Cleanup and rework of counting

voidmain · voidmain · commit b287d4ce411c · 2025-10-28T14:28:25.000-06:00
diff --git a/src/main/java/io/fusionauth/http/server/io/HTTPInputStream.java b/src/main/java/io/fusionauth/http/server/io/HTTPInputStream.java
@@ -162,21 +162,17 @@ public int read(byte[] b, int off, int len) throws IOException {
         reportBytesRead -= extraBytes;
         pushbackInputStream.push(b, (int) bytesRemaining, extraBytes);
       }
-    }
 
-    if (read > 0 && fixedLength) {
       bytesRemaining -= reportBytesRead;
     }
 
     bytesRead += reportBytesRead;
 
     // Note that when the request is fixed length, we will have failed early during commit().
     // - This will handle all requests that are not fixed length.
-    if (maximumContentLength != -1) {
-      if (bytesRead > maximumContentLength) {
-        String detailedMessage = "The maximum request size has been exceeded. The maximum request size is [" + maximumContentLength + "] bytes.";
-        throw new ContentTooLargeException(maximumContentLength, detailedMessage);
-      }
+    if (maximumContentLength != -1 && bytesRead > maximumContentLength) {
+      String detailedMessage = "The maximum request size has been exceeded. The maximum request size is [" + maximumContentLength + "] bytes.";
+      throw new ContentTooLargeException(maximumContentLength, detailedMessage);
     }
 
     return reportBytesRead;
@@ -207,11 +203,9 @@ private void commit() {
     // If we have a maximumContentLength, and this is a fixed content length request, before we read any bytes, fail early.
     // For good measure do this last so if anyone downstream wants to read from the InputStream they could in theory because
     // we will have set up the InputStream.
-    if (contentLength != null && maximumContentLength != -1) {
-      if (contentLength > maximumContentLength) {
-        String detailedMessage = "The maximum request size has been exceeded. The reported Content-Length is [" + contentLength + "] and the maximum request size is [" + maximumContentLength + "] bytes.";
-        throw new ContentTooLargeException(maximumContentLength, detailedMessage);
-      }
+    if (contentLength != null && maximumContentLength != -1 && contentLength > maximumContentLength) {
+      String detailedMessage = "The maximum request size has been exceeded. The reported Content-Length is [" + contentLength + "] and the maximum request size is [" + maximumContentLength + "] bytes.";
+      throw new ContentTooLargeException(maximumContentLength, detailedMessage);
     }
   }
 }
diff --git a/src/main/java/io/fusionauth/http/util/HTTPTools.java b/src/main/java/io/fusionauth/http/util/HTTPTools.java
@@ -296,14 +296,9 @@ public static void parseRequestPreamble(PushbackInputStream inputStream, int max
 
     int read = 0;
     int index = 0;
-    int bytesRead = 0;
-    boolean readExceeded = false;
+    int premableLength = 0;
 
     while (state != RequestPreambleState.Complete) {
-      if (readExceeded) {
-        throw new RequestHeadersTooLargeException(maxRequestHeaderSize, "The maximum size of the request header has been exceeded. The maximum size is [" + maxRequestHeaderSize + "] bytes.");
-      }
-
       long start = System.currentTimeMillis();
       read = inputStream.read(requestBuffer);
 
@@ -316,17 +311,10 @@ public static void parseRequestPreamble(PushbackInputStream inputStream, int max
       logger.trace("Read [{}] from client for preamble.", read);
 
       // Tell the callback that we've read at least one byte
-      if (bytesRead == 0) {
+      if (premableLength == 0) {
         readObserver.run();
       }
 
-      // bytesRead will include bytes that are read past the end of the preamble. This should be ok because we will only throw an exception
-      // for readExceeded once we have reached this state AND we are not yet in a complete state.
-      // - If we exceed the max header size from this read, as long as this buffer includes the entire preamble we will not throw
-      //   an exception.
-      bytesRead += read;
-      readExceeded = maxRequestHeaderSize != -1 && bytesRead >= maxRequestHeaderSize;
-
       for (index = 0; index < read && state != RequestPreambleState.Complete; index++) {
         // If there is a state transition, store the value properly and reset the builder (if needed)
         byte ch = requestBuffer[index];
@@ -352,6 +340,12 @@ public static void parseRequestPreamble(PushbackInputStream inputStream, int max
 
         state = nextState;
       }
+
+      // index is the number of bytes we processed as part of the preamble
+      premableLength += index;
+      if (premableLength > maxRequestHeaderSize) {
+        throw new RequestHeadersTooLargeException(maxRequestHeaderSize, "The maximum size of the request header has been exceeded. The maximum size is [" + maxRequestHeaderSize + "] bytes.");
+      }
     }
 
     // Push back the leftover bytes
