[Bug 63356] OCSP_parse_url error while parsing Authority Information Access extension
https://bz.apache.org/bugzilla/show_bug.cgi?id=63356 Charissa Willard changed: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #4 from Charissa Willard --- I installed the libtcnative files which included the patch you sent (and compiled with ENABLE_OCSP=1) on one of our system that contained a certificate with the Authority Information Access X509 extension problem. The handshake was successful and I was able to log into our webui using the patch. Thank you for your help. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSLv2Hello "Protocol" Support
On Wed, Apr 17, 2019 at 2:18 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Coty, > > On 4/16/19 07:28, Coty Sutherland wrote: > > Hi, > > > > It appears that the IBM JDK (version 8) has dropped support for > > SSLv2Hello so when you startup tomcat with the IBM JDK you get a > > warning saying that the protocol is being skipped. OpenJDK seems to > > have dropped it in version 12 or 13 (I haven't tested, just noticed > > a user list thread about it) so I guess we should look at dropping > > support for SSLv2Hello whenever Tomcat's minimum JDK is one of > > those versions? Is there a document somewhere I can add this too so > > it doesn't get forgotten? > > How many / how often are these error messages generated? Just when the > server starts? Or with every connection? > Yeah, just the Connector startup warning. > > If you get a warning on startup, I'd say that's not a big deal. It > would be a much bigger deal to kill a user's server for clients who > must use SSLv2Hello handshakes (which are hopefully dwindling to zero > ... about 5 years ago). > > I think handling questions about how to get rid of a warning would be > better than handling questions about how to get servers back up and > running. > :) True. I just wanted to point out that it was still lingering and mark it for removal at some point since the JDKs are dropping support too. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bgQACgkQHPApP6U8 > pFhXMA/+IKU/gdhks6BJgGpM5CuPIqEFHOYqzomDnmGEcg9q51pLVGiy5Md58fLV > 8vIyZpDftg04tt65S1DKWNY7mNg3LzegAEW0JyElXGSwMd9SQx38yFNlddqAlzCe > Swjt1bFu7frCvaDE40BCsz7Enw0CdRTEm6daSyZI93CeLm0jKDn7cigGhPQr36jV > 5oXmtvnC8hpes3ELsfh//WC4u2QCqZ76uCeVkbKXACDJI5nIjcoVofL/kotPWUcC > /W2lNjxwJ5ACWM3yMUoAy12MpXv19nHZT5k+cbxgZJyKe47LBD2c6B5HbkYzHGac > wNbuv/vjACDa48DhTSR6BtYlJexWooPmwvZoLJKilIx+UlQveg+cIg1LLkr/g1iZ > 3ftBCxZK9g27s5CnD+VlB2CG4lZ+nSFFU3OUfOEVwgbkVhch6rJqWRTCgBpKC0jH > LwB6bKz66vPe3uRqJ7JLBTYJn9UenvxUeASkRQmISa43jn/S60STTfDGeMTmopsU > BsyLP3HZY3ktzdKOWhncMAzXq5vWVUMm6tw0/GAvOGhNTnGAcb7iwR8/RUfXTpLR > D8yb01h4/bDgDLXdc0ZDV1uNJ6XKVoDdP52doHaiC/bEv9ElZkDiYB7MepiplVO0 > Ti52xTsebV6MPPW8ZP2HBN6bBT3ndm8uXItTCuiGw72apmdQdPQ= > =PtbL > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [tomcat] branch master updated: Fix resource leak on exception path
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 4/17/19 12:55, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git
> repository.
>
> markt pushed a commit to branch master in repository
> https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/master by this
> push: new d0eed1e Fix resource leak on exception path d0eed1e is
> described below
>
> commit d0eed1e1e1f2cdd050426aa176a2ba1efb86735f Author: Mark Thomas
> AuthorDate: Wed Apr 17 17:55:16 2019 +0100
>
> Fix resource leak on exception path
>
> Identified by Coverity scan ---
> java/org/apache/naming/factory/LookupFactory.java | 8
> webapps/docs/changelog.xml| 4 2 files
> changed, 12 insertions(+)
>
> diff --git a/java/org/apache/naming/factory/LookupFactory.java
> b/java/org/apache/naming/factory/LookupFactory.java index
> ee239ad..6e7455c 100644 ---
> a/java/org/apache/naming/factory/LookupFactory.java +++
> b/java/org/apache/naming/factory/LookupFactory.java @@ -134,6
> +134,14 @@ public class LookupFactory implements ObjectFactory {
> name, ref.getClassName(), lookupName,
> result.getClass().getName()); NamingException ne = new
> NamingException(msg); log.warn(msg, ne); +//
> Close the resource we no longer need if we know how to do so +
> if (result instanceof AutoCloseable) { +try
> { +((AutoCloseable) result).close(); +
> } catch (Exception e) { +// Ignore +
> } +}
Any concrete objections to logging these exceptions? Swallowing
exceptions is almost never a good practice, and if they are happening
it's probably worth knowing something is amiss.
- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bvkACgkQHPApP6U8
pFit1A/+J0ST0SvBn4+2qqX4/Vs0kHPN4z8Uqhn2VVW6Byv1zSSZKmFB/x2/ucRa
mUEMUo9XPJ2GaXP2onfMCE5iPcObF+vHYNAvsc1Y3PNghRpGtxgxC2e0hpTIKeKS
YOXULHjN/Y5Tr0zSpDcnvqMUqehIaLpJv2EZkHmIMa1Z/nDHenT63nS0t5DlEoSf
7IoLhAuDUJt2auUJF3U4olN0ouplMMwdSxDq0KjLGNJWDNgiZnbb7XMGKAPjnzUb
Cm3aOxTrAlOvk0dmy++0Nsbr05WJ+pSo2l9m2C++AYR/bTTalmmV4zgaZmcV5zpz
9EMHG11QszKfXs1ojLayp+cEKqKdHwz+Hp/CdjuUKuyucxmgVz5EmrosJrNiAlhY
oFFTpaftoSShrz6Tgx3Y3TLptx75MH4sRhtnuSJJjytB72HM+rMV4agEqX8jbZcX
vWenFtJCpmrUI0nHM7xaTvA0vWg9Z6Xt3yv11C44pV3z7DvS6fldmW2AFQVJe3Ep
H300FMoHI5Y1RpsAoXwKT0ptWfmc9vsf0JgoI2oVGwQYm7mYkdYed5I97eJXnqgk
SOn9J/alFfC1inRZItXfJUDJvh4hUJZEHv9OcQ27W0+aOfRLyEdHmpn5S4EXIOwm
/hU6vUzmogEpMC5vozTlJBV1ltGax3JOgGFdWi1ovvJG560Ccv8=
=saWD
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSLv2Hello "Protocol" Support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Coty, On 4/16/19 07:28, Coty Sutherland wrote: > Hi, > > It appears that the IBM JDK (version 8) has dropped support for > SSLv2Hello so when you startup tomcat with the IBM JDK you get a > warning saying that the protocol is being skipped. OpenJDK seems to > have dropped it in version 12 or 13 (I haven't tested, just noticed > a user list thread about it) so I guess we should look at dropping > support for SSLv2Hello whenever Tomcat's minimum JDK is one of > those versions? Is there a document somewhere I can add this too so > it doesn't get forgotten? How many / how often are these error messages generated? Just when the server starts? Or with every connection? If you get a warning on startup, I'd say that's not a big deal. It would be a much bigger deal to kill a user's server for clients who must use SSLv2Hello handshakes (which are hopefully dwindling to zero ... about 5 years ago). I think handling questions about how to get rid of a warning would be better than handling questions about how to get servers back up and running. - -chris -BEGIN PGP SIGNATURE- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bgQACgkQHPApP6U8 pFhXMA/+IKU/gdhks6BJgGpM5CuPIqEFHOYqzomDnmGEcg9q51pLVGiy5Md58fLV 8vIyZpDftg04tt65S1DKWNY7mNg3LzegAEW0JyElXGSwMd9SQx38yFNlddqAlzCe Swjt1bFu7frCvaDE40BCsz7Enw0CdRTEm6daSyZI93CeLm0jKDn7cigGhPQr36jV 5oXmtvnC8hpes3ELsfh//WC4u2QCqZ76uCeVkbKXACDJI5nIjcoVofL/kotPWUcC /W2lNjxwJ5ACWM3yMUoAy12MpXv19nHZT5k+cbxgZJyKe47LBD2c6B5HbkYzHGac wNbuv/vjACDa48DhTSR6BtYlJexWooPmwvZoLJKilIx+UlQveg+cIg1LLkr/g1iZ 3ftBCxZK9g27s5CnD+VlB2CG4lZ+nSFFU3OUfOEVwgbkVhch6rJqWRTCgBpKC0jH LwB6bKz66vPe3uRqJ7JLBTYJn9UenvxUeASkRQmISa43jn/S60STTfDGeMTmopsU BsyLP3HZY3ktzdKOWhncMAzXq5vWVUMm6tw0/GAvOGhNTnGAcb7iwR8/RUfXTpLR D8yb01h4/bDgDLXdc0ZDV1uNJ6XKVoDdP52doHaiC/bEv9ElZkDiYB7MepiplVO0 Ti52xTsebV6MPPW8ZP2HBN6bBT3ndm8uXItTCuiGw72apmdQdPQ= =PtbL -END PGP SIGNATURE- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix resource leak on exception path
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new fdf8f00 Fix resource leak on exception path
fdf8f00 is described below
commit fdf8f00109e6c5a47dee9f83080a8b55433d57bf
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:55:16 2019 +0100
Fix resource leak on exception path
Identified by Coverity scan
---
java/org/apache/naming/factory/LookupFactory.java | 8
webapps/docs/changelog.xml| 4
2 files changed, 12 insertions(+)
diff --git a/java/org/apache/naming/factory/LookupFactory.java
b/java/org/apache/naming/factory/LookupFactory.java
index 25094e1..ca5444b 100644
--- a/java/org/apache/naming/factory/LookupFactory.java
+++ b/java/org/apache/naming/factory/LookupFactory.java
@@ -134,6 +134,14 @@ public class LookupFactory implements ObjectFactory {
name, ref.getClassName(), lookupName,
result.getClass().getName());
NamingException ne = new NamingException(msg);
log.warn(msg, ne);
+// Close the resource we no longer need if we know how to
do so
+if (result instanceof AutoCloseable) {
+try {
+((AutoCloseable) result).close();
+} catch (Exception e) {
+// Ignore
+}
+}
throw ne;
}
} finally {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1f96dbe..367dcde 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -81,6 +81,10 @@
Fix a potential resource leak on an exception path when parsing JSP
files. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak when a JNDI lookup returns an object of
an
+in compatible class. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix resource leak on exception path
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 020a8d2 Fix resource leak on exception path
020a8d2 is described below
commit 020a8d2e9f2d3d6b4db0620330cf5640c6f4da79
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:55:16 2019 +0100
Fix resource leak on exception path
Identified by Coverity scan
---
java/org/apache/naming/factory/LookupFactory.java | 8
webapps/docs/changelog.xml| 4
2 files changed, 12 insertions(+)
diff --git a/java/org/apache/naming/factory/LookupFactory.java
b/java/org/apache/naming/factory/LookupFactory.java
index 190b7e3..ba47699 100644
--- a/java/org/apache/naming/factory/LookupFactory.java
+++ b/java/org/apache/naming/factory/LookupFactory.java
@@ -134,6 +134,14 @@ public class LookupFactory implements ObjectFactory {
name, ref.getClassName(), lookupName,
result.getClass().getName());
NamingException ne = new NamingException(msg);
log.warn(msg, ne);
+// Close the resource we no longer need if we know how to
