From 4520e2568da2aabc55efdc7bb90a498a30531444 Mon Sep 17 00:00:00 2001
From: Stephen Toub <stoub@microsoft.com>
Date: Wed, 22 Jun 2022 10:42:22 -0400
Subject: [PATCH 1/2] Use IndexOfAny in HttpListener.HandleAuthentication

Just cleaning up a manual loop that can instead be IndexOfAny.
---
 .../src/System/Net/Windows/HttpListener.Windows.cs       | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs b/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
index 5f3626012a299e..e8a6a664a6ef32 100644
--- a/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
+++ b/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
@@ -803,14 +803,7 @@ public HttpListenerContext EndGetContext(IAsyncResult asyncResult)
                 if (authorizationHeader != null && (authenticationScheme & ~AuthenticationSchemes.Anonymous) != AuthenticationSchemes.None)
                 {
                     // Find the end of the scheme name.  Trust that HTTP.SYS parsed out just our header ok.
-                    for (index = 0; index < authorizationHeader.Length; index++)
-                    {
-                        if (authorizationHeader[index] == ' ' || authorizationHeader[index] == '\t' ||
-                            authorizationHeader[index] == '\r' || authorizationHeader[index] == '\n')
-                        {
-                            break;
-                        }
-                    }
+                    index = authorizationHeader.AsSpan().IndexOfAny(" \t\r\n");
 
                     // Currently only allow one Authorization scheme/header per request.
                     if (index < authorizationHeader.Length)

From 172476962d442cce5a19e0f388dde456e0f91e12 Mon Sep 17 00:00:00 2001
From: Stephen Toub <stoub@microsoft.com>
Date: Wed, 22 Jun 2022 14:55:33 -0400
Subject: [PATCH 2/2] Fix missing check

---
 .../src/System/Net/Windows/HttpListener.Windows.cs            | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs b/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
index e8a6a664a6ef32..888d6d43992966 100644
--- a/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
+++ b/src/libraries/System.Net.HttpListener/src/System/Net/Windows/HttpListener.Windows.cs
@@ -804,6 +804,10 @@ public HttpListenerContext EndGetContext(IAsyncResult asyncResult)
                 {
                     // Find the end of the scheme name.  Trust that HTTP.SYS parsed out just our header ok.
                     index = authorizationHeader.AsSpan().IndexOfAny(" \t\r\n");
+                    if (index < 0)
+                    {
+                        index = authorizationHeader.Length;
+                    }
 
                     // Currently only allow one Authorization scheme/header per request.
                     if (index < authorizationHeader.Length)