[Sblim-commit] jsr48-client/src/org/sblim/cimclient WBEMListenerSBLIM.java, 1.22, 1.23 WBEMConfigurationProperties.java, 1.52, 1.53

[Dave B. <bla...@us...>]

Update of /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv2472/src/org/sblim/cimclient

Modified Files:
	WBEMListenerSBLIM.java WBEMConfigurationProperties.java 
Log Message:
2635 Slowloris DoS attack for CIM indication listener port

Index: WBEMConfigurationProperties.java
===================================================================
RCS file: /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/WBEMConfigurationProperties.java,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -d -r1.52 -r1.53
--- WBEMConfigurationProperties.java	8 May 2013 17:30:36 -0000	1.52
+++ WBEMConfigurationProperties.java	30 May 2013 12:25:24 -0000	1.53
@@ -45,6 +45,7 @@
  * 3598613    2013-01-11  blaschke-oss different data type in cim instance and cim object path
  *    2618    2013-02-27  blaschke-oss Need to add property to disable weak cipher suites for the secure indication
  *    2628    2013-03-26  blaschke-oss Limit size of LinkedList of CIMEvents to be dispatched
+ *    2635    2013-05-16  blaschke-oss Slowloris DoS attack for CIM indication listener port
  */
 package org.sblim.cimclient;
 
@@ -761,6 +762,38 @@
 	public static final String LISTENER_HTTP_TIMEOUT = "sblim.wbem.listenerHttpTimeout";
 
 	/**
+	 * The header timeout for http connections of an indication listener. The
+	 * header timeout is defined as the maximum amount of time allowed to read
+	 * in the entire http header. A timeout of zero is interpreted as infinite
+	 * timeout.<br />
+	 * <br />
+	 * Note: One form of DoS attack sends periodic http header lines in an
+	 * attempt to keep the socket open indefinitely. This timeout can be used to
+	 * thwart such an attempt.<br />
+	 * <br />
+	 * Type: <code>Integer</code><br/>
+	 * Unit: <code>Milliseconds</code><br />
+	 * Recognition: <code>On next creation of a WBEMListener<code><br/>
+	 * Range: <code>0 .. Integer.MAX_VALUE</code><br />
+	 * Default: <code>30000</code><br/>
+	 */
+	public static final String LISTENER_HTTP_HEADER_TIMEOUT = "sblim.wbem.listenerHttpHeaderTimeout";
+
+	/**
+	 * The maximum allowable timeouts an http connection of an indication
+	 * listener can have before the client ignores it. In other words, the
+	 * number of times an IP exceeds sblim.wbem.listenerHttpTimeout and
+	 * sblim.wbem.listenerHttpHeaderTimeout before it is blocked. A value of
+	 * zero is interpreted as unlimited timeouts.<br />
+	 * <br />
+	 * Type: <code>Integer</code><br />
+	 * Recognition: <code>On next creation of a WBEMListener</code><br />
+	 * Range: <code>0 .. Integer.MAX_VALUE</code><br />
+	 * Default: <code>0</code><br />
+	 */
+	public static final String LISTENER_HTTP_MAX_ALLOWED_TIMEOUTS = "sblim.wbem.listenerHttpMaxAllowedTimeouts";
+
+	/**
 	 * The size of the thread pool for the connection handlers of the indication
 	 * for http connections of an indication listener. This is the maximum
 	 * number of handler threads the pool might create on heavy load.<br />