do so
+if (result instanceof AutoCloseable) {
+try {
+((AutoCloseable) result).close();
+} catch (Exception e) {
+// Ignore
+}
+}
throw ne;
}
} finally {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c3ce6cc..3354ad8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -71,6 +71,10 @@
Fix a potential resource leak on an exception path when parsing JSP
files. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak when a JNDI lookup returns an object of
an
+in compatible class. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix resource leak on exception path
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new d0eed1e Fix resource leak on exception path
d0eed1e is described below
commit d0eed1e1e1f2cdd050426aa176a2ba1efb86735f
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:55:16 2019 +0100
Fix resource leak on exception path
Identified by Coverity scan
---
java/org/apache/naming/factory/LookupFactory.java | 8
webapps/docs/changelog.xml| 4
2 files changed, 12 insertions(+)
diff --git a/java/org/apache/naming/factory/LookupFactory.java
b/java/org/apache/naming/factory/LookupFactory.java
index ee239ad..6e7455c 100644
--- a/java/org/apache/naming/factory/LookupFactory.java
+++ b/java/org/apache/naming/factory/LookupFactory.java
@@ -134,6 +134,14 @@ public class LookupFactory implements ObjectFactory {
name, ref.getClassName(), lookupName,
result.getClass().getName());
NamingException ne = new NamingException(msg);
log.warn(msg, ne);
+// Close the resource we no longer need if we know how to
do so
+if (result instanceof AutoCloseable) {
+try {
+((AutoCloseable) result).close();
+} catch (Exception e) {
+// Ignore
+}
+}
throw ne;
}
} finally {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8de445d..1a9f224 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -76,6 +76,10 @@
Fix a potential resource leak on an exception path when parsing JSP
files. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak when a JNDI lookup returns an object of
an
+in compatible class. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix resource leak on exception path.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new c6ccda7 Fix resource leak on exception path.
c6ccda7 is described below
commit c6ccda76dfe9ff04261216bce798beb1f7734efd
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:23:30 2019 +0100
Fix resource leak on exception path.
Identified by Coverity scan.
---
java/org/apache/jasper/compiler/JspUtil.java | 13 +++--
webapps/docs/changelog.xml | 4
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/jasper/compiler/JspUtil.java
b/java/org/apache/jasper/compiler/JspUtil.java
index 9416f05..f9ee150 100644
--- a/java/org/apache/jasper/compiler/JspUtil.java
+++ b/java/org/apache/jasper/compiler/JspUtil.java
@@ -946,8 +946,17 @@ public class JspUtil {
InputStreamReader reader = null;
InputStream in = getInputStream(fname, jarFile, ctxt, err);
-for (int i = 0; i < skip; i++) {
-in.read();
+try {
+for (int i = 0; i < skip; i++) {
+in.read();
+}
+} catch (IOException ioe) {
+try {
+in.close();
+} catch (IOException e) {
+// Ignore
+}
+throw ioe;
}
try {
reader = new InputStreamReader(in, encoding);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index accad91..1f96dbe 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -77,6 +77,10 @@
Fix a potential resource leak on some exception paths in the
DataSourceRealm. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak on an exception path when parsing JSP
+files. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix resource leak on exception path.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new c2a36e3 Fix resource leak on exception path.
c2a36e3 is described below
commit c2a36e3032231b4937a8efa37c6d6e1c72b8733f
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:23:30 2019 +0100
Fix resource leak on exception path.
Identified by Coverity scan.
---
java/org/apache/jasper/compiler/JspUtil.java | 13 +++--
webapps/docs/changelog.xml | 4
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/jasper/compiler/JspUtil.java
b/java/org/apache/jasper/compiler/JspUtil.java
index 5c09c52..bbe42ab 100644
--- a/java/org/apache/jasper/compiler/JspUtil.java
+++ b/java/org/apache/jasper/compiler/JspUtil.java
@@ -919,8 +919,17 @@ public class JspUtil {
InputStreamReader reader = null;
InputStream in = getInputStream(fname, jar, ctxt);
-for (int i = 0; i < skip; i++) {
-in.read();
+try {
+for (int i = 0; i < skip; i++) {
+in.read();
+}
+} catch (IOException ioe) {
+try {
+in.close();
+} catch (IOException e) {
+// Ignore
+}
+throw ioe;
}
try {
reader = new InputStreamReader(in, encoding);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a417b9a..c3ce6cc 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -67,6 +67,10 @@
Fix a potential resource leak on some exception paths in the
DataSourceRealm. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak on an exception path when parsing JSP
+files. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix resource leak on exception path.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new e4b431e Fix resource leak on exception path.
e4b431e is described below
commit e4b431e7080ac19774320067d89846b6dbaa63f4
Author: Mark Thomas
AuthorDate: Wed Apr 17 17:23:30 2019 +0100
Fix resource leak on exception path.
Identified by Coverity scan.
