I'm looking at the shutdown command wait code, and I'm a bit perplexed at
one piece.
Could someone explain to me how the following code from StandardServer,
starting from line 526 (v5.0.27), helps protect from a Dos attack? Why not
simply limit the incoming stream to 1024, and be done with it?
There is some crazy random Star Trek code in here. Please learn me.
Lukas
// Read a set of characters from the socket
StringBuffer command = new StringBuffer();
int expected = 1024; // Cut off to avoid DoS attack
while (expected < shutdown.length()) {
if (random == null)
random = new Random(System.currentTimeMillis());
expected += (random.nextInt() % 1024);
}
while (expected > 0) {
int ch = -1;
try {
ch = stream.read();
} catch (IOException e) {
System.err.println("StandardServer.await: read: " + e);
e.printStackTrace();
ch = -1;
}
if (ch < 32) // Control character or EOF terminates loop
break;
command.append((char) ch);
expected--;
}
