Index: org/apache/commons/httpclient/HttpMethodBase.java =================================================================== RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v retrieving revision 1.159.2.31 diff -u -r1.159.2.31 HttpMethodBase.java --- org/apache/commons/httpclient/HttpMethodBase.java 19 Aug 2004 21:38:12 -0000 1.159.2.31 +++ org/apache/commons/httpclient/HttpMethodBase.java 16 Sep 2004 12:01:45 -0000 @@ -223,6 +223,12 @@ /** Number of milliseconds to wait for 100-contunue response. */ private static final int RESPONSE_WAIT_TIME_MS = 3000; + /** Maximum buffered response size (in bytes) that triggers no warning. */ + private static final int BUFFER_WARN_TRIGGER_LIMIT = 1024*1024; //1 MB + + /** Default initial size of the response buffer if content length is unknown. */ + private static final int DEFAULT_INITIAL_BUFFER_SIZE = 4*1024; // 4 kB + // ----------------------------------------------------------- Constructors /** @@ -669,7 +675,12 @@ /** * Returns the response body of the HTTP method, if any, as an array of bytes. - * If response body is not available or cannot be read, returns null + * If response body is not available or cannot be read, returns null. + * + * Note: This will cause the entire response body to be buffered in memory. A + * malicious server may easily exhaust all the VM memory. It is strongly + * recommended, to use getResponseAsStream if the content length of the response + * is unknown or resonably large. * * @return The response body. */ @@ -678,8 +689,14 @@ try { InputStream instream = getResponseBodyAsStream(); if (instream != null) { + int contentLength = getResponseContentLength(); + if ((contentLength == -1) || (contentLength > BUFFER_WARN_TRIGGER_LIMIT)) { + LOG.warn("Going to buffer response body of large or unknown size. " + +"Using getResponseAsStream instead is recommended."); + } LOG.debug("Buffering response body"); - ByteArrayOutputStream outstream = new ByteArrayOutputStream(); + ByteArrayOutputStream outstream = new ByteArrayOutputStream( + contentLength > 0 ? contentLength : DEFAULT_INITIAL_BUFFER_SIZE); byte[] buffer = new byte[4096]; int len; while ((len = instream.read(buffer)) > 0) { @@ -723,7 +740,12 @@ * If response body is not available or cannot be read, returns null * The string conversion on the data is done using the character encoding specified * in Content-Type header. - * + * + * Note: This will cause the entire response body to be buffered in memory. A + * malicious server may easily exhaust all the VM memory. It is strongly + * recommended, to use getResponseAsStream if the content length of the response + * is unknown or resonably large. + * * @return The response body. */ public String getResponseBodyAsString() {