---
java/org/apache/jasper/compiler/JspUtil.java | 13 +++--
webapps/docs/changelog.xml | 4
2 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/jasper/compiler/JspUtil.java
b/java/org/apache/jasper/compiler/JspUtil.java
index 11a6f18..d5dc2c7 100644
--- a/java/org/apache/jasper/compiler/JspUtil.java
+++ b/java/org/apache/jasper/compiler/JspUtil.java
@@ -891,8 +891,17 @@ public class JspUtil {
InputStreamReader reader = null;
InputStream in = getInputStream(fname, jar, ctxt);
-for (int i = 0; i < skip; i++) {
-in.read();
+try {
+for (int i = 0; i < skip; i++) {
+in.read();
+}
+} catch (IOException ioe) {
+try {
+in.close();
+} catch (IOException e) {
+// Ignore
+}
+throw ioe;
}
try {
reader = new InputStreamReader(in, encoding);
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c12e5a3..8de445d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -72,6 +72,10 @@
Fix a potential resource leak on some exception paths in the
DataSourceRealm. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak on an exception path when parsing JSP
+files. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4227 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 14bfe16d2b961cd58ec8e7c3cf7e65475f7cdb97 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix potential resource leaks on exception paths
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new ad47568 Fix potential resource leaks on exception paths
ad47568 is described below
commit ad475688da93bff59ae3661481b3bcf7d2d509a7
Author: Mark Thomas
AuthorDate: Wed Apr 17 16:16:53 2019 +0100
Fix potential resource leaks on exception paths
Identified by Coverity scan
---
.../org/apache/catalina/realm/DataSourceRealm.java | 78 ++
webapps/docs/changelog.xml | 4 ++
2 files changed, 24 insertions(+), 58 deletions(-)
diff --git a/java/org/apache/catalina/realm/DataSourceRealm.java
b/java/org/apache/catalina/realm/DataSourceRealm.java
index dc18275..97ddf07 100644
--- a/java/org/apache/catalina/realm/DataSourceRealm.java
+++ b/java/org/apache/catalina/realm/DataSourceRealm.java
@@ -445,31 +445,32 @@ public class DataSourceRealm
}
}
+
/**
* Return the password associated with the given principal's user name.
+ *
* @param dbConnection The database connection to be used
* @param username Username for which password should be retrieved
+ *
+ * @return the password for the specified user
*/
-protected String getPassword(Connection dbConnection,
- String username) {
+protected String getPassword(Connection dbConnection, String username) {
ResultSet rs = null;
PreparedStatement stmt = null;
String dbCredentials = null;
try {
-stmt = credentials(dbConnection, username);
+stmt = dbConnection.prepareStatement(preparedCredentials);
+stmt.setString(1, username);
rs = stmt.executeQuery();
if (rs.next()) {
dbCredentials = rs.getString(1);
}
return (dbCredentials != null) ? dbCredentials.trim() : null;
-
-} catch(SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getPassword.exception",
- username), e);
+} catch (SQLException e) {
+
containerLog.error(sm.getString("dataSourceRealm.getPassword.exception",
username), e);
} finally {
try {
if (rs != null) {
@@ -530,13 +531,16 @@ public class DataSourceRealm
}
}
+
/**
- * Return the roles associated with the given user name
+ * Return the roles associated with the given user name.
+ *
* @param dbConnection The database connection to be used
- * @param username Username for which roles should be retrieved
+ * @param username User name for which roles should be retrieved
+ *
+ * @return an array list of the role names
*/
-protected ArrayList getRoles(Connection dbConnection,
- String username) {
+protected ArrayList getRoles(Connection dbConnection, String
username) {
if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined())
{
// Using an authentication only configuration and no role store has
@@ -549,7 +553,8 @@ public class DataSourceRealm
ArrayList list = null;
try {
-stmt = roles(dbConnection, username);
+stmt = dbConnection.prepareStatement(preparedRoles);
+stmt.setString(1, username);
rs = stmt.executeQuery();
list = new ArrayList();
@@ -561,8 +566,7 @@ public class DataSourceRealm
}
return list;
} catch(SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getRoles.exception", username),
e);
+
containerLog.error(sm.getString("dataSourceRealm.getRoles.exception",
username), e);
}
finally {
try {
@@ -574,55 +578,13 @@ public class DataSourceRealm
}
} catch (SQLException e) {
containerLog.error(
-sm.getString("dataSourceRealm.getRoles.exception",
- username), e);
+sm.getString("dataSourceRealm.getRoles.exception",
username), e);
}
}
return null;
}
-/**
- * Return a PreparedStatement configured to perform the SELECT required
- * to retrieve user credentials for the specified username.
- *
- * @param dbConnection The database connection to be used
- * @param username Username for which credentials should be retrieved
- *
- * @exception SQLException if a database error occurs
- */
-private PreparedStatement credentials(Connection dbConnection,
-String username)
-throws SQ
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/4226 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 108df0e38ea841aa153161d39342f84266ad4a22 Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-85-trunk
The Buildbot has detected a restored build on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1740 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] 96a539e2f55d236c75f8335a7cb6fc68a0037ec5 Blamelist: Mark Thomas Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix potential resource leaks on exception paths
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new d51e8c6 Fix potential resource leaks on exception paths
d51e8c6 is described below
commit d51e8c63795bf318b5b7999a60b89ca3ece243d4
Author: Mark Thomas
AuthorDate: Wed Apr 17 16:16:53 2019 +0100
Fix potential resource leaks on exception paths
Identified by Coverity scan
---
.../org/apache/catalina/realm/DataSourceRealm.java | 95 +++---
webapps/docs/changelog.xml | 4 +
2 files changed, 34 insertions(+), 65 deletions(-)
diff --git a/java/org/apache/catalina/realm/DataSourceRealm.java
b/java/org/apache/catalina/realm/DataSourceRealm.java
index 0868241..a30fe26 100644
--- a/java/org/apache/catalina/realm/DataSourceRealm.java
+++ b/java/org/apache/catalina/realm/DataSourceRealm.java
@@ -429,29 +429,31 @@ public class DataSourceRealm extends RealmBase {
}
}
+
/**
* Return the password associated with the given principal's user name.
