[jira] [Commented] (CASSANDRA-12329) Unreleased Resource: Sockets

[Yuki Morishita (JIRA)]

    [ 
https://issues.apache.org/jira/browse/CASSANDRA-12329?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15428456#comment-15428456
 ] 

Yuki Morishita commented on CASSANDRA-12329:
--------------------------------------------

[~arunkumar] Thanks for the patch.

Here are my reviews:

- Probably we want to catch other exceptions other than IOException in this 
case. For example, {{setEnabledProtocols}} can throw 
{{IllegalArgumentException}}.
- We have similar {{getSocket}} methods in the same {{SSLFactory}} class. Can 
you also patch that?

> Unreleased Resource: Sockets
> ----------------------------
>
>                 Key: CASSANDRA-12329
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-12329
>             Project: Cassandra
>          Issue Type: Sub-task
>            Reporter: Eduardo Aguinaga
>            Assignee: Arunkumar M
>              Labels: easyfix, newbie, patch
>             Fix For: 3.0.x
>
>         Attachments: 12329-3.0.txt
>
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 
> of the Cassandra source code. The analysis included an automated analysis 
> using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools 
> Understand v4. The results of that analysis includes the issue below.
> Issue:
> Sockets are low level resources that must be explicitly released so 
> subsequent callers will have access to previously used sockets. In the file 
> SSLFactory.java on line 62 a SSL server socket is acquired and eventually 
> returned to the caller on line 69.
> If an exception is thrown by any of the code between lines 62 and 69 the 
> socket acquired on line 62 will not be released for subsequent reuse..
> {code:java}
> SSLFactory.java, lines 59-70:
> 59 public static SSLServerSocket getServerSocket(EncryptionOptions options, 
> InetAddress address, int port) throws IOException
> 60 {
> 61     SSLContext ctx = createSSLContext(options, true);
> 62     SSLServerSocket serverSocket = 
> (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket();
> 63     serverSocket.setReuseAddress(true);
> 64     String[] suites = 
> filterCipherSuites(serverSocket.getSupportedCipherSuites(), 
> options.cipher_suites);
> 65     serverSocket.setEnabledCipherSuites(suites);
> 66     serverSocket.setNeedClientAuth(options.require_client_auth);
> 67     serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
> 68     serverSocket.bind(new InetSocketAddress(address, port), 500);
> 69     return serverSocket;
> 70 }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)