Gitiles
Code Review Sign In
gerrit.onosproject.org / onos / 0d89ea342a8234e12d7c3cf73bd3ad64dd4a19ba^! / . / core / api / src / main / java / org / onosproject / net / DefaultDevice.java
commit0d89ea342a8234e12d7c3cf73bd3ad64dd4a19ba[log] [tgz]
authorJordan Halterman <jordan@onlab.us>Tue Jun 13 10:42:36 2017 -0700
committerRay Milkey <ray@onlab.us>Fri Jun 16 21:45:12 2017 +0000
tree9b81321f80a417af39e005a9d589121e515fc95b
parentc939037f350fd1570f184670682eb50f40f7cb0c [diff] [blame]
Limit/validate string lengths for various identifiers to prevent DoS from large objects

Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188

diff --git a/core/api/src/main/java/org/onosproject/net/DefaultDevice.java b/core/api/src/main/java/org/onosproject/net/DefaultDevice.java
index b5e6a16..522e8f9 100644
--- a/core/api/src/main/java/org/onosproject/net/DefaultDevice.java
+++ b/core/api/src/main/java/org/onosproject/net/DefaultDevice.java

@@ -26,12 +26,18 @@
 import java.util.Objects;
 
 import static com.google.common.base.MoreObjects.toStringHelper;
+import static com.google.common.base.Preconditions.checkArgument;
 
 /**
  * Default infrastructure device model implementation.
  */
 public class DefaultDevice extends AbstractElement implements Device {
 
+    private static final int MANUFACTURER_MAX_LENGTH = 256;
+    private static final int HW_VERSION_MAX_LENGTH = 256;
+    private static final int SW_VERSION_MAX_LENGTH = 256;
+    private static final int SERIAL_NUMBER_MAX_LENGTH = 256;
+
     private final Type type;
     private final String manufacturer;
     private final String serialNumber;
@@ -67,6 +73,22 @@
                          String serialNumber, ChassisId chassisId,
                          Annotations... annotations) {
         super(providerId, id, annotations);
+        if (hwVersion != null) {
+            checkArgument(hwVersion.length() <= HW_VERSION_MAX_LENGTH,
+                    "hwVersion exceeds maximum length " + HW_VERSION_MAX_LENGTH);
+        }
+        if (swVersion != null) {
+            checkArgument(swVersion.length() <= SW_VERSION_MAX_LENGTH,
+                    "swVersion exceeds maximum length " + SW_VERSION_MAX_LENGTH);
+        }
+        if (manufacturer != null) {
+            checkArgument(manufacturer.length() <= MANUFACTURER_MAX_LENGTH,
+                    "manufacturer exceeds maximum length " + MANUFACTURER_MAX_LENGTH);
+        }
+        if (serialNumber != null) {
+            checkArgument(serialNumber.length() <= SERIAL_NUMBER_MAX_LENGTH,
+                    "serialNumber exceeds maximum length " + SERIAL_NUMBER_MAX_LENGTH);
+        }
         this.type = type;
         this.manufacturer = manufacturer;
         this.hwVersion = hwVersion;