bytecodealliance
diff --git a/‎crates/test-programs/src/bin/p3_http_outbound_request_content_length.rs‎
Lines changed: 23 additions & 20 deletions b/‎crates/test-programs/src/bin/p3_http_outbound_request_content_length.rs‎
Lines changed: 23 additions & 20 deletions
diff --git a/‎crates/wasi-http/src/lib.rs‎
Lines changed: 13 additions & 0 deletions b/‎crates/wasi-http/src/lib.rs‎
Lines changed: 13 additions & 0 deletions
diff --git a/‎crates/wasi-http/src/p3/body.rs‎
Lines changed: 110 additions & 83 deletions b/‎crates/wasi-http/src/p3/body.rs‎
Lines changed: 110 additions & 83 deletions
@@ -51,11 +51,7 @@ impl test_programs::p3::exports::wasi::cli::run::Guest for Component {
                 async { transmit.await },
                 async {
                     let remaining = contents_tx.write_all(b"long enough".to_vec()).await;
-                    assert!(
-                        remaining.is_empty(),
-                        "{}",
-                        String::from_utf8_lossy(&remaining)
-                    );
+                    assert_eq!(String::from_utf8_lossy(&remaining), "");
                     trailers_tx.write(Ok(None)).await.unwrap();
                     drop(contents_tx);
                 },
@@ -72,19 +68,19 @@ impl test_programs::p3::exports::wasi::cli::run::Guest for Component {
                 async { transmit.await },
                 async {
                     let remaining = contents_tx.write_all(b"msg".to_vec()).await;
-                    assert!(
-                        remaining.is_empty(),
-                        "{}",
-                        String::from_utf8_lossy(&remaining)
-                    );
-                    drop(contents_tx);
+                    assert_eq!(String::from_utf8_lossy(&remaining), "");
                     trailers_tx.write(Ok(None)).await.unwrap();
+                    drop(contents_tx);
                 },
             );
-            let err = handle.expect_err("should have failed to send request");
+            // The request body will be polled before `handle` returns.
+            // Due to the way implementation is structured, by the time it happens
+            // the error will be already available in most cases and `handle` will fail,
+            // but it is a race condition, since `handle` may also succeed if
+            // polling body returns `Poll::Pending`
             assert!(
-                matches!(err, ErrorCode::HttpProtocolError),
-                "unexpected error: {err:#?}"
+                matches!(handle, Ok(..) | Err(ErrorCode::HttpProtocolError)),
+                "unexpected handle result: {handle:#?}"
             );
             let err = transmit.expect_err("request transmission should have failed");
             assert!(
@@ -101,15 +97,22 @@ impl test_programs::p3::exports::wasi::cli::run::Guest for Component {
                 async { transmit.await },
                 async {
                     let remaining = contents_tx.write_all(b"more than 11 bytes".to_vec()).await;
-                    assert_eq!(String::from_utf8_lossy(&remaining), "more than 11 bytes",);
-                    drop(contents_tx);
+                    assert_eq!(String::from_utf8_lossy(&remaining), "more than 11 bytes");
                     _ = trailers_tx.write(Ok(None)).await;
                 },
             );
-
-            // The the error returned by `handle` in this case is non-deterministic,
-            // so just assert that it fails
-            let _err = handle.expect_err("should have failed to send request");
+            // The request body will be polled before `handle` returns.
+            // Due to the way implementation is structured, by the time it happens
+            // the error will be already available in most cases and `handle` will fail,
+            // but it is a race condition, since `handle` may also succeed if
+            // polling body returns `Poll::Pending`
+            assert!(
+                matches!(
+                    handle,
+                    Ok(..) | Err(ErrorCode::HttpRequestBodySize(Some(18)))
+                ),
+                "unexpected handle result: {handle:#?}"
+            );
             let err = transmit.expect_err("request transmission should have failed");
             assert!(
                 matches!(err, ErrorCode::HttpRequestBodySize(Some(18))),
 
