changeset 4957:fef367f97fa5

7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: alanb, michaelm, darcy
author chegar
date Mon, 09 Jan 2012 10:47:30 +0000
parents 547b2917b303
children fd4f1f928060
files src/share/classes/sun/net/httpserver/Request.java src/share/classes/sun/net/httpserver/ServerConfig.java
diffstat 2 files changed, 18 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/net/httpserver/Request.java	Thu Dec 22 20:18:05 2011 +0400
+++ b/src/share/classes/sun/net/httpserver/Request.java	Mon Jan 09 10:47:30 2012 +0000
@@ -203,6 +203,13 @@
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
             len = 0;
         }
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Thu Dec 22 20:18:05 2011 +0400
+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Jan 09 10:47:30 2012 +0000
@@ -46,13 +46,14 @@
     static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
     static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
     static final long DEFAULT_TIMER_MILLIS = 1000;
-
+    static final int  DEFAULT_MAX_REQ_HEADERS = 200;
     static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
 
     static long idleInterval;
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
-
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
     // max time a request or response is allowed to take
     static long maxReqTime;
     static long maxRspTime;
@@ -80,6 +81,10 @@
                     drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
                             DEFAULT_DRAIN_AMOUNT);
 
+                    maxReqHeaders = Integer.getInteger(
+                            "sun.net.httpserver.maxReqHeaders",
+                            DEFAULT_MAX_REQ_HEADERS);
+
                     maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
                             DEFAULT_MAX_REQ_TIME);
 
@@ -157,6 +162,10 @@
         return drainAmount;
     }
 
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
+
     static long getMaxReqTime () {
         return maxReqTime;
     }