Mercurial
jdk6/jdk6/jdk / changeset
summary | shortlog | changelog | tags | manifest | changeset | raw | bz2 | zip | gz
7126960: Add property to limit number of request headers to the HTTP Server
authorcoffeys
Mon Jan 16 11:21:27 2012 +0000 (16 months ago)
changeset 5582d8dead332cb
parent 557a224904d42db
child 559811f7b34a43c
7126960: Add property to limit number of request headers to the HTTP Server
Reviewed-by: chegar
src/share/classes/sun/net/httpserver/Request.javafile | annotate | diff | revisions
src/share/classes/sun/net/httpserver/ServerConfig.javafile | annotate | diff | revisions
--- a/src/share/classes/sun/net/httpserver/Request.java	Tue Jan 10 19:57:42 2012 +0000

+++ b/src/share/classes/sun/net/httpserver/Request.java	Mon Jan 16 11:21:27 2012 +0000

@@ -1,5 +1,5 @@

 /*

- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.

+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.

  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

  *

  * This code is free software; you can redistribute it and/or modify it

@@ -190,6 +190,13 @@ class Request {

                 v = new String();

             else

                 v = String.copyValueOf(s, keyend, len - keyend);

+

+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {

+                throw new IOException("Maximum number of request headers (" +

+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +

+                        ServerConfig.getMaxReqHeaders() + ".");

+            }

+

             hdrs.add (k,v);

         }

         return hdrs;

--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Tue Jan 10 19:57:42 2012 +0000

+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Jan 16 11:21:27 2012 +0000

@@ -1,5 +1,5 @@

 /*

- * Copyright (c) 2005, 2006, Oracle and/or its affiliates. All rights reserved.

+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.

  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

  *

  * This code is free software; you can redistribute it and/or modify it

@@ -45,6 +45,8 @@ class ServerConfig {

     static long defaultIdleInterval = 300 ; // 5 min

     static long defaultSelCacheTimeout = 120 ;  // seconds

     static int defaultMaxIdleConnections = 200 ;

+    static int defaultMaxReqHeaders = 200 ;

+

 

     static long defaultDrainAmount = 64 * 1024;

 

@@ -54,6 +56,9 @@ class ServerConfig {

     static long selCacheTimeout;

     static long drainAmount;    // max # of bytes to drain from an inputstream

     static int maxIdleConnections;

+    // The maximum number of request headers allowable

+    private static int maxReqHeaders;

+

     static boolean debug = false;

 

     static {

@@ -93,6 +98,11 @@ class ServerConfig {

                 "sun.net.httpserver.drainAmount",

                 defaultDrainAmount))).longValue();

 

+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(

+                new sun.security.action.GetIntegerAction(

+                "sun.net.httpserver.maxReqHeaders",

+                defaultMaxReqHeaders))).intValue();

+

         debug = ((Boolean)java.security.AccessController.doPrivileged(

                 new sun.security.action.GetBooleanAction(

                 "sun.net.httpserver.debug"))).booleanValue();

@@ -129,4 +139,8 @@ class ServerConfig {

     static long getDrainAmount () {

         return drainAmount;

     }

+

+    static int getMaxReqHeaders() {

+        return maxReqHeaders;

+    }

 }
jdk6/jdk6/jdk