From b5152e27ecc3e3bb7eb82a07be0b239578b6a480 Mon Sep 17 00:00:00 2001
From: nit <nitin@cloud.com>
Date: Tue, 22 Feb 2011 19:25:53 +0530
Subject: [PATCH] bug 8664: Enforcing maximum pagesize limit to 500 to avoid
 DOS attack against the server.

---
 api/src/com/cloud/api/BaseListCmd.java | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)
 mode change 100644 => 100755 api/src/com/cloud/api/BaseListCmd.java

diff --git a/api/src/com/cloud/api/BaseListCmd.java b/api/src/com/cloud/api/BaseListCmd.java
old mode 100644
new mode 100755
index 15982b0786b..74532bfc12d
--- a/api/src/com/cloud/api/BaseListCmd.java
+++ b/api/src/com/cloud/api/BaseListCmd.java
@@ -1,11 +1,14 @@
 package com.cloud.api;
 
 import com.cloud.async.AsyncJob;
+import com.cloud.exception.InvalidParameterValueException;
 
 
 public abstract class BaseListCmd extends BaseCmd {
 
-    /////////////////////////////////////////////////////
+    private static final Long MAX_PAGESIZE = 500L;
+
+	/////////////////////////////////////////////////////
     /////////// BaseList API parameters /////////////////
     /////////////////////////////////////////////////////
 
@@ -39,10 +42,11 @@ public abstract class BaseListCmd extends BaseCmd {
         Long pageSize = null;
         Integer pageSizeInt = getPageSize();
         if (pageSizeInt != null) {
-            if (pageSizeInt.longValue() == -1) {
+        	pageSize = pageSizeInt.longValue();
+            if (pageSize == -1) {
                 pageSize = null;
-            } else {
-                pageSize = pageSizeInt.longValue();
+            } else if (pageSize > MAX_PAGESIZE){                
+                throw new InvalidParameterValueException("The parameter " +ApiConstants.PAGE_SIZE+ " exceeded its max value - "+MAX_PAGESIZE);
             }
         }
         return pageSize;