Index: WBEMListenerSBLIM.java
===================================================================
RCS file: /cvsroot/sblim/jsr48-client/src/org/sblim/cimclient/WBEMListenerSBLIM.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- WBEMListenerSBLIM.java	8 May 2013 17:30:36 -0000	1.22
+++ WBEMListenerSBLIM.java	30 May 2013 12:25:24 -0000	1.23
@@ -28,6 +28,7 @@
  * 3529062    2012-05-23  blaschke-oss WBEMListenerFactory should return new instance
  * 3529065    2012-05-31  hellerda     Enable WBEMListener get/setProperty
  *    2628    2013-03-26  blaschke-oss Limit size of LinkedList of CIMEvents to be dispatched
+ *    2635    2013-05-16  blaschke-oss Slowloris DoS attack for CIM indication listener port
  */
 
 package org.sblim.cimclient;
@@ -71,6 +72,8 @@
 
 		private CIMIndicationHandler iIndicationHandler;
 
+		private HttpConnectionHandler iConnectionHandler;
+
 		/**
 		 * Ctor.
 		 * 
@@ -110,8 +113,9 @@
 			CIMEventDispatcher eventDispatcher = new CIMEventDispatcher(this.iIndicationListener,
 					config.getListenerMaxQueuedEvents());
 			this.iIndicationHandler = new CIMIndicationHandler(eventDispatcher, config);
-			this.iConnection = new HttpServerConnection(new HttpConnectionHandler(
-					this.iIndicationHandler), pLocalAddress, pPort, pSSL, config);
+			this.iConnectionHandler = new HttpConnectionHandler(this.iIndicationHandler, config);
+			this.iConnection = new HttpServerConnection(this.iConnectionHandler, pLocalAddress,
+					pPort, pSSL, config);
 		}
 
 		@Override
@@ -168,6 +172,26 @@
 			return this.iConnection.getPort();
 		}
 
+		/**
+		 * Get the IPs blocked by the listener associated with the specified
+		 * port.
+		 * 
+		 * @return The comma-separated list of blocked IPs.
+		 */
+		public String getBlockedIPs() {
+			return this.iConnectionHandler.getBlockedIPs();
+		}
+
+		/**
+		 * Set the IPs to be blocked by the listener associated with the
+		 * specified port.
+		 * 
+		 * @param pIPs
+		 *            The comma-separated list of blocked IPs.
+		 */
+		public void setBlockedIPs(String pIPs) {
+			this.iConnectionHandler.setBlockedIPs(pIPs);
+		}
 	}
 
 	protected final WBEMConfiguration iConfiguration = new WBEMConfiguration(new Properties());
@@ -343,6 +367,20 @@
 		return listener.getListenerPort();
 	}
 
+	/**
+	 * Get the IPs blocked by the listener associated with the specified port.
+	 * 
+	 * @param pPort
+	 *            The port.
+	 * @return The comma-separated list of blocked IPs.
+	 */
+	public String getBlockedIPs(int pPort) {
+		if (pPort <= 0 || !this.iPortMap.containsKey(Integer.valueOf(pPort))) { throw new IllegalArgumentException(
+				"Port not in use."); }
+		WBEMListenerImpl listener = this.iPortMap.get(Integer.valueOf(pPort));
+		return listener != null ? listener.getBlockedIPs() : null;
+	}
+
 	public String getProperty(String pName) {
 		if (pName.startsWith("javax.wbem.")) {
 			// Process JSR48 properties
@@ -366,6 +404,24 @@
 		}
 	}
 
+	/**
+	 * Set the IPs to be blocked by the listener associated with the specified
+	 * port.
+	 * 
+	 * @param pPort
+	 *            The port.
+	 * @param pIPs
+	 *            The comma-separated list of blocked IPs.
+	 */
+	public void setBlockedIPs(int pPort, String pIPs) {
+		if (pPort <= 0 || !this.iPortMap.containsKey(Integer.valueOf(pPort))) { throw new IllegalArgumentException(
+				"Port not in use."); }
+		WBEMListenerImpl listener = this.iPortMap.get(Integer.valueOf(pPort));
+		if (listener != null) {
+			listener.setBlockedIPs(pIPs);
+		}
+	}
+
 	public void setProperty(String pName, String pValue) {
 		if (pName.startsWith("javax.wbem.")) {
 			// Process JSR48 properties