[1/3] struts git commit: [WW-4620] Improve XWorkListPropertyAccessor to against DOS attack

Mon, 29 Aug 2016 23:32:54 -0700 

Repository: struts
Updated Branches:
  refs/heads/master 83e284145 -> 18be60fa1


[WW-4620] Improve XWorkListPropertyAccessor to against DOS attack


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/df721885
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/df721885
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/df721885

Branch: refs/heads/master
Commit: df721885c38e9aab82ba3f6593a62ab8c180b7d6
Parents: 6e07a63
Author: zhouyanming <zhouyanm...@gmail.com>
Authored: Tue Jun 28 12:30:10 2016 +0800
Committer: Yanming Zhou <zhouyanm...@gmail.com>
Committed: Thu Jun 30 15:12:21 2016 +0800

----------------------------------------------------------------------
 .../xwork2/ognl/accessor/XWorkListPropertyAccessor.java     | 9 +++++++++
 1 file changed, 9 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/df721885/core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
 
b/core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
index 6201dae..72a6371 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/ognl/accessor/XWorkListPropertyAccessor.java
@@ -45,6 +45,12 @@ public class XWorkListPropertyAccessor extends 
ListPropertyAccessor {
     private ObjectFactory objectFactory;
     private ObjectTypeDeterminer objectTypeDeterminer;
     private OgnlUtil ognlUtil;
+    private int autoGrowCollectionLimit = 255;
+    
+    @Inject(value="java.util.Collection.autoGrowCollectionLimit", required = 
false)
+       public void setAutoGrowCollectionLimit(String value) {
+               this.autoGrowCollectionLimit = Integer.valueOf(value);
+       }
     
     @Inject("java.util.Collection")
     public void setXWorkCollectionPropertyAccessor(PropertyAccessor acc) {
@@ -158,6 +164,9 @@ public class XWorkListPropertyAccessor extends 
ListPropertyAccessor {
             List list = (List) target;
             int listSize = list.size();
             int count = ((Number) name).intValue();
+            if(count > autoGrowCollectionLimit)
+               throw new OgnlException("Error auto growing collection size to 
" + count + " which limited to "
+                                               + autoGrowCollectionLimit);
             if (count >= listSize) {
                 for (int i = listSize; i <= count; i++) {
                     list.add(null);

Reply via email to