hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gordon Mohr (JIRA)" <j...@apache.org>
Subject [jira] Created: (HTTPCORE-4) feature request: optional header limits to contain OOME risks
Date Fri, 19 May 2006 01:32:06 GMT
feature request: optional header limits to contain OOME risks
-------------------------------------------------------------

         Key: HTTPCORE-4
         URL: http://issues.apache.org/jira/browse/HTTPCORE-4
     Project: Jakarta HttpCore
        Type: New Feature

  Components: HttpCore  
    Versions: 4.0-alpha1    
    Reporter: Gordon Mohr


It would be desirable to be able to specify limits in the parsing of HTTP messages, so that
impractically large content (inadvertently or maliciously) fails in a manageable way, rather
than triggering an OutOfMemoryError. 

One possibility would be to set limits on HTTP header line lengths and number of headers;
once exceeded, an exception would be thrown.  

Another would be to set a byte-total cap on how much content can be considered to contribute
to the headers; past that cap, an exception would be thrown.

A possible wrinkle would be implementing compatible limits at other places mid- or late-message
where unbounded numbers of headers could again appear (multipart; chunked; footers). 

See also:

 http://issues.apache.org/jira/browse/HTTPCORE-3?page=all

 http://issues.apache.org/bugzilla/show_bug.cgi?id=25468



-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: httpclient-dev-help@jakarta.apache.org


Mime
View raw message