search

microsoft / referencesource

Source from the Microsoft .NET Reference Source that represent a subset of the .NET Framework
https://referencesource.microsoft.com/
MIT License
3.13k stars 1.27k forks source link

WebResponse object leak in `GetXmlReader` method #124

Closed nekobul closed 1 year ago

nekobul commented 4 years ago

https://github.com/microsoft/referencesource/blob/17b97365645da62cf8a49444d979f94a59bbb155/System.ServiceModel/System/ServiceModel/Description/MetadataExchangeClient.cs#L813

If the input response object contains invalid XML, the invocation of reader.MoveToContent method can lead to an exception and the response object will not be properly disposed. One possible fix would be to wrap the reading part in try/catch block like the following:

            internal static XmlReader GetXmlReader(HttpWebResponse response, long maxMessageSize, XmlDictionaryReaderQuotas readerQuotas)
            {
                readerQuotas = readerQuotas ?? EncoderDefaults.ReaderQuotas;
                XmlReader reader = XmlDictionaryReader.CreateTextReader(
                    new MaxMessageSizeStream(response.GetResponseStream(), maxMessageSize),
                    EncodingHelper.GetDictionaryReaderEncoding(response.ContentType),
                    readerQuotas,
                    null);

                try
                {
                  reader.Read();
                  reader.MoveToContent();
                }
                catch
                {
                  response.Dispose();
                  throw;
                }

                return reader;
            }
terrajobst commented 1 year ago

This repository does not accept feature requests or bug reports. To submit those, you need to go elsewhere: