Fix Integer Overflow in Header Processing (#41757)

Author: nerddtvg

src/Servers/Kestrel/Core/src/Internal/Http/Http1Connection.cs

@@ -636,7 +636,7 @@ protected override void OnReset()
         _requestTimedOut = false;
         _requestTargetForm = HttpRequestTarget.Unknown;
         _absoluteRequestTarget = null;
-        _remainingRequestHeadersBytesAllowed = ServerOptions.Limits.MaxRequestHeadersTotalSize + 2;
+        _remainingRequestHeadersBytesAllowed = (long)ServerOptions.Limits.MaxRequestHeadersTotalSize + 2;
 
         MinResponseDataRate = ServerOptions.Limits.MinResponseDataRate;
 

src/Servers/Kestrel/Core/test/Http1/Http1ConnectionTests.cs

@@ -55,6 +55,17 @@ public async Task TakeMessageHeadersThrowsWhenHeaderValueContainsExtendedASCII()
         var exception = Assert.Throws<InvalidOperationException>(() => TakeMessageHeaders(readableBuffer, trailers: false, out _consumed, out _examined));
     }
 
+    [Fact]
+    public async Task MaxRequestHeadersTotalSizeDoesNotThrowForMaxValue()
+    {
+        const string headerLine = "Header: value\r\n";
+        _serviceContext.ServerOptions.Limits.MaxRequestHeadersTotalSize = int.MaxValue;
+        _http1Connection.Reset();
+
+        await _application.Output.WriteAsync(Encoding.ASCII.GetBytes($"{headerLine}\r\n"));
+        var readableBuffer = (await _transport.Input.ReadAsync()).Buffer;
+    }
+
     [Fact]
     public async Task TakeMessageHeadersThrowsWhenHeadersExceedTotalSizeLimit()
     {