Changeset 6aa1284


Ignore:
Timestamp:
Apr 4, 2015 7:31:20 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
4705f01
Parents:
bb082c35
Message:

i2ptunnel: Check for total header size too big,
log tweaks

File:
1 edited

Legend:

Unmodified
Added
Removed
  • apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java

    rbb082c35 r6aa1284  
    7272    private static final long START_INTERVAL = (60 * 1000) * 3;
    7373    private static final int MAX_LINE_LENGTH = 8*1024;
     74    /** ridiculously long, just to prevent OOM DOS @since 0.7.13 */
     75    private static final int MAX_HEADERS = 60;
     76    /** Includes request, just to prevent OOM DOS @since 0.9.20 */
     77    private static final int MAX_TOTAL_HEADER_SIZE = 32*1024;
     78   
    7479    private long _startedOn = 0L;
    7580    private ConnThrottler _postThrottler;
     
    763768    }
    764769   
    765     /** ridiculously long, just to prevent OOM DOS @since 0.7.13 */
    766     private static final int MAX_HEADERS = 60;
    767    
    768770    /**
    769771     * Add an entry to the multimap.
     
    812814     *  @throws SocketTimeoutException if timeout is reached before newline
    813815     *  @throws EOFException if EOF is reached before newline
    814      *  @throws LineTooLongException if one header too long, or too many headers
     816     *  @throws LineTooLongException if one header too long, or too many headers, or total size too big
    815817     *  @throws RequestTooLongException if too long
    816818     *  @throws BadRequestException on bad headers
     
    834836             boolean ok = DataHelper.readLine(in, command);
    835837             if (!ok)
    836                  throw new EOFException("EOF reached before the end of the headers [" + buf.toString() + "]");
     838                 throw new EOFException("EOF reached before the end of the headers");
    837839        }
    838840       
     
    854856            ctx.statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed);
    855857       
     858        int totalSize = command.length();
    856859        int i = 0;
    857860        while (true) {
     
    865868                 boolean ok = DataHelper.readLine(in, buf);
    866869                 if (!ok)
    867                      throw new BadRequestException("EOF reached before the end of the headers [" + buf.toString() + "]");
     870                     throw new BadRequestException("EOF reached before the end of the headers");
    868871            }
    869872            if ( (buf.length() == 0) ||
     
    873876            } else {
    874877                if (ctx.clock().now() > expire) {
    875                     throw new SocketTimeoutException("Headers took too long [" + buf.toString() + "]");
     878                    throw new SocketTimeoutException("Headers took too long");
    876879                }
    877880                int split = buf.indexOf(":");
    878                 if (split <= 0) throw new BadRequestException("Invalid HTTP header, missing colon [" + buf.toString() + "]");
     881                if (split <= 0)
     882                    throw new BadRequestException("Invalid HTTP header, missing colon");
     883                totalSize += buf.length();
     884                if (totalSize > MAX_TOTAL_HEADER_SIZE)
     885                    throw new LineTooLongException("Req+headers too big");
    879886                String name = buf.substring(0, split).trim();
    880887                String value = null;
Note: See TracChangeset for help on using the changeset viewer.