Skip to content

Configuration: Fixed integer overflow in setting MaxRequestBodySize and MultipartBodyLengthLimit #20348

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 2, 2025
Merged

Configuration: Fixed integer overflow in setting MaxRequestBodySize and MultipartBodyLengthLimit #20348

merged 1 commit into from
Oct 2, 2025

Conversation

AndyButland
Copy link
Contributor

@AndyButland AndyButland commented Oct 2, 2025
edited
Loading

Prerequisites

  • I have added steps to test this contribution in the description below

Fixes: #20343

Description

We have an integer overflow exception when we attempt to convert a configured KB value into bytes. It's caused by multiplying two ints together to make a long - if the two ints go over int.MaxValue the result is zero.

I've fixed this by casting one of the ints to a long before doing the calculation.

Testing

You can test this via breakpoints at the places of the changed code on start up, veryfiny that the value is set to a non-zero value when configured in Umbraco:Cms to be, e.g. as follows:

  "Runtime": {
    "MaxRequestLength": 4194304
  },

And verify that you can save and publish nodes (previously having this value coerced to zero would cause an exception to be thrown).

Release

Once verified and merged for 13, needs to be cherry-picked up to 16.

@Copilot Copilot AI review requested due to automatic review settings October 2, 2025 04:47
Copilot
Copilot AI reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes an integer overflow bug that occurs when converting configured MaxRequestLength values from KB to bytes. The fix prevents the overflow by casting one operand to long before multiplication.

  • Cast integer to long before multiplication to prevent overflow when converting KB to bytes
  • Apply fix to both KestrelServerOptions and FormOptions configuration classes

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
src/Umbraco.Web.Common/Security/ConfigureKestrelServerOptions.cs Cast MaxRequestLength to long before multiplication to prevent integer overflow
src/Umbraco.Web.Common/Security/ConfigureFormOptions.cs Cast MaxRequestLength to long before multiplication to prevent integer overflow

@AndyButland AndyButland mentioned this pull request Oct 2, 2025
Closed
@iOvergaard
Copy link
Contributor

This is essentially the same fix as #18141, so I assume we do not need to merge it forward. But really great to see a non-breaking solution for v13. Happy to approve, LGTM!

@iOvergaard iOvergaard merged commit 4c9d02e into v13/dev Oct 2, 2025
20 checks passed
@iOvergaard iOvergaard deleted the v13/bugfix/fix-integer-overflow-in-setting-max-request-body-size branch October 2, 2025 11:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@iOvergaard iOvergaard iOvergaard approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AndyButland @iOvergaard