You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by 沉淀 <10...@qq.com.INVALID> on 2023/04/28 07:16:32 UTC
About StandardServer
I am reading the source code of tomcat, the version is 9.0.73.
I see such a piece of code in the `await()` method in the `StandardServer` class:
int expected = 1024; // Cut off to avoid DoS attack
while (expected < shutdown.length()) {
if (random == null) {
random = new Random();
}
expected += (random.nextInt() % 1024);
}
while (expected > 0) {
int ch = -1;
try {
ch = stream.read();
} catch (IOException e) {
log.warn(sm.getString("standardServer.accept.readError"), e);
ch = -1;
}
// Control character or EOF (-1) terminates loop
if (ch < 32 || ch == 127) {
break;
}
command.append((char) ch);
expected--;
}
Why doesn't the `expected` here directly make it equal to `shutdown.length`?
For example, the stream contains 1024 characters, `shutdown` is still its default value: SHUTDOWN, and it still needs to loop 1024 times in the second while loop.
Please answer my doubts, thank you
沉淀
1074264900@qq.com
Re: About StandardServer
Posted by Mark Thomas <ma...@apache.org>.
On 28/04/2023 08:16, 沉淀 wrote:
> I am reading the source code of tomcat, the version is 9.0.73.
> I see such a piece of code in the `await()` method in the `StandardServer` class:
> int expected = 1024; // Cut off to avoid DoS attack
> while (expected < shutdown.length()) {
> if (random == null) {
> random = new Random();
> }
> expected += (random.nextInt() % 1024);
> }
> while (expected > 0) {
> int ch = -1;
> try {
> ch = stream.read();
> } catch (IOException e) {
> log.warn(sm.getString("standardServer.accept.readError"), e);
> ch = -1;
> }
> // Control character or EOF (-1) terminates loop
> if (ch < 32 || ch == 127) {
> break;
> }
> command.append((char) ch);
> expected--;
> }
> Why doesn't the `expected` here directly make it equal to `shutdown.length`?
> For example, the stream contains 1024 characters, `shutdown` is still its default value: SHUTDOWN, and it still needs to loop 1024 times in the second while loop.
> Please answer my doubts, thank you
Security.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org