[Bug 62023] Tomcat crashes when SSLprotocol value is defined

Mon, 22 Jan 2018 07:39:58 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62023

--- Comment #9 from Rainer Jung <rainer.j...@kippdata.de> ---
(In reply to Coty Sutherland from comment #7)
> I can reproduce this by adding any SSLHostConfig attribute to the Connector
> (namely `SSLVerifyClient="optional"`). The problem here is that when using
> APR and specifying Connector configuration which creates two '_default_'
> SSLHostConfig objects, tomcat-native crashes without providing any
> indication of what happened. That is not a great user experience :( This
> happens because org.apache.tomcat.util.net.AprEndpoint.releaseSSLContext()
> tries to release a zero context that tomcat-native asserts is non-zero (see
> tomcat-native native/src/sslcontext.c:363). After doing some tracing, it
> looks like AprEndpoint's releaseSSLContext method calls
> sslHostConfig.getOpenSslContext() and sslHostConfig.getOpenSslConfContext()
> which always seem to return 0. Is that correct behavior? It seems a bit
> buggy to me.
> 
> I was able to correct this behavior by adding two zero checks to the
> releaseSSLContext method in AprEndpoint:
> 
>  629     @Override
>  630     protected void releaseSSLContext(SSLHostConfig sslHostConfig) {
>  631         Long ctx = sslHostConfig.getOpenSslContext();
>  632         if (ctx != null && ctx != 0) {
>  633             SSLContext.free(ctx.longValue());
>  634             sslHostConfig.setOpenSslContext(null);
>  635         }
>  636         Long cctx = sslHostConfig.getOpenSslConfContext();
>  637         if (cctx != null && cctx != 0) {
>  638             SSLConf.free(cctx.longValue());
>  639             sslHostConfig.setOpenSslConfContext(null);
>  640         }
>  641     }
> 
> This causes the correct behavior to occur (at least it does the same thing
> as NioEndpoint and prints the endpoint.duplicateSslHostName message). I was
> going to push this, but given that I'm not sure how this OpenSSLContext
> stuff is supposed to work and the lack of javadocs in the new classes, I
> thought it best to get someone's opinion first.

Yes, the aded check against 0 instead of only checking against null looks OK.
The native pointer here is wrapper by a Long and the native null pointer would
be a (Long)0.

Regards,

Rainer

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to