@@ -240,6 +240,7 @@ pub use crate::types::{
     DEFAULT_OUTGOING_BODY_BUFFER_CHUNKS, DEFAULT_OUTGOING_BODY_CHUNK_SIZE, WasiHttpCtx,
     WasiHttpImpl, WasiHttpView,
 };
+use http::header::CONTENT_LENGTH;
 use wasmtime::component::{HasData, Linker};
 
 /// Add all of the `wasi:http/proxy` world's interfaces to a [`wasmtime::component::Linker`].
@@ -391,3 +392,15 @@ where
 
     Ok(())
 }
+
+/// Extract the `Content-Length` header value from a [`http::HeaderMap`], returning `None` if it's not
+/// present. This function will return `Err` if it's not possible to parse the `Content-Length`
+/// header.
+fn get_content_length(headers: &http::HeaderMap) -> wasmtime::Result<Option<u64>> {
+    let Some(v) = headers.get(CONTENT_LENGTH) else {
+        return Ok(None);
+    };
+    let v = v.to_str()?;
+    let v = v.parse()?;
+    Ok(Some(v))
+}
@@ -122,75 +122,44 @@ impl Body {
     }
 }
 
-/// The kind of body, used for error reporting
-pub(crate) enum BodyKind {
-    Request,
-    Response,
-}
-
-/// Represents `Content-Length` limit and state
-#[derive(Copy, Clone, Debug, Eq, PartialEq, Hash)]
-struct ContentLength {
+/// [StreamConsumer] implementation for bodies originating in the guest with `Content-Length`
+/// header set.
+struct LimitedGuestBodyConsumer {
+    contents_tx: PollSender<Result<Bytes, ErrorCode>>,
+    error_tx: Option<oneshot::Sender<ErrorCode>>,
+    make_error: fn(Option<u64>) -> ErrorCode,
     /// Limit of bytes to be sent
     limit: u64,
     /// Number of bytes sent
     sent: u64,
-}
-
-impl ContentLength {
-    /// Constructs new [ContentLength]
-    fn new(limit: u64) -> Self {
-        Self { limit, sent: 0 }
-    }
-}
-
-/// [StreamConsumer] implementation for bodies originating in the guest.
-struct GuestBodyConsumer {
-    contents_tx: PollSender<Result<Bytes, ErrorCode>>,
-    result_tx: Option<oneshot::Sender<Result<(), ErrorCode>>>,
-    content_length: Option<ContentLength>,
-    kind: BodyKind,
     // `true` when the other side of `contents_tx` was unexpectedly closed
     closed: bool,
 }
 
-impl GuestBodyConsumer {
-    /// Constructs the approprite body size error given the [BodyKind]
-    fn body_size_error(&self, n: Option<u64>) -> ErrorCode {
-        match self.kind {
-            BodyKind::Request => ErrorCode::HttpRequestBodySize(n),
-            BodyKind::Response => ErrorCode::HttpResponseBodySize(n),
-        }
-    }
-
-    // Sends the corresponding error constructed by [Self::body_size_error] on both
-    // error channels.
-    // [`PollSender::poll_reserve`] on `contents_tx` must have succeeed prior to this being called.
-    fn send_body_size_error(&mut self, n: Option<u64>) {
-        if let Some(result_tx) = self.result_tx.take() {
-            _ = result_tx.send(Err(self.body_size_error(n)));
-            _ = self.contents_tx.send_item(Err(self.body_size_error(n)));
+impl LimitedGuestBodyConsumer {
+    /// Sends the error constructed by [Self::make_error] on both error channels.
+    /// Does nothing if an error has already been sent on [Self::error_tx].
+    fn send_error(&mut self, sent: Option<u64>) {
+        if let Some(error_tx) = self.error_tx.take() {
+            _ = error_tx.send((self.make_error)(sent));
+            self.contents_tx.abort_send();
+            if let Some(tx) = self.contents_tx.get_ref() {
+                _ = tx.try_send(Err((self.make_error)(sent)))
+            }
+            self.contents_tx.close();
         }
     }
 }
 
