - 1);
}
- void LoadMultiPart()
+ async Task LoadMultiPart()
{
string boundary = GetParameter(ContentType, "; boundary=");
if (boundary == null)
return;
- var input = GetSubStream(InputStream);
+ using (var requestStream = GetSubStream(InputStream))
+ {
+ //DB: 30/01/11 - Hack to get around non-seekable stream and received HTTP request
+ //Not ending with \r\n?
+ var ms = new MemoryStream(32 * 1024);
+ await requestStream.CopyToAsync(ms).ConfigureAwait(false);
- //DB: 30/01/11 - Hack to get around non-seekable stream and received HTTP request
- //Not ending with \r\n?
- var ms = new MemoryStream(32 * 1024);
- input.CopyTo(ms);
- input = ms;
- ms.WriteByte((byte)'\r');
- ms.WriteByte((byte)'\n');
+ var input = ms;
+ ms.WriteByte((byte)'\r');
+ ms.WriteByte((byte)'\n');
- input.Position = 0;
+ input.Position = 0;
- //Uncomment to debug
- //var content = new StreamReader(ms).ReadToEnd();
- //Console.WriteLine(boundary + "::" + content);
- //input.Position = 0;
+ //Uncomment to debug
+ //var content = new StreamReader(ms).ReadToEnd();
+ //Console.WriteLine(boundary + "::" + content);
+ //input.Position = 0;
- var multi_part = new HttpMultipart(input, boundary, ContentEncoding);
+ var multi_part = new HttpMultipart(input, boundary, ContentEncoding);
- HttpMultipart.Element e;
- while ((e = multi_part.ReadNextElement()) != null)
- {
- if (e.Filename == null)
+ HttpMultipart.Element e;
+ while ((e = multi_part.ReadNextElement()) != null)
{
- byte[] copy = new byte[e.Length];
+ if (e.Filename == null)
+ {
+ byte[] copy = new byte[e.Length];
- input.Position = e.Start;
- input.Read(copy, 0, (int)e.Length);
+ input.Position = e.Start;
+ input.Read(copy, 0, (int)e.Length);
- form.Add(e.Name, (e.Encoding ?? ContentEncoding).GetString(copy));
- }
- else
- {
- //
- // We use a substream, as in 2.x we will support large uploads streamed to disk,
- //
- HttpPostedFile sub = new HttpPostedFile(e.Filename, e.ContentType, input, e.Start, e.Length);
- files.AddFile(e.Name, sub);
+ form.Add(e.Name, (e.Encoding ?? ContentEncoding).GetString(copy));
+ }
+ else
+ {
+ //
+ // We use a substream, as in 2.x we will support large uploads streamed to disk,
+ //
+ HttpPostedFile sub = new HttpPostedFile(e.Filename, e.ContentType, input, e.Start, e.Length);
+ files.AddFile(e.Name, sub);
+ }
}
}
- EndSubStream(input);
}
public NameValueCollection Form
@@ -90,10 +93,15 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
files = new HttpFileCollection();
if (IsContentType("multipart/form-data", true))
- LoadMultiPart();
- else if (
- IsContentType("application/x-www-form-urlencoded", true))
- LoadWwwForm();
+ {
+ var task = LoadMultiPart();
+ Task.WaitAll(task);
+ }
+ else if (IsContentType("application/x-www-form-urlencoded", true))
+ {
+ var task = LoadWwwForm();
+ Task.WaitAll(task);
+ }
form.Protect();
}
@@ -116,6 +124,21 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
}
}
+ public string Accept
+ {
+ get
+ {
+ return string.IsNullOrEmpty(request.Headers[HttpHeaders.Accept]) ? null : request.Headers[HttpHeaders.Accept];
+ }
+ }
+
+ public string Authorization
+ {
+ get
+ {
+ return string.IsNullOrEmpty(request.Headers[HttpHeaders.Authorization]) ? null : request.Headers[HttpHeaders.Authorization];
+ }
+ }
protected bool validate_cookies, validate_query_string, validate_form;
protected bool checked_cookies, checked_query_string, checked_form;
@@ -204,50 +227,50 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
return String.Compare(ContentType, ct, true, Helpers.InvariantCulture) == 0;
}
-
-
-
-
- void LoadWwwForm()
+ async Task LoadWwwForm()
{
using (Stream input = GetSubStream(InputStream))
{
- using (StreamReader s = new StreamReader(input, ContentEncoding))
+ using (var ms = new MemoryStream())
{
- StringBuilder key = new StringBuilder();
- StringBuilder value = new StringBuilder();
- int c;
+ await input.CopyToAsync(ms).ConfigureAwait(false);
+ ms.Position = 0;
- while ((c = s.Read()) != -1)
+ using (StreamReader s = new StreamReader(ms, ContentEncoding))
{
- if (c == '=')
+ StringBuilder key = new StringBuilder();
+ StringBuilder value = new StringBuilder();
+ int c;
+
+ while ((c = s.Read()) != -1)
{
- value.Length = 0;
- while ((c = s.Read()) != -1)
+ if (c == '=')
{
- if (c == '&')
+ value.Length = 0;
+ while ((c = s.Read()) != -1)
+ {
+ if (c == '&')
+ {
+ AddRawKeyValue(key, value);
+ break;
+ }
+ else
+ value.Append((char)c);
+ }
+ if (c == -1)
{
AddRawKeyValue(key, value);
- break;
+ return;
}
- else
- value.Append((char)c);
}
- if (c == -1)
- {
+ else if (c == '&')
AddRawKeyValue(key, value);
- return;
- }
+ else
+ key.Append((char)c);
}
- else if (c == '&')
+ if (c == -1)
AddRawKeyValue(key, value);
- else
- key.Append((char)c);
}
- if (c == -1)
- AddRawKeyValue(key, value);
-
- EndSubStream(input);
}
}
}
diff --git a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpRequest.cs b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpRequest.cs
index 30849d441..dc2aec3e1 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpRequest.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpRequest.cs
@@ -22,7 +22,7 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
this.OperationName = operationName;
this.RequestAttributes = requestAttributes;
this.request = httpContext.Request;
- this.response = new WebSocketSharpResponse(logger, httpContext.Response);
+ this.response = new WebSocketSharpResponse(logger, httpContext.Response, this);
this.RequestPreferences = new RequestPreferences(this);
}
@@ -134,12 +134,89 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
get
{
return remoteIp ??
