7126960: Add property to limit number of request headers to the HTTP Server
Reviewed-by: michaelm
--- a/jdk/src/share/classes/sun/net/httpserver/Request.java Mon Jan 09 20:55:52 2012 -0800
+++ b/jdk/src/share/classes/sun/net/httpserver/Request.java Wed Jan 18 15:35:06 2012 +0000
@@ -203,6 +203,13 @@
v = new String();
else
v = String.copyValueOf(s, keyend, len - keyend);
+
+ if (hdrs.size() >= ServerConfig.getMaxReqHeaders()) {
+ throw new IOException("Maximum number of request headers (" +
+ "sun.net.httpserver.maxReqHeaders) exceeded, " +
+ ServerConfig.getMaxReqHeaders() + ".");
+ }
+
hdrs.add (k,v);
len = 0;
}
--- a/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java Mon Jan 09 20:55:52 2012 -0800
+++ b/jdk/src/share/classes/sun/net/httpserver/ServerConfig.java Wed Jan 18 15:35:06 2012 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -25,8 +25,6 @@
package sun.net.httpserver;
-import com.sun.net.httpserver.*;
-import com.sun.net.httpserver.spi.*;
import java.util.logging.Logger;
import java.security.PrivilegedAction;
@@ -37,74 +35,75 @@
class ServerConfig {
- static int clockTick;
-
- static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
+ private static final int DEFAULT_CLOCK_TICK = 10000 ; // 10 sec.
/* These values must be a reasonable multiple of clockTick */
- static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
- static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
+ private static final long DEFAULT_IDLE_INTERVAL = 30 ; // 5 min
+ private static final int DEFAULT_MAX_IDLE_CONNECTIONS = 200 ;
- static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
- static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
- static final long DEFAULT_TIMER_MILLIS = 1000;
-
- static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
+ private static final long DEFAULT_MAX_REQ_TIME = -1; // default: forever
+ private static final long DEFAULT_MAX_RSP_TIME = -1; // default: forever
+ private static final long DEFAULT_TIMER_MILLIS = 1000;
+ private static final int DEFAULT_MAX_REQ_HEADERS = 200;
+ private static final long DEFAULT_DRAIN_AMOUNT = 64 * 1024;
- static long idleInterval;
- static long drainAmount; // max # of bytes to drain from an inputstream
- static int maxIdleConnections;
-
+ private static int clockTick;
+ private static long idleInterval;
+ // The maximum number of bytes to drain from an inputstream
+ private static long drainAmount;
+ private static int maxIdleConnections;
+ // The maximum number of request headers allowable
+ private static int maxReqHeaders;
// max time a request or response is allowed to take
- static long maxReqTime;
- static long maxRspTime;
- static long timerMillis;
- static boolean debug = false;
+ private static long maxReqTime;
+ private static long maxRspTime;
+ private static long timerMillis;
+ private static boolean debug;
+
+ // the value of the TCP_NODELAY socket-level option
+ private static boolean noDelay;
static {
-
- idleInterval = ((Long)java.security.AccessController.doPrivileged(
- new sun.security.action.GetLongAction(
- "sun.net.httpserver.idleInterval",
- DEFAULT_IDLE_INTERVAL))).longValue() * 1000;
+ java.security.AccessController.doPrivileged(
+ new PrivilegedAction<Void>() {
+ @Override
+ public Void run () {
+ idleInterval = Long.getLong("sun.net.httpserver.idleInterval",
+ DEFAULT_IDLE_INTERVAL) * 1000;
- clockTick = ((Integer)java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.httpserver.clockTick",
- DEFAULT_CLOCK_TICK))).intValue();
+ clockTick = Integer.getInteger("sun.net.httpserver.clockTick",
+ DEFAULT_CLOCK_TICK);
- maxIdleConnections = ((Integer)java.security.AccessController.doPrivileged(
- new sun.security.action.GetIntegerAction(
- "sun.net.httpserver.maxIdleConnections",
- DEFAULT_MAX_IDLE_CONNECTIONS))).intValue();
+ maxIdleConnections = Integer.getInteger(
+ "sun.net.httpserver.maxIdleConnections",
+ DEFAULT_MAX_IDLE_CONNECTIONS);
+
+ drainAmount = Long.getLong("sun.net.httpserver.drainAmount",
+ DEFAULT_DRAIN_AMOUNT);
- drainAmount = ((Long)java.security.AccessController.doPrivileged(
- new sun.security.action.GetLongAction(
- "sun.net.httpserver.drainAmount",
- DEFAULT_DRAIN_AMOUNT))).longValue();
+ maxReqHeaders = Integer.getInteger(
+ "sun.net.httpserver.maxReqHeaders",
+ DEFAULT_MAX_REQ_HEADERS);
- maxReqTime = ((Long)java.security.AccessController.doPrivileged(
- new sun.security.action.GetLongAction(
- "sun.net.httpserver.maxReqTime",
- DEFAULT_MAX_REQ_TIME))).longValue();
+ maxReqTime = Long.getLong("sun.net.httpserver.maxReqTime",
+ DEFAULT_MAX_REQ_TIME);
+
+ maxRspTime = Long.getLong("sun.net.httpserver.maxRspTime",
+ DEFAULT_MAX_RSP_TIME);
- maxRspTime = ((Long)java.security.AccessController.doPrivileged(
- new sun.security.action.GetLongAction(
- "sun.net.httpserver.maxRspTime",
- DEFAULT_MAX_RSP_TIME))).longValue();
+ timerMillis = Long.getLong("sun.net.httpserver.timerMillis",
+ DEFAULT_TIMER_MILLIS);
+
+ debug = Boolean.getBoolean("sun.net.httpserver.debug");
- timerMillis = ((Long)java.security.AccessController.doPrivileged(
- new sun.security.action.GetLongAction(
- "sun.net.httpserver.timerMillis",
- DEFAULT_TIMER_MILLIS))).longValue();
+ noDelay = Boolean.getBoolean("sun.net.httpserver.nodelay");
- debug = ((Boolean)java.security.AccessController.doPrivileged(
- new sun.security.action.GetBooleanAction(
- "sun.net.httpserver.debug"))).booleanValue();
+ return null;
+ }
+ });
}
-
- static void checkLegacyProperties (final Logger logger) {
+ static void checkLegacyProperties(final Logger logger) {
// legacy properties that are no longer used
// print a warning to logger if they are set.
@@ -141,35 +140,43 @@
);
}
- static boolean debugEnabled () {
+ static boolean debugEnabled() {
return debug;
}
- static long getIdleInterval () {
+ static long getIdleInterval() {
return idleInterval;
}
- static int getClockTick () {
+ static int getClockTick() {
return clockTick;
}
- static int getMaxIdleConnections () {
+ static int getMaxIdleConnections() {
return maxIdleConnections;
}
- static long getDrainAmount () {
+ static long getDrainAmount() {
return drainAmount;
}
- static long getMaxReqTime () {
+ static int getMaxReqHeaders() {
+ return maxReqHeaders;
+ }
+
+ static long getMaxReqTime() {
return maxReqTime;
}
- static long getMaxRspTime () {
+ static long getMaxRspTime() {
return maxRspTime;
}
- static long getTimerMillis () {
+ static long getTimerMillis() {
return timerMillis;
}
+
+ static boolean noDelay() {
+ return noDelay;
+ }
}