Mercurial > hg > release > icedtea7-forest-2.0 > jdk

changeset 4586:43bf4d62a772

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: alanb, michaelm, darcy
author chegar
date Sun, 05 Feb 2012 15:35:59 +0000
parents a1a3620c1530
children cfe9f71da9f4
files src/share/classes/sun/net/httpserver/Request.java src/share/classes/sun/net/httpserver/ServerConfig.java
diffstat 2 files changed, 19 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/src/share/classes/sun/net/httpserver/Request.java	Mon Dec 05 21:01:03 2011 -0800
+++ b/src/share/classes/sun/net/httpserver/Request.java	Sun Feb 05 15:35:59 2012 +0000
@@ -203,6 +203,13 @@
                 v = new String();
             else
                 v = String.copyValueOf(s, keyend, len - keyend);
+
+            if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+                throw new IOException("Maximum number of request headers (" +
+                        "sun.net.httpserver.maxReqHeaders) exceeded, " +
+                        ServerConfig.getMaxReqHeaders() + ".");
+            }
+
             hdrs.add (k,v);
             len = 0;
         }
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java	Mon Dec 05 21:01:03 2011 -0800
+++ b/src/share/classes/sun/net/httpserver/ServerConfig.java	Sun Feb 05 15:35:59 2012 +0000
@@ -48,13 +48,14 @@
     static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
     static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
     static final long DEFAULT_TIMER_MILLIS = 1000;
-
+    static final int  DEFAULT_MAX_REQ_HEADERS = 200;
     static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
 
     static long idleInterval;
     static long drainAmount;    // max # of bytes to drain from an inputstream
     static int maxIdleConnections;
-
+    // The maximum number of request headers allowable
+    private static int maxReqHeaders;
     // max time a request or response is allowed to take
     static long maxReqTime;
     static long maxRspTime;
@@ -83,6 +84,11 @@
                 "sun.net.httpserver.drainAmount",
                 DEFAULT_DRAIN_AMOUNT))).longValue();
 
+        maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged(
+                            new sun.security.action.GetIntegerAction(
+                            "sun.net.httpserver.maxReqHeaders",
+                            DEFAULT_MAX_REQ_HEADERS))).intValue();
+
         maxReqTime = ((Long)java.security.AccessController.doPrivileged(
                 new sun.security.action.GetLongAction(
                 "sun.net.httpserver.maxReqTime",
@@ -161,6 +167,10 @@
         return drainAmount;
     }
 
+    static int getMaxReqHeaders() {
+        return maxReqHeaders;
+    }
+
     static long getMaxReqTime () {
         return maxReqTime;
     }