-impl Drop for GuestBodyConsumer {
+impl Drop for LimitedGuestBodyConsumer {
     fn drop(&mut self) {
-        if let Some(result_tx) = self.result_tx.take() {
-            if let Some(ContentLength { limit, sent }) = self.content_length {
-                if !self.closed && limit != sent {
-                    _ = result_tx.send(Err(self.body_size_error(Some(sent))));
-                    self.contents_tx.abort_send();
-                    if let Some(tx) = self.contents_tx.get_ref() {
-                        _ = tx.try_send(Err(self.body_size_error(Some(sent))))
-                    }
-                }
-            }
+        if !self.closed && self.limit != self.sent {
+            self.send_error(Some(self.sent))
         }
     }
 }
 
-impl<D> StreamConsumer<D> for GuestBodyConsumer {
+impl<D> StreamConsumer<D> for LimitedGuestBodyConsumer {
     type Item = u8;
 
     fn poll_consume(
@@ -201,27 +170,31 @@ impl<D> StreamConsumer<D> for GuestBodyConsumer {
         finish: bool,
     ) -> Poll<wasmtime::Result<StreamResult>> {
         debug_assert!(!self.closed);
+        let mut src = src.as_direct(store);
+        let buf = src.remaining();
+        let n = buf.len();
+
+        // Perform `content-length` check early and precompute the next value
+        let Ok(sent) = n.try_into() else {
+            self.send_error(None);
+            return Poll::Ready(Ok(StreamResult::Dropped));
+        };
+        let Some(sent) = self.sent.checked_add(sent) else {
+            self.send_error(None);
+            return Poll::Ready(Ok(StreamResult::Dropped));
+        };
+        if sent > self.limit {
+            self.send_error(Some(sent));
+            return Poll::Ready(Ok(StreamResult::Dropped));
+        }
         match self.contents_tx.poll_reserve(cx) {
             Poll::Ready(Ok(())) => {
-                let mut src = src.as_direct(store);
-                let buf = src.remaining();
-                if let Some(ContentLength { limit, sent }) = self.content_length.as_mut() {
-                    let Some(n) = buf.len().try_into().ok().and_then(|n| sent.checked_add(n))
-                    else {
-                        self.send_body_size_error(None);
-                        return Poll::Ready(Ok(StreamResult::Dropped));
-                    };
-                    if n > *limit {
-                        self.send_body_size_error(Some(n));
-                        return Poll::Ready(Ok(StreamResult::Dropped));
-                    }
-                    *sent = n;
-                }
                 let buf = Bytes::copy_from_slice(buf);
-                let n = buf.len();
                 match self.contents_tx.send_item(Ok(buf)) {
                     Ok(()) => {
                         src.mark_read(n);
+                        // Record new `content-length` only on successful send
+                        self.sent = sent;
                         Poll::Ready(Ok(StreamResult::Completed))
                     }
                     Err(..) => {
@@ -240,6 +213,41 @@ impl<D> StreamConsumer<D> for GuestBodyConsumer {
     }
 }
 
