From 8258cdd6cf7608226a94a341427237cce3117fee Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Thu, 15 Apr 2010 18:13:30 +0000
Subject: [PATCH] Limit max header lines

---
 .../java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java     | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
index d23185780a..418dd1de90 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/I2PTunnelHTTPServer.java
@@ -321,6 +321,9 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
         return buf.toString();
     }
     
+    /** ridiculously long, just to prevent OOM DOS @since 0.7.13 */
+    private static final int MAX_HEADERS = 60;
+
     private Properties readHeaders(InputStream in, StringBuilder command) throws IOException {
         Properties headers = new Properties();
         StringBuilder buf = new StringBuilder(128);
@@ -344,7 +347,10 @@ public class I2PTunnelHTTPServer extends I2PTunnelServer {
         if (trimmed > 0)
             getTunnel().getContext().statManager().addRateData("i2ptunnel.httpNullWorkaround", trimmed, 0);
         
+        int i = 0;
         while (true) {
+            if (++i > MAX_HEADERS)
+                throw new IOException("Too many header lines - max " + MAX_HEADERS);
             buf.setLength(0);
             ok = DataHelper.readLine(in, buf);
             if (!ok) throw new IOException("EOF reached before the end of the headers [" + buf.toString() + "]");
-- 
GitLab