[ http://issues.apache.org/jira/browse/HTTPCORE-4?page=comments#action_12414381 ]
Oleg Kalnichevski commented on HTTPCORE-4: ------------------------------------------ Added max header count check http://svn.apache.org/viewvc?rev=411100&view=rev Please review Oleg > feature request: optional header limits to contain OOME risks > ------------------------------------------------------------- > > Key: HTTPCORE-4 > URL: http://issues.apache.org/jira/browse/HTTPCORE-4 > Project: Jakarta HttpCore > Type: New Feature > Components: HttpCore > Versions: 4.0-alpha1 > Reporter: Gordon Mohr > Assignee: Oleg Kalnichevski > Fix For: 4.0-alpha2 > > It would be desirable to be able to specify limits in the parsing of HTTP > messages, so that impractically large content (inadvertently or maliciously) > fails in a manageable way, rather than triggering an OutOfMemoryError. > One possibility would be to set limits on HTTP header line lengths and number > of headers; once exceeded, an exception would be thrown. > Another would be to set a byte-total cap on how much content can be > considered to contribute to the headers; past that cap, an exception would be > thrown. > A possible wrinkle would be implementing compatible limits at other places > mid- or late-message where unbounded numbers of headers could again appear > (multipart; chunked; footers). > See also: > http://issues.apache.org/jira/browse/HTTPCORE-3?page=all > http://issues.apache.org/bugzilla/show_bug.cgi?id=25468 -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
