marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Limit max header lines

Browse Source
This commit is contained in:
zzz
2010-04-15 18:13:30 +00:00
parent 2fcee6e87a
commit 8258cdd6cf
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
View File

@@ -321,6 +321,9 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
return buf.toString(); return buf.toString();
} }
/** ridiculously long, just to prevent OOM DOS @since 0.7.13 */
private static final int MAX_HEADERS = 60;
private Properties readHeaders(InputStream in, StringBuilder command) throws IOException { private Properties readHeaders(InputStream in, StringBuilder command) throws IOException {
Properties headers = new Properties(); Properties headers = new Properties();
StringBuilder buf = new StringBuilder(128); StringBuilder buf = new StringBuilder(128);
@@ -344,7 +347,10 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
if (trimmed > 0) if (trimmed > 0)
getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0); getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0);
int i = 0;
while (true) { while (true) {
if (++i > MAX_HEADERS)
throw new IOException("Too many header lines - max " + MAX_HEADERS);
buf.setLength(0); buf.setLength(0);
ok = DataHelper.readLine(in, buf); ok = DataHelper.readLine(in, buf);
if (!ok) throw new IOException("EOF reached before the end of the headers [" + buf.toString() + "]"); if (!ok) throw new IOException("EOF reached before the end of the headers [" + buf.toString() + "]");