From 9373d58b534ef878cd6fbca72c98a1e4963b4f08 Mon Sep 17 00:00:00 2001 From: Zlatin Balevsky Date: Mon, 18 Nov 2019 09:00:11 +0000 Subject: [PATCH] limit the time a header read can take --- core/src/main/java/com/muwire/core/Constants.java | 1 + core/src/main/java/com/muwire/core/util/DataUtil.java | 3 +++ 2 files changed, 4 insertions(+) diff --git a/core/src/main/java/com/muwire/core/Constants.java b/core/src/main/java/com/muwire/core/Constants.java index 40ef5744..eef95fcc 100644 --- a/core/src/main/java/com/muwire/core/Constants.java +++ b/core/src/main/java/com/muwire/core/Constants.java @@ -11,6 +11,7 @@ public class Constants { public static final int MAX_HEADER_SIZE = 0x1 << 14; public static final int MAX_HEADERS = 16; + public static final long MAX_HEADER_TIME = 60 * 1000; public static final int MAX_RESULTS = 0x1 << 16; diff --git a/core/src/main/java/com/muwire/core/util/DataUtil.java b/core/src/main/java/com/muwire/core/util/DataUtil.java index b112ba35..ea795963 100644 --- a/core/src/main/java/com/muwire/core/util/DataUtil.java +++ b/core/src/main/java/com/muwire/core/util/DataUtil.java @@ -91,9 +91,12 @@ public class DataUtil { } public static String readTillRN(InputStream is) throws IOException { + final long start = System.currentTimeMillis(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); while(baos.size() < (Constants.MAX_HEADER_SIZE)) { int read = is.read(); + if (System.currentTimeMillis() - start > Constants.MAX_HEADER_TIME) + throw new IOException("header taking too long"); if (read == -1) throw new IOException(); if (read == '\r') {