stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

7126960: Add property to limit number of request headers to the HTTP Server

Browse Source 
Reviewed-by: michaelm
This commit is contained in:
Chris Hegarty 2012-01-18 15:35:06 +00:00
parent 74fcfe6c7e
commit b78021fcd1
2 changed files with 76 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
jdk/src/share/classes/sun/net/httpserver/Request.java
View File

@ -203,6 +203,13 @@ class Request {
v = new String(); v = new String();
else else
v = String.copyValueOf(s, keyend, len - keyend); v = String.copyValueOf(s, keyend, len - keyend);
if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
throw new IOException("Maximum number of request headers (" +
"sun.net.httpserver.maxReqHeaders) exceeded, " +
ServerConfig.getMaxReqHeaders() + ".");
}
hdrs.add (k,v); hdrs.add (k,v);
len = 0; len = 0;
} }

131
jdk/src/share/classes/sun/net/httpserver/ServerConfig.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package sun.net.httpserver; package sun.net.httpserver;
import com.sun.net.httpserver.*;
import com.sun.net.httpserver.spi.*;
import java.util.logging.Logger; import java.util.logging.Logger;
import java.security.PrivilegedAction; import java.security.PrivilegedAction;
@ -37,74 +35,75 @@ import java.security.PrivilegedAction;
class ServerConfig { class ServerConfig {
static int clockTick; private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
/* These values must be a reasonable multiple of clockTick */ /* These values must be a reasonable multiple of clockTick */
static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ; private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
static final long DEFAULT_TIMER_MILLIS = 1000; private static final long DEFAULT_TIMER_MILLIS = 1000;
private static final int DEFAULT_MAX_REQ_HEADERS = 200;
static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
static long idleInterval;
static long drainAmount; // max # of bytes to drain from an inputstream
static int maxIdleConnections;
private static int clockTick;
private static long idleInterval;
// The maximum number of bytes to drain from an inputstream
private static long drainAmount;
private static int maxIdleConnections;
// The maximum number of request headers allowable
private static int maxReqHeaders;
// max time a request or response is allowed to take // max time a request or response is allowed to take
static long maxReqTime; private static long maxReqTime;
static long maxRspTime; private static long maxRspTime;
static long timerMillis; private static long timerMillis;
static boolean debug = false; private static boolean debug;
// the value of the TCP_NODELAY socket-level option
private static boolean noDelay;
static { static {
java.security.AccessController.doPrivileged(
new PrivilegedAction<Void>() {
@Override
public Void run () {
idleInterval = Long.getLong("sun.net.httpserver.idleInterval",
DEFAULT_IDLE_INTERVAL) * 1000;
idleInterval = ((Long)java.security.AccessController.doPrivileged( clockTick = Integer.getInteger("sun.net.httpserver.clockTick",
new sun.security.action.GetLongAction( DEFAULT_CLOCK_TICK);
"sun.net.httpserver.idleInterval",
DEFAULT_IDLE_INTERVAL))).longValue() * 1000;
clockTick = ((Integer)java.security.AccessController.doPrivileged( maxIdleConnections = Integer.getInteger(
new sun.security.action.GetIntegerAction(
"sun.net.httpserver.clockTick",
DEFAULT_CLOCK_TICK))).intValue();
maxIdleConnections = ((Integer)java.security.AccessController.doPrivileged(
new sun.security.action.GetIntegerAction(
"sun.net.httpserver.maxIdleConnections", "sun.net.httpserver.maxIdleConnections",
DEFAULT_MAX_IDLE_CONNECTIONS))).intValue(); DEFAULT_MAX_IDLE_CONNECTIONS);
drainAmount = ((Long)java.security.AccessController.doPrivileged( drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
new sun.security.action.GetLongAction( DEFAULT_DRAIN_AMOUNT);
"sun.net.httpserver.drainAmount",
DEFAULT_DRAIN_AMOUNT))).longValue();
maxReqTime = ((Long)java.security.AccessController.doPrivileged( maxReqHeaders = Integer.getInteger(
new sun.security.action.GetLongAction( "sun.net.httpserver.maxReqHeaders",
"sun.net.httpserver.maxReqTime", DEFAULT_MAX_REQ_HEADERS);
DEFAULT_MAX_REQ_TIME))).longValue();
maxRspTime = ((Long)java.security.AccessController.doPrivileged( maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
new sun.security.action.GetLongAction( DEFAULT_MAX_REQ_TIME);
"sun.net.httpserver.maxRspTime",
DEFAULT_MAX_RSP_TIME))).longValue();
timerMillis = ((Long)java.security.AccessController.doPrivileged( maxRspTime = Long.getLong("sun.net.httpserver.maxRspTime",
new sun.security.action.GetLongAction( DEFAULT_MAX_RSP_TIME);
"sun.net.httpserver.timerMillis",
DEFAULT_TIMER_MILLIS))).longValue();
debug = ((Boolean)java.security.AccessController.doPrivileged( timerMillis = Long.getLong("sun.net.httpserver.timerMillis",
new sun.security.action.GetBooleanAction( DEFAULT_TIMER_MILLIS);
"sun.net.httpserver.debug"))).booleanValue();
debug = Boolean.getBoolean("sun.net.httpserver.debug");
noDelay = Boolean.getBoolean("sun.net.httpserver.nodelay");
return null;
}
});
} }
static void checkLegacyProperties(final Logger logger) {
static void checkLegacyProperties (final Logger logger) {
// legacy properties that are no longer used // legacy properties that are no longer used
// print a warning to logger if they are set. // print a warning to logger if they are set.
@ -141,35 +140,43 @@ class ServerConfig {
); );
} }
static boolean debugEnabled () { static boolean debugEnabled() {
return debug; return debug;
} }
static long getIdleInterval () { static long getIdleInterval() {
return idleInterval; return idleInterval;
} }
static int getClockTick () { static int getClockTick() {
return clockTick; return clockTick;
} }
static int getMaxIdleConnections () { static int getMaxIdleConnections() {
return maxIdleConnections; return maxIdleConnections;
} }
static long getDrainAmount () { static long getDrainAmount() {
return drainAmount; return drainAmount;
} }
static long getMaxReqTime () { static int getMaxReqHeaders() {
return maxReqHeaders;
}
static long getMaxReqTime() {
return maxReqTime; return maxReqTime;
} }
static long getMaxRspTime () { static long getMaxRspTime() {
return maxRspTime; return maxRspTime;
} }
static long getTimerMillis () { static long getTimerMillis() {
return timerMillis; return timerMillis;
} }
static boolean noDelay() {
return noDelay;
}
} }