ASP.NET POST-DATA truncated at 49152 bytes (48K)

Question

I'm getting errors where viewstate couldn't be decoded, and some of the errors trace to the fact that http post data was truncated at exactly 48K (49152) bytes.

This was listed as one of the fixed bugs in .NET 2.0 SP1. I currently have .NET 3.5 SP1.

This problem doesn't seem to happen with every post. Any ideas?

KB 945757 Problems that are fixed in the .NET Framework 2.0 Service Pack 1

KB 925248 FIX: The data in a POST request is truncated to 49,152 bytes when an ASP.NET-connected application receives the POST request

EDIT: Caught one of these errors in my error logs after I added encoding designation to the form. It shows the content-type was properly set to url-encoded, and the content-length was over 49152. But the dump of post data in the error log was again exactly 49152 bytes. I was able to re-create this by clicking the submit button several times from the page. I think the user did this because the page processes very slowly for some reason (was much faster before). It's likely the subsequent submissions that encountered this truncation. My fix might be to make the page fast again and/or disable the button from the first click.

Answer 1

I do know that IIS5 had this problem, it would truncate all data above 48Kb except if the form was sent as application/x-www-form-urlencoded, try to set this as your content-type like:

<form accept-charset="utf-8" 
      enctype="application/x-www-form-urlencoded" ... >

</form>

The pen-tester can bring this issue up.

If you also search for HTTP Smuggling you will find the same issue.

you can read more info on HTTP Smuggling.

Answer 2

i ran into this once and it turned out it's the browser that is truncating it!

i don't remember which one anymore though. I want to say it was firefox, but i can't be sure.

the fix was to change the content type of the form to multipart/form-data.