Mercurial > hg > release > icedtea6-1.8
view patches/security/20120214/7126960.patch @ 2180:08e7c18e12c1
Add 2012/02/14 security patches.
2012-02-08 Omair Majid <omajid@redhat.com>
* NEWS: Update with security fixes.
* Makefile.am
(SECURITY_PATCHES): Add security patches.
(SPECIAL_SECURITY_PATCH): Add new variable.
(ICEDTEA_PATCHES): Add security patch that epends on backport.
* patches/security/20120214/7082299.patch,
* patches/security/20120214/7088367.patch,
* patches/security/20120214/7110683.patch,
* patches/security/20120214/7110687.patch,
* patches/security/20120214/7110700.patch,
* patches/security/20120214/7110704.patch,
* patches/security/20120214/7112642.patch,
* patches/security/20120214/7118283.patch,
* patches/security/20120214/7126960.patch: New security fixes.
author | Andrew John Hughes <ahughes@redhat.com> |
---|---|
date | Fri, 10 Feb 2012 11:25:13 +0000 |
parents | |
children |
line wrap: on
line source
# HG changeset patch # User coffeys # Date 1326712887 0 # Node ID 2d8dead332cbe169d486ecc70239475ebe3a77f7 # Parent a224904d42db1f54139257221e9b545bd1c90b2e 7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: chegar diff --git a/src/share/classes/sun/net/httpserver/Request.java b/src/share/classes/sun/net/httpserver/Request.java --- openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java +++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java @@ -190,6 +190,13 @@ class Request { v = new String(); else v = String.copyValueOf(s, keyend, len - keyend); + + if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) { + throw new IOException("Maximum number of request headers (" + + "sun.net.httpserver.maxReqHeaders) exceeded, " + + ServerConfig.getMaxReqHeaders() + "."); + } + hdrs.add (k,v); } return hdrs; diff --git a/src/share/classes/sun/net/httpserver/ServerConfig.java b/src/share/classes/sun/net/httpserver/ServerConfig.java --- openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java +++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java @@ -45,6 +45,8 @@ class ServerConfig { static long defaultIdleInterval = 300 ; // 5 min static long defaultSelCacheTimeout = 120 ; // seconds static int defaultMaxIdleConnections = 200 ; + static int defaultMaxReqHeaders = 200 ; + static long defaultDrainAmount = 64 * 1024; @@ -54,6 +56,9 @@ class ServerConfig { static long selCacheTimeout; static long drainAmount; // max # of bytes to drain from an inputstream static int maxIdleConnections; + // The maximum number of request headers allowable + private static int maxReqHeaders; + static boolean debug = false; static { @@ -93,6 +98,11 @@ class ServerConfig { "sun.net.httpserver.drainAmount", defaultDrainAmount))).longValue(); + maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged( + new sun.security.action.GetIntegerAction( + "sun.net.httpserver.maxReqHeaders", + defaultMaxReqHeaders))).intValue(); + debug = ((Boolean)java.security.AccessController.doPrivileged( new sun.security.action.GetBooleanAction( "sun.net.httpserver.debug"))).booleanValue(); @@ -129,4 +139,8 @@ class ServerConfig { static long getDrainAmount () { return drainAmount; } + + static int getMaxReqHeaders() { + return maxReqHeaders; + } }