[tomcat] branch 10.0.x updated: Fix potential concurrency issue.

Tue, 08 Mar 2022 08:32:37 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new 54f8f8a  Fix potential concurrency issue.
54f8f8a is described below

commit 54f8f8a6b67246d2b34948567c40202d4b3b7251
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 8 16:27:03 2022 +0000

    Fix potential concurrency issue.
    
    If the request is split across multiple packets and those packets are
    processed in rapid succession then it is possible that subsequent
    packets see the wrong value for readComplete and register the socket for
    a further read rather than processing the request.
---
 java/org/apache/coyote/http11/Http11Processor.java | 4 ++--
 webapps/docs/changelog.xml                         | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/coyote/http11/Http11Processor.java 
b/java/org/apache/coyote/http11/Http11Processor.java
index 7bcdec6..0fa74b9 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -111,13 +111,13 @@ public class Http11Processor extends AbstractProcessor {
      * Flag used to indicate that the socket should be kept open (e.g. for keep
      * alive or send file.
      */
-    private boolean openSocket = false;
+    private volatile boolean openSocket = false;
 
 
     /**
      * Flag that indicates if the request headers have been completely read.
      */
-    private boolean readComplete = true;
+    private volatile boolean readComplete = true;
 
     /**
      * HTTP/1.1 flag.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 877f47e..2a1c8f5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,6 +132,11 @@
         when user code was doing sequential operations in a single thread.
         Test case code submitted by Istvan Szekely. (remm)
       </fix>
+      <fix>
+        Fix potential thread-safety issue that could cause HTTP/1.1 request
+        processing to wait, and potentially timeout, waiting for additional
+        data when the full request has been received. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to