Description
What is the version or commit of the ORAS .NET library?
No response
What would you like to be added?
It seems the ORAS dotnet ManifestStore operations utilize the HttpResponse.Content.ReadAsStreamAsync for loading response body content into a stream. This can be potentially unsafe as the underlying MemoryStream buffer size is by default set to be the Int.MaxSize which comes to be ~2gb. This can lead to potential memory exhaustion if the upstream server is malicious and reports an incorrect Content-Length in the headers. There should be a check to enforce a max size (maybe 4mb) and have this be overridable.
Taking a look at the source code for ReadAsStreamAsync,
https://github.com/dotnet/runtime/blob/5535e31a712343a63f5d7d796cd874e563e5ac14/src/libraries/System.Net.Http/src/System/Net/Http/HttpContent.cs#L286
you can see that if the content has not been loaded before into a temporary buffer, a new buffer is created with the size MaxSizeBytes
https://github.com/dotnet/runtime/blob/5535e31a712343a63f5d7d796cd874e563e5ac14/src/libraries/System.Net.Http/src/System/Net/Http/HttpContent.cs#L550
Why is this needed for the ORAS .NET library?
Protect clients from large responses.
Are you willing to submit PRs to contribute to this feature?
- Yes, I am willing to implement it.