# HG changeset patch
# User chegar
# Date 1328456159 0
# Node ID 43bf4d62a7726eec38545f428451467252a95cda
# Parent  a1a3620c1530ca6660772fa0c6797af10c2accb8
7126960: Add property to limit number of request headers to the HTTP Server
Reviewed-by: alanb, michaelm, darcy

diff -r a1a3620c1530 -r 43bf4d62a772 src/share/classes/sun/net/httpserver/Request.java
--- a/src/share/classes/sun/net/httpserver/Request.java	Mon Dec 05 21:01:03 2011 -0800
+++ b/src/share/classes/sun/net/httpserver/Request.java	Sun Feb 05 15:35:59 2012 +0000
@@ -203,6 +203,13 @@
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
             len = 0;
         }
diff -r a1a3620c1530 -r 43bf4d62a772 src/share/classes/sun/net/httpserver/ServerConfig.java
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Dec 05 21:01:03 2011 -0800
+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Sun Feb 05 15:35:59 2012 +0000
@@ -48,13 +48,14 @@
     static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
     static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
     static final long DEFAULT_TIMER_MILLIS = 1000;
-
+    static final int  DEFAULT_MAX_REQ_HEADERS = 200;
     static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
 
     static long idleInterval;
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
-
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
     // max time a request or response is allowed to take
     static long maxReqTime;
     static long maxRspTime;
@@ -83,6 +84,11 @@
                 "sun.net.httpserver.drainAmount",
                 DEFAULT_DRAIN_AMOUNT))).longValue();
 
+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(
+                            new sun.security.action.GetIntegerAction(
+                            "sun.net.httpserver.maxReqHeaders",
+                            DEFAULT_MAX_REQ_HEADERS))).intValue();
+
         maxReqTime = ((Long)java.security.AccessController.doPrivileged(
                 new sun.security.action.GetLongAction(
                 "sun.net.httpserver.maxReqTime",
@@ -161,6 +167,10 @@
         return drainAmount;
     }
 
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
+
     static long getMaxReqTime () {
         return maxReqTime;
     }