commit 0d89ea342a8234e12d7c3cf73bd3ad64dd4a19ba
author Jordan Halterman <jordan@onlab.us> Tue Jun 13 10:42:36 2017 -0700
committer Ray Milkey <ray@onlab.us> Fri Jun 16 21:45:12 2017 +0000
tree 9b81321f80a417af39e005a9d589121e515fc95b
parent c939037f350fd1570f184670682eb50f40f7cb0c

Limit/validate string lengths for various identifiers to prevent DoS from large objects

Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188

core/api/src/main/java/org/onosproject/net/key/DeviceKey.java

diff --git a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
index 4677cc7..8122bd0 100644
--- a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
+++ b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
@@ -22,6 +22,7 @@
 import org.onosproject.net.Annotations;
 import org.onosproject.net.DefaultAnnotations;
 
+import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
 import static com.google.common.base.Preconditions.checkState;
 import static org.onosproject.net.DefaultAnnotations.builder;
@@ -32,6 +33,8 @@
 @Beta
 public class DeviceKey extends AbstractAnnotated {
 
+    private static final int LABEL_MAX_LENGTH = 1024;
+
     // device key identifier
     private final DeviceKeyId deviceKeyId;
     // label of the device key
@@ -66,6 +69,9 @@
     private DeviceKey(DeviceKeyId id, String label, Type type, Annotations... annotations) {
         super(annotations);
         checkNotNull(id, "The DeviceKeyId cannot be null.");
+        if (label != null) {
+            checkArgument(label.length() <= LABEL_MAX_LENGTH, "label exceeds maximum length " + LABEL_MAX_LENGTH);
+        }
         this.deviceKeyId = id;
         this.label = label;
         this.type = type;

core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java

diff --git a/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java b/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
index ad401a1..6339e38 100644
--- a/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
+++ b/core/api/src/main/java/org/onosproject/net/key/DeviceKeyId.java
@@ -18,11 +18,15 @@
 
 import org.onlab.util.Identifier;
 
+import static com.google.common.base.Preconditions.checkArgument;
+
 /**
  * Device key identifier backed by a string value.
  */
 public final class DeviceKeyId extends Identifier<String> {
 
+    private static final int ID_MAX_LENGTH = 1024;
+
     /**
      * Constructor for serialization.
      */
@@ -46,6 +50,9 @@
      * @return device key identifier
      */
     public static DeviceKeyId deviceKeyId(String id) {
+        if (id != null) {
+            checkArgument(id.length() <= ID_MAX_LENGTH, "id exceeds maximum length " + ID_MAX_LENGTH);
+        }
         return new DeviceKeyId(id);
     }