changeset 558:2d8dead332cb

7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: chegar
author coffeys
date Mon, 16 Jan 2012 11:21:27 +0000
parents a224904d42db
children 811f7b34a43c
files src/share/classes/sun/net/httpserver/Request.java src/share/classes/sun/net/httpserver/ServerConfig.java
diffstat 2 files changed, 23 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/net/httpserver/Request.java	Tue Jan 10 19:57:42 2012 +0000
+++ b/src/share/classes/sun/net/httpserver/Request.java	Mon Jan 16 11:21:27 2012 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -190,6 +190,13 @@
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
         }
         return hdrs;
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Tue Jan 10 19:57:42 2012 +0000
+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Jan 16 11:21:27 2012 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@
     static long defaultIdleInterval = 300 ; // 5 min
     static long defaultSelCacheTimeout = 120 ;  // seconds
     static int defaultMaxIdleConnections = 200 ;
+    static int defaultMaxReqHeaders = 200 ;
+
 
     static long defaultDrainAmount = 64 * 1024;
 
@@ -54,6 +56,9 @@
     static long selCacheTimeout;
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
+
     static boolean debug = false;
 
     static {
@@ -93,6 +98,11 @@
                 "sun.net.httpserver.drainAmount",
                 defaultDrainAmount))).longValue();
 
+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(
+                new sun.security.action.GetIntegerAction(
+                "sun.net.httpserver.maxReqHeaders",
+                defaultMaxReqHeaders))).intValue();
+
         debug = ((Boolean)java.security.AccessController.doPrivileged(
                 new sun.security.action.GetBooleanAction(
                 "sun.net.httpserver.debug"))).booleanValue();
@@ -129,4 +139,8 @@
     static long getDrainAmount () {
         return drainAmount;
     }
+
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
 }