Limit/validate string lengths for various identifiers to prevent DoS from large objects
Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188
diff --git a/core/api/src/main/java/org/onosproject/cluster/NodeId.java b/core/api/src/main/java/org/onosproject/cluster/NodeId.java
index d4c4c2e..80e94dc 100644
--- a/core/api/src/main/java/org/onosproject/cluster/NodeId.java
+++ b/core/api/src/main/java/org/onosproject/cluster/NodeId.java
@@ -17,11 +17,15 @@
import org.onlab.util.Identifier;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Controller cluster identity.
*/
public final class NodeId extends Identifier<String> implements Comparable<NodeId> {
+ private static final int ID_MAX_LENGTH = 1024;
+
/**
* Constructor for serialization.
*/
@@ -36,6 +40,7 @@
*/
public NodeId(String id) {
super(id);
+ checkArgument(id.length() <= ID_MAX_LENGTH, "id exceeds maximum length " + ID_MAX_LENGTH);
}
/**