Author: remy.maucherat(a)jboss.com
Date: 2011-10-27 17:56:10 -0400 (Thu, 27 Oct 2011)
New Revision: 1858
Modified:
trunk/java/org/apache/tomcat/util/http/MimeHeaders.java
trunk/java/org/apache/tomcat/util/http/Parameters.java
trunk/webapps/docs/changelog.xml
Log:
Add system properties which restrict parameter count
(org.apache.tomcat.util.http.Parameters.MAX_COUNT default to 512) and header count
(org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT to 128).
Modified: trunk/java/org/apache/tomcat/util/http/MimeHeaders.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/MimeHeaders.java 2011-10-27 16:52:51 UTC (rev
1857)
+++ trunk/java/org/apache/tomcat/util/http/MimeHeaders.java 2011-10-27 21:56:10 UTC (rev
1858)
@@ -23,9 +23,6 @@
import org.apache.tomcat.util.buf.MessageBytes;
-/* XXX XXX XXX Need a major rewrite !!!!
- */
-
/**
* This class is used to contain standard internet message headers,
* used for SMTP (RFC822) and HTTP (RFC2068) messages as well as for
@@ -77,12 +74,6 @@
* to avoid inside tomcat. The goal is to use _only_ MessageByte-based Fields,
* and reduce to 0 the memory overhead of tomcat.
*
- * TODO:
- * XXX one-buffer parsing - for http ( other protocols don't need that )
- * XXX remove unused methods
- * XXX External enumerations, with 0 GC.
- * XXX use HeaderName ID
- *
*
* @author dac(a)eng.sun.com
* @author James Todd [gonzo(a)eng.sun.com]
@@ -212,9 +203,10 @@
}
/** Initial size - should be == average number of headers per request
- * XXX make it configurable ( fine-tuning of web-apps )
*/
public static final int DEFAULT_HEADER_SIZE = 8;
+ protected static final int MAX_COUNT =
+
Integer.valueOf(System.getProperty("org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT",
"128")).intValue();
/**
* The header fields.
@@ -333,6 +325,9 @@
MimeHeaderField mh;
int len = headers.length;
if (count >= len) {
+ if (count >= MAX_COUNT) {
+ throw new IllegalStateException("Header count exceeded allowed
maximum: " + MAX_COUNT);
+ }
// expand header list array
MimeHeaderField tmp[] = new MimeHeaderField[count * 2];
System.arraycopy(headers, 0, tmp, 0, len);
@@ -441,9 +436,7 @@
* @param name the name of the header field to be removed
*/
public void removeHeader(String name) {
- // XXX
// warning: rather sticky code; heavily tuned
-
for (int i = 0; i < count; i++) {
if (headers[i].getName().equalsIgnoreCase(name)) {
removeHeader(i--);
Modified: trunk/java/org/apache/tomcat/util/http/Parameters.java
===================================================================
--- trunk/java/org/apache/tomcat/util/http/Parameters.java 2011-10-27 16:52:51 UTC (rev
1857)
+++ trunk/java/org/apache/tomcat/util/http/Parameters.java 2011-10-27 21:56:10 UTC (rev
1858)
@@ -40,6 +40,8 @@
protected static final int LAST = -1;
public static final int INITIAL_SIZE = 8;
protected static final String[] ARRAY_TYPE = new String[0];
+ protected static final int MAX_COUNT =
+
Integer.valueOf(System.getProperty("org.apache.tomcat.util.http.Parameters.MAX_COUNT",
"512")).intValue();
protected class Field {
MessageBytes name = MessageBytes.newInstance();
@@ -212,6 +214,9 @@
int len = fields.length;
int pos = count;
if (count >= len) {
+ if (count >= MAX_COUNT) {
+ throw new IllegalStateException("Parameter count exceeded allowed
maximum: " + MAX_COUNT);
+ }
// expand header list array
Field tmp[] = new Field[pos * 2];
System.arraycopy(fields, 0, tmp, 0, len);
Modified: trunk/webapps/docs/changelog.xml
===================================================================
--- trunk/webapps/docs/changelog.xml 2011-10-27 16:52:51 UTC (rev 1857)
+++ trunk/webapps/docs/changelog.xml 2011-10-27 21:56:10 UTC (rev 1858)
@@ -44,6 +44,10 @@
Add a limit on the number of parameters that can be parsed in a POST (1024 by
default,
configured with org.apache.tomcat.util.http.Parameters.MAX_COUNT). (remm)
</fix>
+ <fix>
+ Add system properties which restrict parameter count
(org.apache.tomcat.util.http.Parameters.MAX_COUNT
+ default to 512) and header count
(org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT to 128). (remm)
+ </fix>
</changelog>
</subsection>
</section>
Show replies by date