+ *
* @param dbConnection The database connection to be used
* @param username Username for which password should be retrieved
+ *
* @return the password for the specified user
*/
-protected String getPassword(Connection dbConnection,
- String username) {
+protected String getPassword(Connection dbConnection, String username) {
String dbCredentials = null;
-try (PreparedStatement stmt = credentials(dbConnection, username);
-ResultSet rs = stmt.executeQuery()) {
-if (rs.next()) {
-dbCredentials = rs.getString(1);
-}
+try (PreparedStatement stmt =
dbConnection.prepareStatement(preparedCredentials)) {
+stmt.setString(1, username);
-return (dbCredentials != null) ? dbCredentials.trim() : null;
+try (ResultSet rs = stmt.executeQuery()) {
+if (rs.next()) {
+dbCredentials = rs.getString(1);
+}
+return (dbCredentials != null) ? dbCredentials.trim() : null;
+}
} catch (SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getPassword.exception",
- username), e);
+
containerLog.error(sm.getString("dataSourceRealm.getPassword.exception",
username), e);
}
return null;
@@ -501,14 +503,16 @@ public class DataSourceRealm extends RealmBase {
}
}
+
/**
- * Return the roles associated with the given user name
+ * Return the roles associated with the given user name.
+ *
* @param dbConnection The database connection to be used
* @param username User name for which roles should be retrieved
+ *
* @return an array list of the role names
*/
-protected ArrayList getRoles(Connection dbConnection,
- String username) {
+protected ArrayList getRoles(Connection dbConnection, String
username) {
if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined())
{
// Using an authentication only configuration and no role store has
@@ -518,66 +522,27 @@ public class DataSourceRealm extends RealmBase {
ArrayList list = null;
-try (PreparedStatement stmt = roles(dbConnection, username);
-ResultSet rs = stmt.executeQuery()) {
-list = new ArrayList<>();
+try (PreparedStatement stmt =
dbConnection.prepareStatement(preparedRoles)) {
+stmt.setString(1, username);
-while (rs.next()) {
-String role = rs.getString(1);
-if (role != null) {
-list.add(role.trim());
+try (ResultSet rs = stmt.executeQuery()) {
+list = new ArrayList<>();
+
+while (rs.next()) {
+String role = rs.getString(1);
+if (role != null) {
+list.add(role.trim());
+}
}
+return list;
}
-return list;
} catch(SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getRoles.exception", username),
e);
+
containerLog.error(sm.getString("dataSourceRealm.getRoles.exception",
username), e);
}
return null;
}
-/**
- * Return a PreparedStatement configured to perform the SELECT required
- * to retrieve user credentials for the specified username.
- *
- * @param dbConnection The database connection to be used
- * @param username User name for which credentials should be retrieved
- *
[tomcat] branch master updated: Fix potential resource leaks on exception paths
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 14bfe16 Fix potential resource leaks on exception paths
14bfe16 is described below
commit 14bfe16d2b961cd58ec8e7c3cf7e65475f7cdb97
Author: Mark Thomas
AuthorDate: Wed Apr 17 16:16:53 2019 +0100
Fix potential resource leaks on exception paths
Identified by Coverity scan
---
.../org/apache/catalina/realm/DataSourceRealm.java | 95 +++---
webapps/docs/changelog.xml | 4 +
2 files changed, 34 insertions(+), 65 deletions(-)
diff --git a/java/org/apache/catalina/realm/DataSourceRealm.java
b/java/org/apache/catalina/realm/DataSourceRealm.java
index 3e3b92c..c638967 100644
--- a/java/org/apache/catalina/realm/DataSourceRealm.java
+++ b/java/org/apache/catalina/realm/DataSourceRealm.java
@@ -415,29 +415,31 @@ public class DataSourceRealm extends RealmBase {
}
}
+
/**
* Return the password associated with the given principal's user name.
+ *
* @param dbConnection The database connection to be used
* @param username Username for which password should be retrieved
+ *
* @return the password for the specified user
*/
-protected String getPassword(Connection dbConnection,
- String username) {
+protected String getPassword(Connection dbConnection, String username) {
String dbCredentials = null;
-try (PreparedStatement stmt = credentials(dbConnection, username);
-ResultSet rs = stmt.executeQuery()) {
-if (rs.next()) {
-dbCredentials = rs.getString(1);
-}
+try (PreparedStatement stmt =
dbConnection.prepareStatement(preparedCredentials)) {
+stmt.setString(1, username);
-return (dbCredentials != null) ? dbCredentials.trim() : null;
+try (ResultSet rs = stmt.executeQuery()) {
+if (rs.next()) {
+dbCredentials = rs.getString(1);
+}
+return (dbCredentials != null) ? dbCredentials.trim() : null;
+}
} catch (SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getPassword.exception",
- username), e);
+
containerLog.error(sm.getString("dataSourceRealm.getPassword.exception",
username), e);
}
return null;
@@ -487,14 +489,16 @@ public class DataSourceRealm extends RealmBase {
}
}
+
/**
- * Return the roles associated with the given user name
+ * Return the roles associated with the given user name.
