File jetty-hashDOS.patch of Package jetty5.openSUSE_12.1_Update
Index: jetty-5.1.14/src/org/mortbay/http/HttpRequest.java
===================================================================
--- jetty-5.1.14.orig/src/org/mortbay/http/HttpRequest.java 2006-11-23 09:56:52.000000000 +0100
+++ jetty-5.1.14/src/org/mortbay/http/HttpRequest.java 2012-02-10 14:07:03.942175496 +0100
@@ -80,6 +80,14 @@
/* ------------------------------------------------------------ */
/**
+ * Maximum number of form Keys to protect against DOS attack from crafted hash keys.
+ * Set via the org.eclipse.jetty.server.Request.maxFormKeys
+ */
+ private static int __maxFormKeys = Integer.getInteger(
+ "org.eclipse.jetty.server.Request.maxFormKeys",1000).intValue();
+
+ /* ------------------------------------------------------------ */
+ /**
* Maximum header line length.
*/
public static int __maxLineLength = 4096;
@@ -891,7 +899,7 @@
throw new IllegalStateException("Form too large");
// Add form params to query params
- UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters,encoding);
+ UrlEncoded.decodeTo(bout.getBuf(), 0, bout.getCount(), _parameters, encoding, __maxFormKeys);
}
catch (EOFException e)
{
Index: jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java
===================================================================
--- jetty-5.1.14.orig/src/org/mortbay/util/UrlEncoded.java 2005-12-22 00:14:38.000000000 +0100
+++ jetty-5.1.14/src/org/mortbay/util/UrlEncoded.java 2012-02-10 14:09:59.119192395 +0100
@@ -71,13 +71,13 @@
/* ----------------------------------------------------------------- */
public void decode(String query)
{
- decodeTo(query,this,StringUtil.__ISO_8859_1);
+ decodeTo(query,this,StringUtil.__ISO_8859_1,-1);
}
/* ----------------------------------------------------------------- */
public void decode(String query,String charset)
{
- decodeTo(query,this,charset);
+ decodeTo(query,this,charset,-1);
}
/* -------------------------------------------------------------- */
@@ -162,10 +162,8 @@
*/
public static void decodeTo(String content,MultiMap map)
{
- decodeTo(content,map,StringUtil.__ISO_8859_1);
+ decodeTo(content,map,StringUtil.__ISO_8859_1,-1);
}
-
-
/* -------------------------------------------------------------- */
/** Decoded parameters to Map.
@@ -173,6 +171,15 @@
*/
public static void decodeTo(String content, MultiMap map, String charset)
{
+ decodeTo(content,map,charset, -1);
+ }
+
+ /* -------------------------------------------------------------- */
+ /** Decoded parameters to Map.
+ * @param content the string containing the encoded parameters
+ */
+ public static void decodeTo(String content, MultiMap map, String charset, int maxKeys)
+ {
if (charset==null)
charset=StringUtil.__ISO_8859_1;
@@ -199,6 +206,11 @@
map.add(key,value);
key = null;
}
+ if (maxKeys>0 && map.size()>maxKeys)
+ {
+ log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys));
+ return;
+ }
break;
case '=':
if (key!=null)
@@ -239,7 +251,7 @@
/** Decoded parameters to Map.
* @param data the byte[] containing the encoded parameters
*/
- public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset)
+ public static void decodeTo(byte[] data, int offset, int length, MultiMap map, String charset, int maxKeys)
{
if (data == null || length == 0)
return;
@@ -269,6 +281,11 @@
key = null;
}
ox = offset;
+ if (maxKeys>0 && map.size()>maxKeys)
+ {
+ log.warn("maxFormKeys limit exceeded keys>" + Integer.valueOf(maxKeys));
+ return;
+ }
break;
case '=':
if (key!=null)
