tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From billbar...@apache.org
Subject cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/net TcpConnection.java
Date Fri, 08 Feb 2002 03:10:48 GMT
billbarker    02/02/07 19:10:48

  Modified:    src/share/org/apache/tomcat/util/net TcpConnection.java
  Log:
  Prevent a possible DoS exploit.
  
  The last fix opens the possiblity of a DoS attack by continuously streaming data to Tomcat.
 This should be a good compromise between being nice and staying alive.
  
  Thanks to Costin for making me aware of this potential problem.
  
  Revision  Changes    Path
  1.4       +12 -4     jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java
  
  Index: TcpConnection.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- TcpConnection.java	2 Feb 2002 03:24:32 -0000	1.3
  +++ TcpConnection.java	8 Feb 2002 03:10:48 -0000	1.4
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v
1.3 2002/02/02 03:24:32 billbarker Exp $
  - * $Revision: 1.3 $
  - * $Date: 2002/02/02 03:24:32 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v
1.4 2002/02/08 03:10:48 billbarker Exp $
  + * $Revision: 1.4 $
  + * $Date: 2002/02/08 03:10:48 $
    *
    * ====================================================================
    *
  @@ -72,6 +72,10 @@
    *
    */
   public class TcpConnection  { // implements Endpoint {
  +    /**
  +     * Maxium number of times to clear the socket input buffer.
  +     */
  +    static  int MAX_SHUTDOWN_TRIES=20;
   
       public TcpConnection() {
       }
  @@ -81,6 +85,9 @@
       PoolTcpEndpoint endpoint;
       Socket socket;
   
  +    public static void setMaxShutdownTries(int mst) {
  +	MAX_SHUTDOWN_TRIES = mst;
  +    }
       public void setEndpoint(PoolTcpEndpoint endpoint) {
   	this.endpoint = endpoint;
       }
  @@ -129,12 +136,13 @@
   	try {
   	    InputStream is = socket.getInputStream();
   	    int available = is.available ();
  +	    int count=0;
   	    
   	    // XXX on JDK 1.3 just socket.shutdownInput () which
   	    // was added just to deal with such issues.
   	    
   	    // skip any unread (bogus) bytes
  -	    while (available > 0) {
  +	    while (available > 0 && count++ < MAX_SHUTDOWN_TRIES) {
   		is.skip (available);
   		available = is.available();
   	    }
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message