4

I have situation where I am using BufferedReader readLine() to read data from a socket, but readline() reads data until it finds new line character/ return carriage in the Data.
And if my data does not contain new line character then it will keep on reading the data until it finds a new line and an intruder can inject DOS attack. And even socket can timeout.

I know one solution might be we need to restrict line size and read only some data, and append data to the buffer.

Is it optimal solution or i can do it in some other way?.

I can override BufferedReader and override readLine() method. Is it feasible solution?.

lakshman
  • 2,641
  • 6
  • 37
  • 63
Brijesh
  • 191
  • 1
  • 5
  • 11
  • See also [Is it possible to read from a Java InputStream with a timeout?](http://stackoverflow.com/questions/804951/is-it-possible-to-read-from-a-java-inputstream-with-a-timeout) – Andrew Thompson Jun 18 '11 at 07:59
  • A very good answer by Subhas - [https://stackoverflow.com/a/17142341/748087](https://stackoverflow.com/a/17142341/748087) – mod Jul 12 '17 at 06:16
  • Possible duplicate of [Most Robust way of reading a file or stream using Java (to prevent DoS attacks)](https://stackoverflow.com/questions/17084657/most-robust-way-of-reading-a-file-or-stream-using-java-to-prevent-dos-attacks) – kaya3 Nov 17 '19 at 20:19

1 Answers1

1

Use Socket.setSoTimeout(int)

Qutoing from javadoc

Enable/disable SO_TIMEOUT with the specified timeout, in milliseconds. With this option set to a non-zero timeout, a read() call on the InputStream associated with this Socket will block for only this amount of time.

If the timeout expires, a java.net.SocketTimeoutException is raised, though the Socket is still valid. The option must be enabled prior to entering the blocking operation to have effect. The timeout must be > 0. A timeout of zero is interpreted as an infinite timeout.

Also note that from this line

The option must be enabled prior to entering the blocking operation to have effect.

you must call Socket.setSoTimeout(int) before doing the read operation.

Mustafa sabir
  • 4,130
  • 1
  • 19
  • 28