Mercurial > hg > release > icedtea7-forest-2.0 > jdk
changeset 4586:43bf4d62a772
7126960: Add property to limit number of request headers to the HTTP Server
Reviewed-by: alanb, michaelm, darcy
author | chegar |
---|---|
date | Sun, 05 Feb 2012 15:35:59 +0000 |
parents | a1a3620c1530 |
children | cfe9f71da9f4 |
files | src/share/classes/sun/net/httpserver/Request.java src/share/classes/sun/net/httpserver/ServerConfig.java |
diffstat | 2 files changed, 19 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/src/share/classes/sun/net/httpserver/Request.java Mon Dec 05 21:01:03 2011 -0800 +++ b/src/share/classes/sun/net/httpserver/Request.java Sun Feb 05 15:35:59 2012 +0000 @@ -203,6 +203,13 @@ v = new String(); else v = String.copyValueOf(s, keyend, len - keyend); + + if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) { + throw new IOException("Maximum number of request headers (" + + "sun.net.httpserver.maxReqHeaders) exceeded, " + + ServerConfig.getMaxReqHeaders() + "."); + } + hdrs.add (k,v); len = 0; }
--- a/src/share/classes/sun/net/httpserver/ServerConfig.java Mon Dec 05 21:01:03 2011 -0800 +++ b/src/share/classes/sun/net/httpserver/ServerConfig.java Sun Feb 05 15:35:59 2012 +0000 @@ -48,13 +48,14 @@ static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever static final long DEFAULT_TIMER_MILLIS = 1000; - + static final int DEFAULT_MAX_REQ_HEADERS = 200; static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; static long idleInterval; static long drainAmount; // max # of bytes to drain from an inputstream static int maxIdleConnections; - + // The maximum number of request headers allowable + private static int maxReqHeaders; // max time a request or response is allowed to take static long maxReqTime; static long maxRspTime; @@ -83,6 +84,11 @@ "sun.net.httpserver.drainAmount", DEFAULT_DRAIN_AMOUNT))).longValue(); + maxReqHeaders = ((Integer)java.security.AccessController.doPrivileged( + new sun.security.action.GetIntegerAction( + "sun.net.httpserver.maxReqHeaders", + DEFAULT_MAX_REQ_HEADERS))).intValue(); + maxReqTime = ((Long)java.security.AccessController.doPrivileged( new sun.security.action.GetLongAction( "sun.net.httpserver.maxReqTime", @@ -161,6 +167,10 @@ return drainAmount; } + static int getMaxReqHeaders() { + return maxReqHeaders; + } + static long getMaxReqTime () { return maxReqTime; }