# HG changeset patch # User chegar # Date 1326900906 0 # Node ID d7f004398a91314c1c9da4641a55c1ed73cc86f9 # Parent 9b1d5bef8038682771f8d50ee208ae35dbbc75e5 7126960: Add property to limit number of request headers to the HTTP Server Reviewed-by: michaelm diff -r 9b1d5bef8038 -r d7f004398a91 jdk/src/share/classes/sun/net/httpserver/Request.java --- a/jdk/src/share/classes/sun/net/httpserver/Request.java Mon Jan 09 20:55:52 2012 -0800 +++ b/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Jan 18 15:35:06 2012 +0000 @@ -203,6 +203,13 @@ v = new String(); else v = String.copyValueOf(s, keyend, len - keyend); + + if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) { + throw new IOException("Maximum number of request headers (" + + "sun.net.httpserver.maxReqHeaders) exceeded, " + + ServerConfig.getMaxReqHeaders() + "."); + } + hdrs.add (k,v); len = 0; } diff -r 9b1d5bef8038 -r d7f004398a91 jdk/src/share/classes/sun/net/httpserver/ServerConfig.java --- a/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java Mon Jan 09 20:55:52 2012 -0800 +++ b/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java Wed Jan 18 15:35:06 2012 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,6 @@ package sun.net.httpserver; -import com.sun.net.httpserver.*; -import com.sun.net.httpserver.spi.*; import java.util.logging.Logger; import java.security.PrivilegedAction; @@ -37,74 +35,75 @@ class ServerConfig { - static int clockTick; - - static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec. + private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec. /* These values must be a reasonable multiple of clockTick */ - static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min - static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ; + private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min + private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ; - static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever - static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever - static final long DEFAULT_TIMER_MILLIS = 1000; - - static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; + private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever + private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever + private static final long DEFAULT_TIMER_MILLIS = 1000; + private static final int DEFAULT_MAX_REQ_HEADERS = 200; + private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024; - static long idleInterval; - static long drainAmount; // max # of bytes to drain from an inputstream - static int maxIdleConnections; - + private static int clockTick; + private static long idleInterval; + // The maximum number of bytes to drain from an inputstream + private static long drainAmount; + private static int maxIdleConnections; + // The maximum number of request headers allowable + private static int maxReqHeaders; // max time a request or response is allowed to take - static long maxReqTime; - static long maxRspTime; - static long timerMillis; - static boolean debug = false; + private static long maxReqTime; + private static long maxRspTime; + private static long timerMillis; + private static boolean debug; + + // the value of the TCP_NODELAY socket-level option + private static boolean noDelay; static { - - idleInterval = ((Long)java.security.AccessController.doPrivileged( - new sun.security.action.GetLongAction( - "sun.net.httpserver.idleInterval", - DEFAULT_IDLE_INTERVAL))).longValue() * 1000; + java.security.AccessController.doPrivileged( + new PrivilegedAction() { + @Override + public Void run () { + idleInterval = Long.getLong("sun.net.httpserver.idleInterval", + DEFAULT_IDLE_INTERVAL) * 1000; - clockTick = ((Integer)java.security.AccessController.doPrivileged( - new sun.security.action.GetIntegerAction( - "sun.net.httpserver.clockTick", - DEFAULT_CLOCK_TICK))).intValue(); + clockTick = Integer.getInteger("sun.net.httpserver.clockTick", + DEFAULT_CLOCK_TICK); - maxIdleConnections = ((Integer)java.security.AccessController.doPrivileged( - new sun.security.action.GetIntegerAction( - "sun.net.httpserver.maxIdleConnections", - DEFAULT_MAX_IDLE_CONNECTIONS))).intValue(); + maxIdleConnections = Integer.getInteger( + "sun.net.httpserver.maxIdleConnections", + DEFAULT_MAX_IDLE_CONNECTIONS); + + drainAmount = Long.getLong("sun.net.httpserver.drainAmount", + DEFAULT_DRAIN_AMOUNT); - drainAmount = ((Long)java.security.AccessController.doPrivileged( - new sun.security.action.GetLongAction( - "sun.net.httpserver.drainAmount", - DEFAULT_DRAIN_AMOUNT))).longValue(); + maxReqHeaders = Integer.getInteger( + "sun.net.httpserver.maxReqHeaders", + DEFAULT_MAX_REQ_HEADERS); - maxReqTime = ((Long)java.security.AccessController.doPrivileged( - new sun.security.action.GetLongAction( - "sun.net.httpserver.maxReqTime", - DEFAULT_MAX_REQ_TIME))).longValue(); + maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime", + DEFAULT_MAX_REQ_TIME); + + maxRspTime = Long.getLong("sun.net.httpserver.maxRspTime", + DEFAULT_MAX_RSP_TIME); - maxRspTime = ((Long)java.security.AccessController.doPrivileged( - new sun.security.action.GetLongAction( - "sun.net.httpserver.maxRspTime", - DEFAULT_MAX_RSP_TIME))).longValue(); + timerMillis = Long.getLong("sun.net.httpserver.timerMillis", + DEFAULT_TIMER_MILLIS); + + debug = Boolean.getBoolean("sun.net.httpserver.debug"); - timerMillis = ((Long)java.security.AccessController.doPrivileged( - new sun.security.action.GetLongAction( - "sun.net.httpserver.timerMillis", - DEFAULT_TIMER_MILLIS))).longValue(); + noDelay = Boolean.getBoolean("sun.net.httpserver.nodelay"); - debug = ((Boolean)java.security.AccessController.doPrivileged( - new sun.security.action.GetBooleanAction( - "sun.net.httpserver.debug"))).booleanValue(); + return null; + } + }); } - - static void checkLegacyProperties (final Logger logger) { + static void checkLegacyProperties(final Logger logger) { // legacy properties that are no longer used // print a warning to logger if they are set. @@ -141,35 +140,43 @@ ); } - static boolean debugEnabled () { + static boolean debugEnabled() { return debug; } - static long getIdleInterval () { + static long getIdleInterval() { return idleInterval; } - static int getClockTick () { + static int getClockTick() { return clockTick; } - static int getMaxIdleConnections () { + static int getMaxIdleConnections() { return maxIdleConnections; } - static long getDrainAmount () { + static long getDrainAmount() { return drainAmount; } - static long getMaxReqTime () { + static int getMaxReqHeaders() { + return maxReqHeaders; + } + + static long getMaxReqTime() { return maxReqTime; } - static long getMaxRspTime () { + static long getMaxRspTime() { return maxRspTime; } - static long getTimerMillis () { + static long getTimerMillis() { return timerMillis; } + + static boolean noDelay() { + return noDelay; + } }