Return-Path: 
 <tomcat-dev-return-5164-qmlist-jakarta-archive-tomcat-dev=jakarta.apache.org@jakarta.apache.org>
Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org
Received: (qmail 36749 invoked from network); 8 Feb 2002 03:11:00 -0000
Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131)
  by daedalus.apache.org with SMTP; 8 Feb 2002 03:11:00 -0000
Received: (qmail 22300 invoked by uid 97); 8 Feb 2002 03:10:59 -0000
Delivered-To: qmlist-jakarta-archive-tomcat-dev@jakarta.apache.org
Received: (qmail 22284 invoked by uid 97); 8 Feb 2002 03:10:58 -0000
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
List-Subscribe: <mailto:tomcat-dev-subscribe@jakarta.apache.org>
List-Help: <mailto:tomcat-dev-help@jakarta.apache.org>
List-Post: <mailto:tomcat-dev@jakarta.apache.org>
List-Id: "Tomcat Developers List" <tomcat-dev.jakarta.apache.org>
Reply-To: "Tomcat Developers List" <tomcat-dev@jakarta.apache.org>
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 22273 invoked by uid 97); 8 Feb 2002 03:10:58 -0000
Date: 8 Feb 2002 03:10:48 -0000
Message-ID: <20020208031048.85582.qmail@icarus.apache.org>
From: billbarker@apache.org
To: jakarta-tomcat-cvs@apache.org
Subject: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/util/net
 TcpConnection.java
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

billbarker    02/02/07 19:10:48

  Modified:    src/share/org/apache/tomcat/util/net TcpConnection.java
  Log:
  Prevent a possible DoS exploit.
  
  The last fix opens the possiblity of a DoS attack by continuously streaming data to Tomcat.  This should be a good compromise between being nice and staying alive.
  
  Thanks to Costin for making me aware of this potential problem.
  
  Revision  Changes    Path
  1.4       +12 -4     jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java
  
  Index: TcpConnection.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- TcpConnection.java	2 Feb 2002 03:24:32 -0000	1.3
  +++ TcpConnection.java	8 Feb 2002 03:10:48 -0000	1.4
  @@ -1,7 +1,7 @@
   /*
  - * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v 1.3 2002/02/02 03:24:32 billbarker Exp $
  - * $Revision: 1.3 $
  - * $Date: 2002/02/02 03:24:32 $
  + * $Header: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/util/net/TcpConnection.java,v 1.4 2002/02/08 03:10:48 billbarker Exp $
  + * $Revision: 1.4 $
  + * $Date: 2002/02/08 03:10:48 $
    *
    * ====================================================================
    *
  @@ -72,6 +72,10 @@
    *
    */
   public class TcpConnection  { // implements Endpoint {
  +    /**
  +     * Maxium number of times to clear the socket input buffer.
  +     */
  +    static  int MAX_SHUTDOWN_TRIES=20;
   
       public TcpConnection() {
       }
  @@ -81,6 +85,9 @@
       PoolTcpEndpoint endpoint;
       Socket socket;
   
  +    public static void setMaxShutdownTries(int mst) {
  +	MAX_SHUTDOWN_TRIES = mst;
  +    }
       public void setEndpoint(PoolTcpEndpoint endpoint) {
   	this.endpoint = endpoint;
       }
  @@ -129,12 +136,13 @@
   	try {
   	    InputStream is = socket.getInputStream();
   	    int available = is.available ();
  +	    int count=0;
   	    
   	    // XXX on JDK 1.3 just socket.shutdownInput () which
   	    // was added just to deal with such issues.
   	    
   	    // skip any unread (bogus) bytes
  -	    while (available > 0) {
  +	    while (available > 0 && count++ < MAX_SHUTDOWN_TRIES) {
   		is.skip (available);
   		available = is.available();
   	    }
  
  
  

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>