Limit/validate string lengths for various identifiers to prevent DoS from large objects
Change-Id: Ib7c34ddf8bd161efdf8d00a50f3378f9b7366188
diff --git a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
index 4677cc7..8122bd0 100644
--- a/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
+++ b/core/api/src/main/java/org/onosproject/net/key/DeviceKey.java
@@ -22,6 +22,7 @@
import org.onosproject.net.Annotations;
import org.onosproject.net.DefaultAnnotations;
+import static com.google.common.base.Preconditions.checkArgument;
import static com.google.common.base.Preconditions.checkNotNull;
import static com.google.common.base.Preconditions.checkState;
import static org.onosproject.net.DefaultAnnotations.builder;
@@ -32,6 +33,8 @@
@Beta
public class DeviceKey extends AbstractAnnotated {
+ private static final int LABEL_MAX_LENGTH = 1024;
+
// device key identifier
private final DeviceKeyId deviceKeyId;
// label of the device key
@@ -66,6 +69,9 @@
private DeviceKey(DeviceKeyId id, String label, Type type, Annotations... annotations) {
super(annotations);
checkNotNull(id, "The DeviceKeyId cannot be null.");
+ if (label != null) {
+ checkArgument(label.length() <= LABEL_MAX_LENGTH, "label exceeds maximum length " + LABEL_MAX_LENGTH);
+ }
this.deviceKeyId = id;
this.label = label;
this.type = type;