Limit/validate string lengths for various identifiers to prevent DoS from large objects
Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188
diff --git a/core/api/src/main/java/org/onosproject/net/DeviceId.java b/core/api/src/main/java/org/onosproject/net/DeviceId.java
index e7b13f7..09b427b 100644
--- a/core/api/src/main/java/org/onosproject/net/DeviceId.java
+++ b/core/api/src/main/java/org/onosproject/net/DeviceId.java
@@ -18,6 +18,8 @@
import java.net.URI;
import java.util.Objects;
+import static com.google.common.base.Preconditions.checkArgument;
+
/**
* Immutable representation of a device identity.
*/
@@ -28,6 +30,8 @@
*/
public static final DeviceId NONE = deviceId("none:none");
+ private static final int DEVICE_ID_MAX_LENGTH = 1024;
+
private final URI uri;
private final String str;
@@ -61,6 +65,8 @@
* @return DeviceId
*/
public static DeviceId deviceId(String string) {
+ checkArgument(string.length() <= DEVICE_ID_MAX_LENGTH,
+ "deviceId exceeds maximum length " + DEVICE_ID_MAX_LENGTH);
return deviceId(URI.create(string));
}