Index: org/apache/commons/httpclient/HttpMethodBase.java
===================================================================
RCS file: /home/cvspublic/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HttpMethodBase.java,v
retrieving revision 1.159.2.31
diff -u -r1.159.2.31 HttpMethodBase.java
--- org/apache/commons/httpclient/HttpMethodBase.java 19 Aug 2004 21:38:12 -0000 1.159.2.31
+++ org/apache/commons/httpclient/HttpMethodBase.java 16 Sep 2004 12:01:45 -0000
@@ -223,6 +223,12 @@
/** Number of milliseconds to wait for 100-contunue response. */
private static final int RESPONSE_WAIT_TIME_MS = 3000;
+ /** Maximum buffered response size (in bytes) that triggers no warning. */
+ private static final int BUFFER_WARN_TRIGGER_LIMIT = 1024*1024; //1 MB
+
+ /** Default initial size of the response buffer if content length is unknown. */
+ private static final int DEFAULT_INITIAL_BUFFER_SIZE = 4*1024; // 4 kB
+
// ----------------------------------------------------------- Constructors
/**
@@ -669,7 +675,12 @@
/**
* Returns the response body of the HTTP method, if any, as an array of bytes.
- * If response body is not available or cannot be read, returns null
+ * If response body is not available or cannot be read, returns null.
+ *
+ * Note: This will cause the entire response body to be buffered in memory. A
+ * malicious server may easily exhaust all the VM memory. It is strongly
+ * recommended, to use getResponseAsStream if the content length of the response
+ * is unknown or resonably large.
*
* @return The response body.
*/
@@ -678,8 +689,14 @@
try {
InputStream instream = getResponseBodyAsStream();
if (instream != null) {
+ int contentLength = getResponseContentLength();
+ if ((contentLength == -1) || (contentLength > BUFFER_WARN_TRIGGER_LIMIT)) {
+ LOG.warn("Going to buffer response body of large or unknown size. "
+ +"Using getResponseAsStream instead is recommended.");
+ }
LOG.debug("Buffering response body");
- ByteArrayOutputStream outstream = new ByteArrayOutputStream();
+ ByteArrayOutputStream outstream = new ByteArrayOutputStream(
+ contentLength > 0 ? contentLength : DEFAULT_INITIAL_BUFFER_SIZE);
byte[] buffer = new byte[4096];
int len;
while ((len = instream.read(buffer)) > 0) {
@@ -723,7 +740,12 @@
* If response body is not available or cannot be read, returns null
* The string conversion on the data is done using the character encoding specified
* in Content-Type header.
- *
+ *
+ * Note: This will cause the entire response body to be buffered in memory. A
+ * malicious server may easily exhaust all the VM memory. It is strongly
+ * recommended, to use getResponseAsStream if the content length of the response
+ * is unknown or resonably large.
+ *
* @return The response body.
*/
public String getResponseBodyAsString() {