changeset 5051:d9897e95323c

7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: michaelm
author chegar
date Wed, 18 Jan 2012 15:35:06 +0000
parents 5e6f3c8646cf
children 7699f0a9c6d7 bff59bf994da
files src/share/classes/sun/net/httpserver/Request.java src/share/classes/sun/net/httpserver/ServerConfig.java
diffstat 2 files changed, 76 insertions(+), 62 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/net/httpserver/Request.java	Mon Jan 09 20:55:52 2012 -0800
+++ b/src/share/classes/sun/net/httpserver/Request.java	Wed Jan 18 15:35:06 2012 +0000
@@ -203,6 +203,13 @@
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
             len = 0;
         }
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Jan 09 20:55:52 2012 -0800
+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Wed Jan 18 15:35:06 2012 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
 
 package sun.net.httpserver;
 
-import com.sun.net.httpserver.*;
-import com.sun.net.httpserver.spi.*;
 import java.util.logging.Logger;
 import java.security.PrivilegedAction;
 
@@ -37,74 +35,75 @@
 
 class ServerConfig {
 
-    static int clockTick;
-
-    static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
+    private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
 
     /* These values must be a reasonable multiple of clockTick */
-    static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
-    static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
+    private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
+    private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
 
-    static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
-    static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
-    static final long DEFAULT_TIMER_MILLIS = 1000;
+    private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
+    private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
+    private static final long DEFAULT_TIMER_MILLIS = 1000;
+    private static final int  DEFAULT_MAX_REQ_HEADERS = 200;
+    private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
 
-    static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
+    private static int clockTick;
+    private static long idleInterval;
+    // The maximum number of bytes to drain from an inputstream
+    private static long drainAmount;
+    private static int maxIdleConnections;
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
+    // max time a request or response is allowed to take
+    private static long maxReqTime;
+    private static long maxRspTime;
+    private static long timerMillis;
+    private static boolean debug;
 
-    static long idleInterval;
-    static long drainAmount;    // max # of bytes to drain from an inputstream
-    static int maxIdleConnections;
-
-    // max time a request or response is allowed to take
-    static long maxReqTime;
-    static long maxRspTime;
-    static long timerMillis;
-    static boolean debug = false;
+    // the value of the TCP_NODELAY socket-level option
+    private static boolean noDelay;
 
     static {
+        java.security.AccessController.doPrivileged(
+            new PrivilegedAction<Void>() {
+                @Override
+                public Void run () {
+                    idleInterval = Long.getLong("sun.net.httpserver.idleInterval",
+                            DEFAULT_IDLE_INTERVAL) * 1000;
 
-        idleInterval = ((Long)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetLongAction(
-                "sun.net.httpserver.idleInterval",
-                DEFAULT_IDLE_INTERVAL))).longValue() * 1000;
+                    clockTick = Integer.getInteger("sun.net.httpserver.clockTick",
+                            DEFAULT_CLOCK_TICK);
 
-        clockTick = ((Integer)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetIntegerAction(
-                "sun.net.httpserver.clockTick",
-                DEFAULT_CLOCK_TICK))).intValue();
+                    maxIdleConnections = Integer.getInteger(
+                            "sun.net.httpserver.maxIdleConnections",
+                            DEFAULT_MAX_IDLE_CONNECTIONS);
 
-        maxIdleConnections = ((Integer)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetIntegerAction(
-                "sun.net.httpserver.maxIdleConnections",
-                DEFAULT_MAX_IDLE_CONNECTIONS))).intValue();
+                    drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
+                            DEFAULT_DRAIN_AMOUNT);
 
-        drainAmount = ((Long)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetLongAction(
-                "sun.net.httpserver.drainAmount",
-                DEFAULT_DRAIN_AMOUNT))).longValue();
+                    maxReqHeaders = Integer.getInteger(
+                            "sun.net.httpserver.maxReqHeaders",
+                            DEFAULT_MAX_REQ_HEADERS);
 
-        maxReqTime = ((Long)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetLongAction(
-                "sun.net.httpserver.maxReqTime",
-                DEFAULT_MAX_REQ_TIME))).longValue();
+                    maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
+                            DEFAULT_MAX_REQ_TIME);
 
-        maxRspTime = ((Long)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetLongAction(
-                "sun.net.httpserver.maxRspTime",
-                DEFAULT_MAX_RSP_TIME))).longValue();
+                    maxRspTime = Long.getLong("sun.net.httpserver.maxRspTime",
+                            DEFAULT_MAX_RSP_TIME);
 
-        timerMillis = ((Long)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetLongAction(
-                "sun.net.httpserver.timerMillis",
-                DEFAULT_TIMER_MILLIS))).longValue();
+                    timerMillis = Long.getLong("sun.net.httpserver.timerMillis",
+                            DEFAULT_TIMER_MILLIS);
 
-        debug = ((Boolean)java.security.AccessController.doPrivileged(
-                new sun.security.action.GetBooleanAction(
-                "sun.net.httpserver.debug"))).booleanValue();
+                    debug = Boolean.getBoolean("sun.net.httpserver.debug");
+
+                    noDelay = Boolean.getBoolean("sun.net.httpserver.nodelay");
+
+                    return null;
+                }
+            });
     }
 
-
-    static void checkLegacyProperties (final Logger logger) {
+    static void checkLegacyProperties(final Logger logger) {
 
         // legacy properties that are no longer used
         // print a warning to logger if they are set.
@@ -141,35 +140,43 @@
         );
     }
 
-    static boolean debugEnabled () {
+    static boolean debugEnabled() {
         return debug;
     }
 
-    static long getIdleInterval () {
+    static long getIdleInterval() {
         return idleInterval;
     }
 
-    static int getClockTick () {
+    static int getClockTick() {
         return clockTick;
     }
 
-    static int getMaxIdleConnections () {
+    static int getMaxIdleConnections() {
         return maxIdleConnections;
     }
 
-    static long getDrainAmount () {
+    static long getDrainAmount() {
         return drainAmount;
     }
 
-    static long getMaxReqTime () {
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
+
+    static long getMaxReqTime() {
         return maxReqTime;
     }
 
-    static long getMaxRspTime () {
+    static long getMaxRspTime() {
         return maxRspTime;
     }
 
-    static long getTimerMillis () {
+    static long getTimerMillis() {
         return timerMillis;
     }
+
+    static boolean noDelay() {
+        return noDelay;
+    }
 }