+ *
* @param dbConnection The database connection to be used
* @param username User name for which roles should be retrieved
+ *
* @return an array list of the role names
*/
-protected ArrayList getRoles(Connection dbConnection,
- String username) {
+protected ArrayList getRoles(Connection dbConnection, String
username) {
if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined())
{
// Using an authentication only configuration and no role store has
@@ -504,66 +508,27 @@ public class DataSourceRealm extends RealmBase {
ArrayList list = null;
-try (PreparedStatement stmt = roles(dbConnection, username);
-ResultSet rs = stmt.executeQuery()) {
-list = new ArrayList<>();
+try (PreparedStatement stmt =
dbConnection.prepareStatement(preparedRoles)) {
+stmt.setString(1, username);
-while (rs.next()) {
-String role = rs.getString(1);
-if (role != null) {
-list.add(role.trim());
+try (ResultSet rs = stmt.executeQuery()) {
+list = new ArrayList<>();
+
+while (rs.next()) {
+String role = rs.getString(1);
+if (role != null) {
+list.add(role.trim());
+}
}
+return list;
}
-return list;
} catch(SQLException e) {
-containerLog.error(
-sm.getString("dataSourceRealm.getRoles.exception", username),
e);
+
containerLog.error(sm.getString("dataSourceRealm.getRoles.exception",
username), e);
}
return null;
}
-/**
- * Return a PreparedStatement configured to perform the SELECT required
- * to retrieve user credentials for the specified username.
- *
- * @param dbConnection The database connection to be used
- * @param username User name for which credentials should be retrieved
-
[tomcat] branch 8.5.x updated: Fix a potential resource leak.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 96a539e Fix a potential resource leak.
96a539e is described below
commit 96a539e2f55d236c75f8335a7cb6fc68a0037ec5
Author: Mark Thomas
AuthorDate: Wed Apr 17 16:01:41 2019 +0100
Fix a potential resource leak.
Identified by Coverity scan.
---
java/org/apache/catalina/webresources/JarWarResource.java | 2 ++
webapps/docs/changelog.xml| 4
2 files changed, 6 insertions(+)
diff --git a/java/org/apache/catalina/webresources/JarWarResource.java
b/java/org/apache/catalina/webresources/JarWarResource.java
index 90321ee..cce1233 100644
--- a/java/org/apache/catalina/webresources/JarWarResource.java
+++ b/java/org/apache/catalina/webresources/JarWarResource.java
@@ -72,6 +72,8 @@ public class JarWarResource extends AbstractArchiveResource {
log.debug(sm.getString("jarResource.getInputStreamFail",
getResource().getName(), getBaseUrl()), e);
}
+// Ensure jarIs is closed if there is an exception
+entry = null;
return null;
} finally {
if (entry == null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d323076..c843b0a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -59,6 +59,10 @@
Fix a potential concurrency issue in the main Sendfile thread of the
APR
connector. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak when running a web application from a WAR
+file. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix a potential resource leak.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 108df0e Fix a potential resource leak.
108df0e is described below
commit 108df0e38ea841aa153161d39342f84266ad4a22
Author: Mark Thomas
AuthorDate: Wed Apr 17 16:01:41 2019 +0100
Fix a potential resource leak.
Identified by Coverity scan.
---
java/org/apache/catalina/webresources/JarWarResource.java | 2 ++
webapps/docs/changelog.xml| 4
2 files changed, 6 insertions(+)
diff --git a/java/org/apache/catalina/webresources/JarWarResource.java
b/java/org/apache/catalina/webresources/JarWarResource.java
index 90321ee..cce1233 100644
--- a/java/org/apache/catalina/webresources/JarWarResource.java
+++ b/java/org/apache/catalina/webresources/JarWarResource.java
@@ -72,6 +72,8 @@ public class JarWarResource extends AbstractArchiveResource {
log.debug(sm.getString("jarResource.getInputStreamFail",
getResource().getName(), getBaseUrl()), e);
}
+// Ensure jarIs is closed if there is an exception
+entry = null;
return null;
} finally {
if (entry == null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 73ac6fb..534424d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -64,6 +64,10 @@
Fix a potential concurrency issue in the main Sendfile thread of the
APR
connector. Identified by Coverity scan. (markt)
+
+Fix a potential resource leak when running a web application from a WAR
+file. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: buildbot failure in on tomcat-85-trunk
On Wed, Apr 17, 2019 at 3:33 PM wrote: > The Buildbot has detected a new failure on builder tomcat-85-trunk while > building tomcat. Full details are available at: > https://ci.apache.org/builders/tomcat-85-trunk/builds/1739 > > Buildbot URL: https://ci.apache.org/ > > Buildslave for this Build: silvanus_ubuntu > > Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' > triggered this build > Build Source Stamp: [branch 8.5.x] eaf0345b9a953d096b55b2038e7fc56dc596 > Blamelist: Mark Thomas > > BUILD FAILED: failed compile_1 > https://ci.apache.org/projects/tomcat/tomcat85/logs/1739/TEST-org.apache.coyote.http2.TestHttp2Section_5_3.NIO.txt Very odd failure (a reset is sent), first time I see it. For sure something that I would expect to happen on trunk at least. Rémy > > Sincerely, > -The Buildbot > > > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
buildbot failure in on tomcat-85-trunk
The Buildbot has detected a new failure on builder tomcat-85-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-85-trunk/builds/1739 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-85-commit' triggered this build Build Source Stamp: [branch 8.5.x] eaf0345b9a953d096b55b2038e7fc56dc596 Blamelist: Mark Thomas BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSLv2Hello "Protocol" Support
If we haven't tried to remove it in 5 years it might be worth another look :) On Wed, Apr 17, 2019 at 3:49 AM jean-frederic clere wrote: > On 16/04/2019 13:28, Coty Sutherland wrote: > > Hi, > > > > It appears that the IBM JDK (version 8) has dropped support for > SSLv2Hello > > so when you startup tomcat with the IBM JDK you get a warning saying that > > the protocol is being skipped. OpenJDK seems to have dropped it in > version > > 12 or 13 (I haven't tested, just noticed a user list thread about it) so > I > > guess we should look at dropping support for SSLv2Hello whenever Tomcat's > > minimum JDK is one of those versions? Is there a document somewhere I can > > add this too so it doesn't get forgotten? > > > > > > > > Thanks, > > Coty > > > > See > > https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html > basically java5/6 clients need SSLv2Hello. > > I remember removing SSLv2Hello broke tests in 2004 and we had to put > SSLv2Hello back... > > -- > Cheers > > Jean-Frederic > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[tomcat] branch 7.0.x updated: Correct concurrency issue in sendfile thread
