Limit the data size of Simple RPC to 16M and the array size to 16K.

jossonsmith · jossonsmith · commit df1750605a37 · 2006-12-21T13:10:00.000Z
diff --git a/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCHttpServlet.java b/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCHttpServlet.java
@@ -105,13 +105,21 @@ public Object getNewInstanceByClassName(String className) {
 		}
 		return null;
 	}
-	public static String readAll(InputStream res) {
+	private String readAll(InputStream res) {
 		try {
 			ByteArrayOutputStream baos = new ByteArrayOutputStream();
 			byte[] buf = new byte[1024];
 			int read = 0;
 			while ((read = res.read(buf)) != -1) {
 				baos.write(buf, 0, read);
+				if (baos.size() > 0x1000000) { // 16 * 1024 * 1024 // 16M!
+					/*
+					 * Some malicious request may try to allocate huge size of memory!
+					 * Limit the data size of HTTP request! 
+					 */
+					res.close();
+					throw new RuntimeException("Data size reaches the limit of Java2Script Simple RPC!");
+				}
 			}
 			res.close();
 			return baos.toString();
diff --git a/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleSerializable.java b/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleSerializable.java
@@ -67,6 +67,9 @@ public class SimpleSerializable {
 		} else {
 			var l4 = this[name].length;
 			if (l4 > 52) {
+				if (l4 > 0x4000) { // 16 * 1024
+					throw new RuntimeException("Array size reaches the limit of Java2Script Simple RPC!");
+				}
 				buffer[buffer.length] = String.fromCharCode (baseChar - 2);
 				var value = "" + l4;
 				buffer[buffer.length] = String.fromCharCode (baseChar + value.length);
@@ -98,7 +101,11 @@ public class SimpleSerializable {
 		}
 	}
 }
-return buffer.join ('');
+var strBuf = buffer.join ('');
+if (strBuf.length > 0x1000000) { // 16 * 1024 * 1024
+	throw new RuntimeException("Data size reaches the limit of Java2Script Simple RPC!");
+}
+return strBuf;
 	 */
 	public String serialize() {
 		char baseChar = 'B';
@@ -315,6 +322,9 @@ public String serialize() {
 		} catch (UnsupportedEncodingException e) {
 			e.printStackTrace();
 		}
+		if (buffer.length() > 0x1000000) { // 16 * 1024 * 1024
+			throw new RuntimeException("Data size reaches the limit of Java2Script Simple RPC!");
+		}
 		return buffer.toString();
 	}
 
@@ -327,6 +337,9 @@ public String serialize() {
 	private void serializeLength(StringBuffer buffer, int length) {
 		char baseChar = 'B';
 		if (length > 52) {
+			if (length > 0x4000) { // 16 * 1024
+				throw new RuntimeException("Array size reaches the limit of Java2Script Simple RPC!");
+			}
 			buffer.append((char) (baseChar - 2));
 			String value = "" + length;
 			buffer.append((char) (baseChar + value.length()));
@@ -429,6 +442,9 @@ private void serializeString(StringBuffer buffer, String s) throws UnsupportedEn
 				var c4 = str.charCodeAt(index++);
 				var l3 = c4 - baseChar;
 				l2 = parseInt(str.substring(index, index + l3));
+				if (l2 > 0x4000) { // 16 * 1024
+					throw new RuntimeException("Array size reaches the limit of Java2Script Simple RPC!");
+				}
 				index += l3;
 			}
 			var arr = new Array (l2);
@@ -563,6 +579,13 @@ public void deserialize(String str) {
 							char c4 = str.charAt(index++);
 							int l3 = c4 - baseChar;
 							l2 = Integer.parseInt(str.substring(index, index + l3));
+							if (l2 > 0x4000) { // 16 * 1024
+								/*
+								 * Some malicious string may try to allocate huge size of array!
+								 * Limit the size of array here! 
+								 */
+								throw new RuntimeException("Array size reaches the limit of Java2Script Simple RPC!");
+							}
 							index += l3;
 						}
 						String[] ss = new String[l2];
