[tomcat] branch 8.5.x updated: Fix unsafe map access

Wed, 20 Sep 2023 07:03:04 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new aed045d5b3 Fix unsafe map access
aed045d5b3 is described below

commit aed045d5b33ea0b7d2ace4203efb78a5bfa7bc80
Author: remm <r...@apache.org>
AuthorDate: Wed Sep 20 10:29:26 2023 +0200

    Fix unsafe map access
    
    Although unlikely, concurrent updates (which are synced) are possible.
    Found by coverity.
---
 .../tomcat/util/security/ConcurrentMessageDigest.java    | 16 +++++++---------
 webapps/docs/changelog.xml                               |  3 +++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java 
b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
index 679ad20e56..e2be3a6edd 100644
--- a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
+++ b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
@@ -18,9 +18,9 @@ package org.apache.tomcat.util.security;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Queue;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentLinkedQueue;
 
 /**
@@ -34,7 +34,7 @@ public class ConcurrentMessageDigest {
     private static final String SHA1 = "SHA-1";
 
     private static final Map<String,Queue<MessageDigest>> queues =
-            new HashMap<>();
+            new ConcurrentHashMap<>();
 
 
     private ConcurrentMessageDigest() {
@@ -113,13 +113,11 @@ public class ConcurrentMessageDigest {
      *                                  JVM
      */
     public static void init(String algorithm) throws NoSuchAlgorithmException {
-        synchronized (queues) {
-            if (!queues.containsKey(algorithm)) {
-                MessageDigest md = MessageDigest.getInstance(algorithm);
-                Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
-                queue.add(md);
-                queues.put(algorithm, queue);
-            }
+        if (!queues.containsKey(algorithm)) {
+            MessageDigest md = MessageDigest.getInstance(algorithm);
+            Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
+            queue.add(md);
+            queues.putIfAbsent(algorithm, queue);
         }
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 828a94d299..3261a2afa1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -137,6 +137,9 @@
         Improve thread safety around readNotify and writeNotify in the NIO2
         endpoint. (remm)
       </fix>
+      <fix>
+        Avoid rare thread safety issue accessing message digest map. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to