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 6ca89dc Correct concurrency issue in sendfile thread
6ca89dc is described below
commit 6ca89dc00795d6d6a4e45443aed52827656db8d6
Author: Mark Thomas
AuthorDate: Wed Apr 17 13:16:32 2019 +0100
Correct concurrency issue in sendfile thread
Identified by Coverity scan.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index b8d13d4..2e2324a 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -2305,7 +2305,9 @@ public class AprEndpoint extends AbstractEndpoint {
maintainTime = 0;
try {
synchronized (this) {
-this.wait();
+if (sendfileRunning && sendfileCount < 1 &&
addS.size() < 1) {
+this.wait();
+}
}
} catch (InterruptedException e) {
// Ignore
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 416c250..907a9c9 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -69,6 +69,10 @@
Fix a potential concurrency issue in the StringCache identifed by
Coverity scan. (markt)
+
+Fix a potential concurrency issue in the main Sendfile thread of the
APR
+connector. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Correct concurrency issue in sendfile thread
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new eaf0345 Correct concurrency issue in sendfile thread
eaf0345 is described below
commit eaf0345b9a953d096b55b2038e7fc56dc596
Author: Mark Thomas
AuthorDate: Wed Apr 17 13:16:32 2019 +0100
Correct concurrency issue in sendfile thread
Identified by Coverity scan.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index 470cf46..4946ea2 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1933,7 +1933,9 @@ public class AprEndpoint extends AbstractEndpoint
implements SNICallBack {
maintainTime = 0;
try {
synchronized (this) {
-this.wait();
+if (sendfileRunning && sendfileCount < 1 &&
addS.size() < 1) {
+this.wait();
+}
}
} catch (InterruptedException e) {
// Ignore
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 09e4f1c..d323076 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -55,6 +55,10 @@
Fix a potential concurrency issue in the StringCache identifed by
Coverity scan. (markt)
+
+Fix a potential concurrency issue in the main Sendfile thread of the
APR
+connector. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Correct concurrency issue in sendfile thread
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new b96f9be Correct concurrency issue in sendfile thread
b96f9be is described below
commit b96f9becc45628fe5920ea224fd76153f8d2c50e
Author: Mark Thomas
AuthorDate: Wed Apr 17 13:16:32 2019 +0100
Correct concurrency issue in sendfile thread
Identified by Coverity scan.
---
java/org/apache/tomcat/util/net/AprEndpoint.java | 4 +++-
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index fea7c15..8478e0b 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -1894,7 +1894,9 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
maintainTime = 0;
try {
synchronized (this) {
-this.wait();
+if (sendfileRunning && sendfileCount < 1 &&
addS.size() < 1) {
+this.wait();
+}
}
} catch (InterruptedException e) {
// Ignore
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 060e07a..73ac6fb 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -60,6 +60,10 @@
Fix a potential concurrency issue in the StringCache identifed by
Coverity scan. (markt)
+
+Fix a potential concurrency issue in the main Sendfile thread of the
APR
+connector. Identified by Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix concurrency issue. Double-check locking needs volatile.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 1221690 Fix concurrency issue. Double-check locking needs volatile.
1221690 is described below
commit 122169007770803a7a4367e5d4e07d061dd8058e
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:58:28 2019 +0100
Fix concurrency issue. Double-check locking needs volatile.
---
java/org/apache/tomcat/util/buf/StringCache.java | 4 ++--
webapps/docs/changelog.xml | 4
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java
b/java/org/apache/tomcat/util/buf/StringCache.java
index ae07b6f..de74c4f 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -76,7 +76,7 @@ public class StringCache {
/**
* Cache for byte chunk.
*/
-protected static ByteEntry[] bcCache = null;
+protected static volatile ByteEntry[] bcCache = null;
/**
@@ -95,7 +95,7 @@ public class StringCache {
/**
* Cache for char chunk.
*/
-protected static CharEntry[] ccCache = null;
+protected static volatile CharEntry[] ccCache = null;
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index f39a2e3..416c250 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -65,6 +65,10 @@
Fix a potential resource leak when executing CGI scripts from a WAR
file. Identified by Coverity scan. (markt)
+
+Fix a potential concurrency issue in the StringCache identifed by
+Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix concurrency issue. Double-check locking needs volatile.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new a47d35d Fix concurrency issue. Double-check locking needs volatile.
a47d35d is described below
commit a47d35d5dd7285f607a5101c56f126913447ff1d
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:58:28 2019 +0100
Fix concurrency issue. Double-check locking needs volatile.
---
java/org/apache/tomcat/util/buf/StringCache.java | 4 ++--
webapps/docs/changelog.xml | 4
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java
b/java/org/apache/tomcat/util/buf/StringCache.java
index cd599aa..84acd19 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -79,7 +79,7 @@ public class StringCache {
/**
* Cache for byte chunk.
*/
-protected static ByteEntry[] bcCache = null;
+protected static volatile ByteEntry[] bcCache = null;
/**
@@ -98,7 +98,7 @@ public class StringCache {
/**
* Cache for char chunk.
*/
-protected static CharEntry[] ccCache = null;
+protected static volatile CharEntry[] ccCache = null;
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 56917cf..09e4f1c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -51,6 +51,10 @@
Fix a potential resource leak when executing CGI scripts from a WAR
file. Identified by Coverity scan. (markt)
+
+Fix a potential concurrency issue in the StringCache identifed by
+Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Fix concurrency issue. Double-check locking needs volatile.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 0ca0596 Fix concurrency issue. Double-check locking needs volatile.
