Limit/validate string lengths for various identifiers to prevent DoS from large objects
Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188
diff --git a/core/api/src/main/java/org/onosproject/cluster/NodeId.java b/core/api/src/main/java/org/onosproject/cluster/NodeId.java
index d4c4c2e..80e94dc 100644
--- a/core/api/src/main/java/org/onosproject/cluster/NodeId.java
+++ b/core/api/src/main/java/org/onosproject/cluster/NodeId.java
@@ -17,11 +17,15 @@
import org.onlab.util.Identifier;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Controller cluster identity.
*/
public final class NodeId extends Identifier<String> implements Comparable<NodeId> {
+ private static final int ID_MAX_LENGTH = 1024;
+
/**
* Constructor for serialization.
*/
@@ -36,6 +40,7 @@
*/
public NodeId(String id) {
super(id);
+ checkArgument(id.length() <= ID_MAX_LENGTH, "id exceeds maximum length " + ID_MAX_LENGTH);
}
/**
diff --git a/core/api/src/main/java/org/onosproject/core/DefaultApplicationId.java b/core/api/src/main/java/org/onosproject/core/DefaultApplicationId.java
index ef46bf2..71e3a3a 100644
--- a/core/api/src/main/java/org/onosproject/core/DefaultApplicationId.java
+++ b/core/api/src/main/java/org/onosproject/core/DefaultApplicationId.java
@@ -25,6 +25,7 @@
*/
public class DefaultApplicationId implements ApplicationId {
+ private static final int NAME_MAX_LENGTH = 1024;
private final short id;
private final String name;
@@ -36,6 +37,9 @@
*/
public DefaultApplicationId(int id, String name) {
checkArgument(0 <= id && id <= Short.MAX_VALUE, "id is outside range");
+ if (name != null) {
+ checkArgument(name.length() <= NAME_MAX_LENGTH, "name exceeds maximum length " + NAME_MAX_LENGTH);
+ }
this.id = (short) id;
this.name = name;
}
diff --git a/core/api/src/main/java/org/onosproject/net/DefaultDevice.java b/core/api/src/main/java/org/onosproject/net/DefaultDevice.java
index b5e6a16..522e8f9 100644
--- a/core/api/src/main/java/org/onosproject/net/DefaultDevice.java
+++ b/core/api/src/main/java/org/onosproject/net/DefaultDevice.java
@@ -26,12 +26,18 @@
import java.util.Objects;
import static com.google.common.base.MoreObjects.toStringHelper;
+import static com.google.common.base.Preconditions.checkArgument;
/**
* Default infrastructure device model implementation.
*/
public class DefaultDevice extends AbstractElement implements Device {
+ private static final int MANUFACTURER_MAX_LENGTH = 256;
+ private static final int HW_VERSION_MAX_LENGTH = 256;
+ private static final int SW_VERSION_MAX_LENGTH = 256;
+ private static final int SERIAL_NUMBER_MAX_LENGTH = 256;
+
private final Type type;
private final String manufacturer;
private final String serialNumber;
@@ -67,6 +73,22 @@
String serialNumber, ChassisId chassisId,
Annotations... annotations) {
super(providerId, id, annotations);
+ if (hwVersion != null) {
+ checkArgument(hwVersion.length() <= HW_VERSION_MAX_LENGTH,
+ "hwVersion exceeds maximum length " + HW_VERSION_MAX_LENGTH);
+ }
+ if (swVersion != null) {
+ checkArgument(swVersion.length() <= SW_VERSION_MAX_LENGTH,
+ "swVersion exceeds maximum length " + SW_VERSION_MAX_LENGTH);
+ }
+ if (manufacturer != null) {
+ checkArgument(manufacturer.length() <= MANUFACTURER_MAX_LENGTH,
+ "manufacturer exceeds maximum length " + MANUFACTURER_MAX_LENGTH);
+ }
+ if (serialNumber != null) {
+ checkArgument(serialNumber.length() <= SERIAL_NUMBER_MAX_LENGTH,
+ "serialNumber exceeds maximum length " + SERIAL_NUMBER_MAX_LENGTH);
+ }
this.type = type;
this.manufacturer = manufacturer;
this.hwVersion = hwVersion;
diff --git a/core/api/src/main/java/org/onosproject/net/DeviceId.java b/core/api/src/main/java/org/onosproject/net/DeviceId.java
index e7b13f7..09b427b 100644
--- a/core/api/src/main/java/org/onosproject/net/DeviceId.java
+++ b/core/api/src/main/java/org/onosproject/net/DeviceId.java
@@ -18,6 +18,8 @@
import java.net.URI;
import java.util.Objects;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Immutable representation of a device identity.