+/// [StreamConsumer] implementation for bodies originating in the guest without `Content-Length`
+/// header set.
+struct UnlimitedGuestBodyConsumer(PollSender<Result<Bytes, ErrorCode>>);
+
+impl<D> StreamConsumer<D> for UnlimitedGuestBodyConsumer {
+    type Item = u8;
+
+    fn poll_consume(
+        mut self: Pin<&mut Self>,
+        cx: &mut Context<'_>,
+        store: StoreContextMut<D>,
+        src: Source<Self::Item>,
+        finish: bool,
+    ) -> Poll<wasmtime::Result<StreamResult>> {
+        match self.0.poll_reserve(cx) {
+            Poll::Ready(Ok(())) => {
+                let mut src = src.as_direct(store);
+                let buf = src.remaining();
+                let n = buf.len();
+                let buf = Bytes::copy_from_slice(buf);
+                match self.0.send_item(Ok(buf)) {
+                    Ok(()) => {
+                        src.mark_read(n);
+                        Poll::Ready(Ok(StreamResult::Completed))
+                    }
+                    Err(..) => Poll::Ready(Ok(StreamResult::Dropped)),
+                }
+            }
+            Poll::Ready(Err(..)) => Poll::Ready(Ok(StreamResult::Dropped)),
+            Poll::Pending if finish => Poll::Ready(Ok(StreamResult::Cancelled)),
+            Poll::Pending => Poll::Pending,
+        }
+    }
+}
+
 /// [http_body::Body] implementation for bodies originating in the guest.
 pub(crate) struct GuestBody {
     contents_rx: Option<mpsc::Receiver<Result<Bytes, ErrorCode>>>,
@@ -253,9 +261,10 @@ impl GuestBody {
         mut store: impl AsContextMut<Data = T>,
         contents_rx: Option<StreamReader<u8>>,
         trailers_rx: FutureReader<Result<Option<Resource<Trailers>>, ErrorCode>>,
-        result_tx: oneshot::Sender<Result<(), ErrorCode>>,
+        result_tx: oneshot::Sender<Box<dyn Future<Output = Result<(), ErrorCode>> + Send>>,
+        result_fut: impl Future<Output = Result<(), ErrorCode>> + Send + 'static,
         content_length: Option<u64>,
-        kind: BodyKind,
+        make_error: fn(Option<u64>) -> ErrorCode,
         getter: fn(&mut T) -> WasiHttpCtxView<'_>,
     ) -> Self {
         let (trailers_http_tx, trailers_http_rx) = oneshot::channel();
@@ -266,20 +275,38 @@ impl GuestBody {
                 getter,
             },
         );
-        let contents_rx = contents_rx.map(|rx| {
+
+        let contents_rx = if let Some(rx) = contents_rx {
             let (http_tx, http_rx) = mpsc::channel(1);
-            rx.pipe(
-                store,
-                GuestBodyConsumer {
-                    contents_tx: PollSender::new(http_tx),
-                    result_tx: Some(result_tx),
-                    content_length: content_length.map(ContentLength::new),
-                    kind,
-                    closed: false,
-                },
-            );
-            http_rx
-        });
+            let contents_tx = PollSender::new(http_tx);
+            if let Some(limit) = content_length {
+                let (error_tx, error_rx) = oneshot::channel();
+                _ = result_tx.send(Box::new(async move {
+                    if let Ok(err) = error_rx.await {
+                        return Err(err);
+                    };
+                    result_fut.await
+                }));
+                rx.pipe(
+                    store,
+                    LimitedGuestBodyConsumer {
+                        contents_tx,
+                        error_tx: Some(error_tx),
+                        make_error,
+                        limit,
+                        sent: 0,
+                        closed: false,
+                    },
+                );
+            } else {
+                _ = result_tx.send(Box::new(result_fut));
+                rx.pipe(store, UnlimitedGuestBodyConsumer(contents_tx));
+            };
+            Some(http_rx)
+        } else {
+            _ = result_tx.send(Box::new(result_fut));
+            None
+        };
         Self {
             trailers_rx: Some(trailers_http_rx),
             contents_rx,
@@ -303,7 +330,7 @@ impl http_body::Body for GuestBody {
                     Ok(buf) => {
                         if let Some(n) = self.content_length.as_mut() {
                             // Substract frame length from `content_length`,
-                            // [GuestBodyConsumer] already performs the validation, so
+                            // [LimitedGuestBodyConsumer] already performs the validation, so
                             // just keep count as optimization for
                             // `is_end_stream` and `size_hint`
                             *n = n.saturating_sub(buf.len().try_into().unwrap_or(u64::MAX));