- (remoteIp = XForwardedFor ??
- (NormalizeIp(XRealIp) ??
+ (remoteIp = (CheckBadChars(XForwardedFor)) ??
+ (NormalizeIp(CheckBadChars(XRealIp)) ??
(request.RemoteEndPoint != null ? NormalizeIp(request.RemoteEndPoint.Address.ToString()) : null)));
}
}
+ private static readonly char[] HttpTrimCharacters = new char[] { (char)0x09, (char)0xA, (char)0xB, (char)0xC, (char)0xD, (char)0x20 };
+
+ //
+ // CheckBadChars - throws on invalid chars to be not found in header name/value
+ //
+ internal static string CheckBadChars(string name)
+ {
+ if (name == null || name.Length == 0)
+ {
+ return name;
+ }
+
+ // VALUE check
+ //Trim spaces from both ends
+ name = name.Trim(HttpTrimCharacters);
+
+ //First, check for correctly formed multi-line value
+ //Second, check for absenece of CTL characters
+ int crlf = 0;
+ for (int i = 0; i < name.Length; ++i)
+ {
+ char c = (char)(0x000000ff & (uint)name[i]);
+ switch (crlf)
+ {
+ case 0:
+ if (c == '\r')
+ {
+ crlf = 1;
+ }
+ else if (c == '\n')
+ {
+ // Technically this is bad HTTP. But it would be a breaking change to throw here.
+ // Is there an exploit?
+ crlf = 2;
+ }
+ else if (c == 127 || (c < ' ' && c != '\t'))
+ {
+ throw new ArgumentException("net_WebHeaderInvalidControlChars");
+ }
+ break;
+
+ case 1:
+ if (c == '\n')
+ {
+ crlf = 2;
+ break;
+ }
+ throw new ArgumentException("net_WebHeaderInvalidCRLFChars");
+
+ case 2:
+ if (c == ' ' || c == '\t')
+ {
+ crlf = 0;
+ break;
+ }
+ throw new ArgumentException("net_WebHeaderInvalidCRLFChars");
+ }
+ }
+ if (crlf != 0)
+ {
+ throw new ArgumentException("net_WebHeaderInvalidCRLFChars");
+ }
+ return name;
+ }
+
+ internal static bool ContainsNonAsciiChars(string token)
+ {
+ for (int i = 0; i < token.Length; ++i)
+ {
+ if ((token[i] < 0x20) || (token[i] > 0x7e))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
private string NormalizeIp(string ip)
{
if (!string.IsNullOrWhiteSpace(ip))
@@ -388,10 +465,6 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
return stream;
}
- static void EndSubStream(Stream stream)
- {
- }
-
public static string GetHandlerPathIfAny(string listenerUrl)
{
if (listenerUrl == null) return null;
diff --git a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpResponse.cs b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpResponse.cs
index 171dacb22..e08be8bd1 100644
--- a/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpResponse.cs
+++ b/MediaBrowser.Server.Implementations/HttpServer/SocketSharp/WebSocketSharpResponse.cs
@@ -1,4 +1,5 @@
using System;
+using System.Collections.Generic;
using System.IO;
using System.Net;
using MediaBrowser.Model.Logging;
@@ -14,14 +15,17 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
private readonly ILogger _logger;
private readonly HttpListenerResponse response;
- public WebSocketSharpResponse(ILogger logger, HttpListenerResponse response)
+ public WebSocketSharpResponse(ILogger logger, HttpListenerResponse response, IRequest request)
{
_logger = logger;
this.response = response;
+ Items = new Dictionary<string, object>();
+ Request = request;
}
+ public IRequest Request { get; private set; }
public bool UseBufferedStream { get; set; }
-
+ public Dictionary<string, object> Items { get; private set; }
public object OriginalResponse
{
get { return response; }
@@ -58,6 +62,11 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
response.AddHeader(name, value);
}
+ public string GetHeader(string name)
+ {
+ return response.Headers[name];
+ }
+
public void Redirect(string url)
{
response.Redirect(url);
@@ -142,5 +151,9 @@ namespace MediaBrowser.Server.Implementations.HttpServer.SocketSharp
}
public bool KeepAlive { get; set; }
+
+ public void ClearCookies()
+ {
+ }
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-12-10 15:32:18 +0000