Mercurial > hg > release > icedtea6-1.8

# HG changeset patch
# User coffeys
# Date 1326712887 0
# Node ID 2d8dead332cbe169d486ecc70239475ebe3a77f7
# Parent  a224904d42db1f54139257221e9b545bd1c90b2e
7126960: Add property to limit number of request headers to the HTTP Server
Reviewed-by: chegar

diff --git a/src/share/classes/sun/net/httpserver/Request.java b/src/share/classes/sun/net/httpserver/Request.java
--- openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java
+++ openjdk/jdk/src/share/classes/sun/net/httpserver/Request.java
@@ -190,6 +190,13 @@ class Request {
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
         }
         return hdrs;
diff --git a/src/share/classes/sun/net/httpserver/ServerConfig.java b/src/share/classes/sun/net/httpserver/ServerConfig.java
--- openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java
+++ openjdk/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java
@@ -45,6 +45,8 @@ class ServerConfig {
     static long defaultIdleInterval = 300 ; // 5 min
     static long defaultSelCacheTimeout = 120 ;  // seconds
     static int defaultMaxIdleConnections = 200 ;
+    static int defaultMaxReqHeaders = 200 ;
+

     static long defaultDrainAmount = 64 * 1024;

@@ -54,6 +56,9 @@ class ServerConfig {
     static long selCacheTimeout;
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
+
     static boolean debug = false;

     static {
@@ -93,6 +98,11 @@ class ServerConfig {
                 "sun.net.httpserver.drainAmount",
                 defaultDrainAmount))).longValue();

+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(
+                new sun.security.action.GetIntegerAction(
+                "sun.net.httpserver.maxReqHeaders",
+                defaultMaxReqHeaders))).intValue();
+
         debug = ((Boolean)java.security.AccessController.doPrivileged(
                 new sun.security.action.GetBooleanAction(
                 "sun.net.httpserver.debug"))).booleanValue();
@@ -129,4 +139,8 @@ class ServerConfig {
     static long getDrainAmount () {
         return drainAmount;
     }
+
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
 }
author	Andrew John Hughes <ahughes@redhat.com>
date	Fri, 10 Feb 2012 11:25:13 +0000
parents
children