*/
@@ -28,6 +30,8 @@
*/
public static final DeviceId NONE = deviceId("none:none");
+ private static final int DEVICE_ID_MAX_LENGTH = 1024;
+
private final URI uri;
private final String str;
@@ -61,6 +65,8 @@
* @return DeviceId
*/
public static DeviceId deviceId(String string) {
+ checkArgument(string.length() <= DEVICE_ID_MAX_LENGTH,
+ "deviceId exceeds maximum length " + DEVICE_ID_MAX_LENGTH);
return deviceId(URI.create(string));
}
diff --git a/core/api/src/main/java/org/onosproject/net/domain/DomainId.java b/core/api/src/main/java/org/onosproject/net/domain/DomainId.java
index 6c67009..ef5e94f 100644
--- a/core/api/src/main/java/org/onosproject/net/domain/DomainId.java
+++ b/core/api/src/main/java/org/onosproject/net/domain/DomainId.java
@@ -18,11 +18,16 @@
import org.onlab.util.Identifier;
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
/**
* Representation of a domain identity.
*/
public class DomainId extends Identifier<String> {
+ private static final int DOMAIN_ID_MAX_LENGTH = 1024;
+
/**
* Represents the domain directly managed by ONOS.
*/
@@ -44,6 +49,9 @@
* @return instance of the class DomainId
*/
public static DomainId domainId(String identifier) {
+ checkNotNull(identifier, "identifier cannot be null");
+ checkArgument(identifier.length() <= DOMAIN_ID_MAX_LENGTH,
+ "identifier exceeds maximum length " + DOMAIN_ID_MAX_LENGTH);
return new DomainId(identifier);
}
}
diff --git a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
index 4677cc7..8122bd0 100644
--- a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
+++ b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
@@ -22,6 +22,7 @@
import org.onosproject.net.Annotations;
import org.onosproject.net.DefaultAnnotations;
+import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static org.onosproject.net.DefaultAnnotations.builder;
@@ -32,6 +33,8 @@
@Beta
public class DeviceKey extends AbstractAnnotated {
+ private static final int LABEL_MAX_LENGTH = 1024;
+
// device key identifier
private final DeviceKeyId deviceKeyId;
// label of the device key
@@ -66,6 +69,9 @@
private DeviceKey(DeviceKeyId id, String label, Type type, Annotations... annotations) {
super(annotations);
checkNotNull(id, "The DeviceKeyId cannot be null.");
+ if (label != null) {
+ checkArgument(label.length() <= LABEL_MAX_LENGTH, "label exceeds maximum length " + LABEL_MAX_LENGTH);
+ }
this.deviceKeyId = id;
this.label = label;
this.type = type;
diff --git a/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java b/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
index ad401a1..6339e38 100644
--- a/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
+++ b/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
@@ -18,11 +18,15 @@
import org.onlab.util.Identifier;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Device key identifier backed by a string value.
*/
public final class DeviceKeyId extends Identifier<String> {
+ private static final int ID_MAX_LENGTH = 1024;
+
/**
* Constructor for serialization.
*/
@@ -46,6 +50,9 @@
* @return device key identifier
*/
public static DeviceKeyId deviceKeyId(String id) {
+ if (id != null) {
+ checkArgument(id.length() <= ID_MAX_LENGTH, "id exceeds maximum length " + ID_MAX_LENGTH);
+ }
return new DeviceKeyId(id);
}
diff --git a/core/api/src/main/java/org/onosproject/net/region/DefaultRegion.java b/core/api/src/main/java/org/onosproject/net/region/DefaultRegion.java
index d229e92..de1e04c 100644
--- a/core/api/src/main/java/org/onosproject/net/region/DefaultRegion.java
+++ b/core/api/src/main/java/org/onosproject/net/region/DefaultRegion.java
@@ -26,11 +26,15 @@
import java.util.Objects;
import java.util.Set;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Default implementation of a region.
*/
public final class DefaultRegion extends AbstractAnnotated implements Region {
+ private static final int NAME_MAX_LENGTH = 1024;
+
private final RegionId id;
private final String name;
private final Type type;
@@ -52,6 +56,9 @@
this.name = name;
this.type = type;
this.masters = masters != null ? ImmutableList.copyOf(masters) : ImmutableList.of();
+ if (name != null) {
+ checkArgument(name.length() <= NAME_MAX_LENGTH, "name exceeds maximum length " + NAME_MAX_LENGTH);
+ }
}
@Override
diff --git a/core/api/src/main/java/org/onosproject/net/region/RegionId.java b/core/api/src/main/java/org/onosproject/net/region/RegionId.java
index 903d014..03cbc9c 100644
--- a/core/api/src/main/java/org/onosproject/net/region/RegionId.java
+++ b/core/api/src/main/java/org/onosproject/net/region/RegionId.java
@@ -18,11 +18,15 @@
import org.onlab.util.Identifier;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Region identifier backed by a string value.
*/
public final class RegionId extends Identifier<String> {
+ private static final int REGION_MAX_LENGTH = 1024;
+
/**
* Constructor for serialization.
*/
@@ -37,6 +41,9 @@
*/
private RegionId(String value) {
super(value);
+ if (value != null) {
+ checkArgument(value.length() <= REGION_MAX_LENGTH, "value exceeds maximum length " + REGION_MAX_LENGTH);
+ }
}
/**