465734 DosFilter whitelist bit pattern fix

2015-04-29 15:18:48 +10:00 · 2015-04-29 15:18:48 +10:00 · 2c65b66f9c
parent d5c95a1302
commit 2c65b66f9c
2 changed files with 27 additions and 10 deletions
--- a/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java
+++ b/jetty-servlets/src/main/java/org/eclipse/jetty/servlets/DoSFilter.java
@ -723,6 +723,10 @@ public class DoSFilter implements Filter
            prefix -= 8;
            ++index;
        }
+        
+        if (index == result.length)
+            return result;
+               
        // Sets the _prefix_ most significant bits to 1
        result[index] = (byte)~((1 << (8 - prefix)) - 1);
        return result;
@ -1038,6 +1042,18 @@ public class DoSFilter implements Filter
        _whitelist.addAll(result);
        LOG.debug("Whitelisted IP addresses: {}", result);
    }
+    
+    /**
+     * Set a list of IP addresses that will not be rate limited.
+     *
+     * @param values whitelist
+     */
+    public void setWhitelist(List<String> values)
+    {
+        clearWhitelist();
+        _whitelist.addAll(values);
+        LOG.debug("Whitelisted IP addresses: {}", values);
+    }

    /**
     * Clears the list of whitelisted IP addresses
--- a/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java
+++ b/jetty-servlets/src/test/java/org/eclipse/jetty/servlets/DoSFilterTest.java
@ -78,19 +78,20 @@ public class DoSFilterTest extends AbstractDoSFilterTest
    {
        DoSFilter filter = new DoSFilter();
        List<String> whitelist = new ArrayList<String>();
-        whitelist.add("192.168.0.1");
+        whitelist.add("192.168.0.1/32");
        whitelist.add("10.0.0.0/8");
        whitelist.add("4d8:0:a:1234:ABc:1F:b18:17");
        whitelist.add("4d8:0:a:1234:ABc:1F:0:0/96");
-        Assert.assertTrue(filter.checkWhitelist(whitelist, "192.168.0.1"));
-        Assert.assertFalse(filter.checkWhitelist(whitelist, "192.168.0.2"));
-        Assert.assertFalse(filter.checkWhitelist(whitelist, "11.12.13.14"));
-        Assert.assertTrue(filter.checkWhitelist(whitelist, "10.11.12.13"));
-        Assert.assertTrue(filter.checkWhitelist(whitelist, "10.0.0.0"));
-        Assert.assertFalse(filter.checkWhitelist(whitelist, "0.0.0.0"));
-        Assert.assertTrue(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1F:b18:17"));
-        Assert.assertTrue(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1F:b18:0"));
-        Assert.assertFalse(filter.checkWhitelist(whitelist, "4d8:0:a:1234:ABc:1D:0:0"));
+        filter.setWhitelist(whitelist);
+        Assert.assertTrue(filter.checkWhitelist("192.168.0.1"));
+        Assert.assertFalse(filter.checkWhitelist("192.168.0.2"));
+        Assert.assertFalse(filter.checkWhitelist("11.12.13.14"));
+        Assert.assertTrue(filter.checkWhitelist("10.11.12.13"));
+        Assert.assertTrue(filter.checkWhitelist("10.0.0.0"));
+        Assert.assertFalse(filter.checkWhitelist("0.0.0.0"));
+        Assert.assertTrue(filter.checkWhitelist("4d8:0:a:1234:ABc:1F:b18:17"));
+        Assert.assertTrue(filter.checkWhitelist("4d8:0:a:1234:ABc:1F:b18:0"));
+        Assert.assertFalse(filter.checkWhitelist("4d8:0:a:1234:ABc:1D:0:0"));
    }

    private boolean hitRateTracker(DoSFilter doSFilter, int sleep) throws InterruptedException