Hi Violeta, On Sun, Mar 26, 2017 at 6:21 PM, <violet...@apache.org> wrote:
> Author: violetagg > Date: Sun Mar 26 16:21:03 2017 > New Revision: 1788741 > > URL: http://svn.apache.org/viewvc?rev=1788741&view=rev > Log: > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60911 > Ensure NPE will not be thrown when looking for SSL session ID. Based on a > pacth by Didier Gutacker. > > Modified: > tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java > tomcat/trunk/webapps/docs/changelog.xml > > Modified: tomcat/trunk/java/org/apache/catalina/connector/ > CoyoteAdapter.java > URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/ > catalina/connector/CoyoteAdapter.java?rev=1788741&r1=1788740&r2=1788741& > view=diff > ============================================================ > ================== > --- tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java > (original) > +++ tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java > Sun Mar 26 16:21:03 2017 > @@ -980,9 +980,11 @@ public class CoyoteAdapter implements Ad > SSL_ONLY.equals(request.getServletContext() > .getEffectiveSessionTrackingModes()) && > request.connector.secure) { > - request.setRequestedSessionId( > - request.getAttribute(SSLSupport.SESSION_ID_KEY). > toString()); > - request.setRequestedSessionSSL(true); > + String sessionId = (String) request.getAttribute( > SSLSupport.SESSION_ID_KEY); > Either this cast will lead to ClassCastException... > + if (sessionId != null) { > + request.setRequestedSessionId(sessionId.toString()); > ... or this this call to #toString() is not needed. > + request.setRequestedSessionSSL(true); > + } > } > } > > > Modified: tomcat/trunk/webapps/docs/changelog.xml > URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/ > changelog.xml?rev=1788741&r1=1788740&r2=1788741&view=diff > ============================================================ > ================== > --- tomcat/trunk/webapps/docs/changelog.xml (original) > +++ tomcat/trunk/webapps/docs/changelog.xml Sun Mar 26 16:21:03 2017 > @@ -93,6 +93,10 @@ > single utility class and update the code to use the new utility > class. > (markt) > </scode> > + <fix> > + <bug>60911</bug>: Ensure NPE will not be thrown when looking for > SSL > + session ID. Based on a pacth by Didier Gutacker. (violetagg) > + </fix> > </changelog> > </subsection> > <subsection name="Coyote"> > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
