Connection not terminated for invalid/ill-formed requests

[moozzyk]

If a client sends an incorrect request the connection should be terminated. What happens now is that the connection is not terminated and new data are appended to the buffer but the data from the buffer are never removed so the buffer grows. Kestrel does throw if the data is incorrect (https://github.com/aspnet/KestrelHttpServer/blob/dev/src/Microsoft.AspNet.Server.Kestrel/Http/Frame.cs#L560) but the exception is then caught logged and swallowed (https://github.com/aspnet/KestrelHttpServer/blob/dev/src/Microsoft.AspNet.Server.Kestrel/Http/Connection.cs#L87)

Repro steps:

• With telnet send \r\n to the server

Expected behavior:

• the connection is closed

Actual behavior:

• you can continue typing. with each new character an exception will be thrown on the server side. buffer grows. the connection is never closed

Should we do some fuzzing tests in general?

[Tragetaschen]

Generally, any malformed request currently throws off Kestrel in various ways. I had created a couple of failing tests where generally a connection would leak, but I guess no one looked at it.

BTW, is there any way to test for leaking connections? @DamianEdwards mentioned these in various community standups and I guess they have been fixed, but there doesn't seem to be infrastructure to actually verify it.

[halter73]

This commit which just made it into RC1 allows Kestrel to handle requests with empty headers.

We still should add fuzz testing and limit start line length, header length, etc...