Merging internal commits for release/8.0

eng/Versions.props

@@ -163,7 +163,7 @@
     <optimizationlinuxarm64MIBCRuntimeVersion>1.0.0-prerelease.23458.2</optimizationlinuxarm64MIBCRuntimeVersion>
     <optimizationPGOCoreCLRVersion>1.0.0-prerelease.23458.2</optimizationPGOCoreCLRVersion>
     <!-- Not auto-updated. -->
-    <MicrosoftDiaSymReaderNativeVersion>16.11.27-beta1.23180.1</MicrosoftDiaSymReaderNativeVersion>
+    <MicrosoftDiaSymReaderNativeVersion>16.11.29-beta1.23404.4</MicrosoftDiaSymReaderNativeVersion>
     <SystemCommandLineVersion>2.0.0-beta4.23307.1</SystemCommandLineVersion>
     <TraceEventVersion>3.0.3</TraceEventVersion>
     <NETStandardLibraryRefVersion>2.1.0</NETStandardLibraryRefVersion>

src/libraries/Common/src/System/Net/Http/X509ResourceClient.cs

@@ -12,6 +12,9 @@ namespace System.Net.Http
 {
     internal static partial class X509ResourceClient
     {
+        private const long DefaultAiaDownloadLimit = 100 * 1024 * 1024;
+        private static long AiaDownloadLimit { get; } = GetValue("System.Security.Cryptography.AiaDownloadLimit", DefaultAiaDownloadLimit);
+
         private static readonly Func<string, CancellationToken, bool, Task<byte[]?>>? s_downloadBytes = CreateDownloadBytesFunc();
 
         static partial void ReportNoClient();
@@ -111,6 +114,7 @@ internal static partial class X509ResourceClient
                 ConstructorInfo? httpRequestMessageCtor = httpRequestMessageType.GetConstructor(Type.EmptyTypes);
                 MethodInfo? sendMethod = httpClientType.GetMethod("Send", new Type[] { httpRequestMessageType, typeof(CancellationToken) });
                 MethodInfo? sendAsyncMethod = httpClientType.GetMethod("SendAsync", new Type[] { httpRequestMessageType, typeof(CancellationToken) });
+                PropertyInfo? maxResponseContentBufferSizeProp = httpClientType.GetProperty("MaxResponseContentBufferSize");
                 PropertyInfo? responseContentProp = httpResponseMessageType.GetProperty("Content");
                 PropertyInfo? responseStatusCodeProp = httpResponseMessageType.GetProperty("StatusCode");
                 PropertyInfo? responseHeadersProp = httpResponseMessageType.GetProperty("Headers");
@@ -121,7 +125,7 @@ internal static partial class X509ResourceClient
                 if (socketsHttpHandlerCtor == null || pooledConnectionIdleTimeoutProp == null ||
                     allowAutoRedirectProp == null || httpClientCtor == null ||
                     requestUriProp == null || httpRequestMessageCtor == null ||
-                    sendMethod == null || sendAsyncMethod == null ||
+                    sendMethod == null || sendAsyncMethod == null || maxResponseContentBufferSizeProp == null ||
                     responseContentProp == null || responseStatusCodeProp == null ||
                     responseHeadersProp == null || responseHeadersLocationProp == null ||
                     readAsStreamMethod == null || taskOfHttpResponseMessageResultProp == null)
@@ -145,6 +149,7 @@ internal static partial class X509ResourceClient
                 pooledConnectionIdleTimeoutProp.SetValue(socketsHttpHandler, TimeSpan.FromSeconds(PooledConnectionIdleTimeoutSeconds));
                 allowAutoRedirectProp.SetValue(socketsHttpHandler, false);
                 object? httpClient = httpClientCtor.Invoke(new object?[] { socketsHttpHandler });
+                maxResponseContentBufferSizeProp.SetValue(httpClient, AiaDownloadLimit);
 
                 return async (string uriString, CancellationToken cancellationToken, bool async) =>
                 {
@@ -302,5 +307,24 @@ private static bool IsAllowedScheme(string scheme)
         {
             return string.Equals(scheme, "http", StringComparison.OrdinalIgnoreCase);
         }
+
+        private static long GetValue(string name, long defaultValue)
+        {
+            object? data = AppContext.GetData(name);
+
+            if (data is null)
+            {
+                return defaultValue;
+            }
+
+            try
+            {
+                return Convert.ToInt64(data);
+            }
+            catch
+            {
+                return defaultValue;
+            }
+        }
     }
 }

src/libraries/System.Security.Cryptography/tests/X509Certificates/RevocationTests/AiaTests.cs

@@ -3,6 +3,7 @@
 
 using System.Linq;
 using System.Security.Cryptography.X509Certificates.Tests.Common;
+using Microsoft.DotNet.RemoteExecutor;
 using Test.Cryptography;
 using Xunit;
 
@@ -178,5 +179,44 @@ public static void DisableAiaOptionWorks()
                 });
             }
         }
+
+        [ActiveIssue("https://github.com/dotnet/runtime/issues/57506", typeof(PlatformDetection), nameof(PlatformDetection.IsMonoRuntime), nameof(PlatformDetection.IsMariner))]
+        [PlatformSpecific(TestPlatforms.Linux)]
+        [ConditionalFact(typeof(RemoteExecutor), nameof(RemoteExecutor.IsSupported))]
+        public static void AiaIgnoresCertOverLimit()
+        {
+            RemoteExecutor.Invoke(() =>
+            {
+                AppContext.SetData("System.Security.Cryptography.AiaDownloadLimit", 100);
+                CertificateAuthority.BuildPrivatePki(
+                    PkiOptions.AllRevocation,
+                    out RevocationResponder responder,
+                    out CertificateAuthority root,
+                    out CertificateAuthority intermediate,
+                    out X509Certificate2 endEntity,
+                    pkiOptionsInSubject: false,
+                    testName: Guid.NewGuid().ToString());
+
+                using (responder)
+                using (root)
+                using (intermediate)
+                using (endEntity)
+                using (X509Certificate2 rootCert = root.CloneIssuerCert())
+                {
+                    responder.AiaResponseKind = AiaResponseKind.Cert;
+
+                    using (ChainHolder holder = new ChainHolder())
+                    {
+                        X509Chain chain = holder.Chain;
+                        chain.ChainPolicy.CustomTrustStore.Add(rootCert);
+                        chain.ChainPolicy.TrustMode = X509ChainTrustMode.CustomRootTrust;
+                        chain.ChainPolicy.VerificationTime = endEntity.NotBefore.AddMinutes(1);
+                        chain.ChainPolicy.UrlRetrievalTimeout = DynamicRevocationTests.s_urlRetrievalLimit;
+
+                        Assert.False(chain.Build(endEntity));
+                    }
+                }
+            }).Dispose();
+        }
     }
 }