Author: norman
Date: Fri Feb 5 13:29:36 2010
New Revision: 906931
URL: http://svn.apache.org/viewvc?rev=906931&view=rev
Log:
Add support for line length limit (prevent DOS)
Added:
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/LineLengthExceededException.java
Modified:
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
Modified:
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
URL:
http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java?rev=906931&r1=906930&r2=906931&view=diff
==============================================================================
---
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
(original)
+++
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/CRLFTerminatedLineDecoder.java
Fri Feb 5 13:29:36 2010
@@ -31,15 +31,32 @@
*/
public class CRLFTerminatedLineDecoder extends CumulativeProtocolDecoder {
+ private int maxLineLength;
+
+
+ public CRLFTerminatedLineDecoder(int maxLineLength) {
+ this.maxLineLength = maxLineLength;
+ }
+
+ public CRLFTerminatedLineDecoder() {
+ this(2048);
+ }
+
+
/*
* (non-Javadoc)
* @see
org.apache.mina.filter.codec.CumulativeProtocolDecoder#doDecode(org.apache.mina.core.session.IoSession,
org.apache.mina.core.buffer.IoBuffer,
org.apache.mina.filter.codec.ProtocolDecoderOutput)
*/
protected boolean doDecode(IoSession session, IoBuffer in,
ProtocolDecoderOutput out) throws Exception {
+
+ if (maxLineLength != -1 && in.capacity() > maxLineLength) {
+ throw new LineLengthExceededException(maxLineLength,
in.capacity());
+ }
// Remember the initial position.
int start = in.position();
+
// Now find the first CRLF in the buffer.
byte previous = 0;
while (in.hasRemaining()) {
Added:
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/LineLengthExceededException.java
URL:
http://svn.apache.org/viewvc/james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/LineLengthExceededException.java?rev=906931&view=auto
==============================================================================
---
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/LineLengthExceededException.java
(added)
+++
james/server/trunk/mina-socket/src/main/java/org/apache/james/socket/mina/codec/LineLengthExceededException.java
Fri Feb 5 13:29:36 2010
@@ -0,0 +1,36 @@
+/****************************************************************
+ * Licensed to the Apache Software Foundation (ASF) under one *
+ * or more contributor license agreements. See the NOTICE file *
+ * distributed with this work for additional information *
+ * regarding copyright ownership. The ASF licenses this file *
+ * to you under the Apache License, Version 2.0 (the *
+ * "License"); you may not use this file except in compliance *
+ * with the License. You may obtain a copy of the License at *
+ * *
+ * http://www.apache.org/licenses/LICENSE-2.0 *
+ * *
+ * Unless required by applicable law or agreed to in writing, *
+ * software distributed under the License is distributed on an *
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY *
+ * KIND, either express or implied. See the License for the *
+ * specific language governing permissions and limitations *
+ * under the License. *
+ ****************************************************************/
+
+
+package org.apache.james.socket.mina.codec;
+
+import java.io.IOException;
+
+/**
+ * Exception get thrown if the max line lenth was exceed
+ *
+ *
+ */
+...@suppresswarnings("serial")
+public class LineLengthExceededException extends IOException{
+
+ public LineLengthExceededException(int limit, int actualLength) {
+ super("Line length limit exceeded. Limit =>" + limit + " Actual=>" +
actualLength);
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