0ca0596 is described below
commit 0ca05961f1bdd685be22bb5a81072ad85cad3b03
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:58:28 2019 +0100
Fix concurrency issue. Double-check locking needs volatile.
---
java/org/apache/tomcat/util/buf/StringCache.java | 4 ++--
webapps/docs/changelog.xml | 4
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/tomcat/util/buf/StringCache.java
b/java/org/apache/tomcat/util/buf/StringCache.java
index cd599aa..84acd19 100644
--- a/java/org/apache/tomcat/util/buf/StringCache.java
+++ b/java/org/apache/tomcat/util/buf/StringCache.java
@@ -79,7 +79,7 @@ public class StringCache {
/**
* Cache for byte chunk.
*/
-protected static ByteEntry[] bcCache = null;
+protected static volatile ByteEntry[] bcCache = null;
/**
@@ -98,7 +98,7 @@ public class StringCache {
/**
* Cache for char chunk.
*/
-protected static CharEntry[] ccCache = null;
+protected static volatile CharEntry[] ccCache = null;
/**
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d1648f8..060e07a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -56,6 +56,10 @@
Fix a potential resource leak when executing CGI scripts from a WAR
file. Identified by Coverity scan. (markt)
+
+Fix a potential concurrency issue in the StringCache identifed by
+Coverity scan. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 7.0.x updated: Fix a potential resource leak
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new b67ad23 Fix a potential resource leak
b67ad23 is described below
commit b67ad23f33021870875e8d61c88ed379ba91085f
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:37:36 2019 +0100
Fix a potential resource leak
---
java/org/apache/catalina/servlets/CGIServlet.java | 84 +++
webapps/docs/changelog.xml| 10 ++-
2 files changed, 50 insertions(+), 44 deletions(-)
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index 58a6fdc..e64f66b 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1203,59 +1203,57 @@ public final class CGIServlet extends HttpServlet {
return;
}
-File f = new File(destPath.toString());
-if (f.exists()) {
-try {
-is.close();
-} catch (IOException e) {
-log.warn(sm.getString("cgiServlet.expandCloseFail",
srcPath), e);
+try {
+File f = new File(destPath.toString());
+if (f.exists()) {
+// Don't need to expand if it already exists
+return;
}
-// Don't need to expand if it already exists
-return;
-}
-// create directories
-File dir = f.getParentFile();
-if (!dir.mkdirs() && !dir.isDirectory()) {
-log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
-return;
-}
+// create directories
+File dir = f.getParentFile();
+if (!dir.mkdirs() && !dir.isDirectory()) {
+log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
+return;
+}
-try {
-synchronized (expandFileLock) {
-// make sure file doesn't exist
-if (f.exists()) {
-return;
-}
+try {
+synchronized (expandFileLock) {
+// make sure file doesn't exist
+if (f.exists()) {
+return;
+}
-// create file
-if (!f.createNewFile()) {
-return;
-}
-FileOutputStream fos = new FileOutputStream(f);
+// create file
+if (!f.createNewFile()) {
+return;
+}
+FileOutputStream fos = new FileOutputStream(f);
-try {
-// copy data
-IOTools.flow(is, fos);
-} finally {
try {
-is.close();
-} catch (IOException e) {
-log.warn(sm.getString("cgiServlet.expandError"),
e);
+// copy data
+IOTools.flow(is, fos);
+} finally {
+fos.close();
+}
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("cgiServlet.expandOk",
srcPath, destPath));
}
-fos.close();
}
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("cgiServlet.expandOk", srcPath,
destPath));
+} catch (IOException ioe) {
+log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
+// delete in case file is corrupted
+if (f.exists()) {
+if (!f.delete()) {
+
log.warn(sm.getString("cgiServlet.expandDeleteFail", f.getAbsolutePath()));
+}
}
}
-} catch (IOException ioe) {
-log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
-// delete in case file is corrupted
-if (f.exists()) {
-if (!f.delete()) {
-log.warn(sm.getString("cgiServlet.expandDeleteFail",
f.getAbsolutePath()));
-}
+} finally {
+try {
+is.close();
+} catch (IOException e) {
[tomcat] branch 8.5.x updated: Fix a potential resource leak
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 5b0462b Fix a potential resource leak
5b0462b is described below
commit 5b0462be599d1466dab5c87c7845fe024e8a86b0
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:37:36 2019 +0100
Fix a potential resource leak
---
java/org/apache/catalina/servlets/CGIServlet.java | 75 +++
webapps/docs/changelog.xml| 10 ++-
2 files changed, 46 insertions(+), 39 deletions(-)
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index 3008479..5d0de11 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1178,54 +1178,53 @@ public final class CGIServlet extends HttpServlet {
return;
}
-File f = new File(destPath.toString());
-if (f.exists()) {
-try {
-is.close();
-} catch (IOException e) {
-log.warn(sm.getString("cgiServlet.expandCloseFail",
srcPath), e);
+try {
+File f = new File(destPath.toString());
+if (f.exists()) {
+// Don't need to expand if it already exists
+return;
}
-// Don't need to expand if it already exists
-return;
-}
-// create directories
-File dir = f.getParentFile();
-if (!dir.mkdirs() && !dir.isDirectory()) {
-log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
-return;
-}
+// create directories
+File dir = f.getParentFile();
+if (!dir.mkdirs() && !dir.isDirectory()) {
+log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
+return;
+}
-try {
-synchronized (expandFileLock) {
-// make sure file doesn't exist
-if (f.exists()) {
-return;
-}
+try {
+synchronized (expandFileLock) {
+// make sure file doesn't exist
+if (f.exists()) {
+return;
+}
-// create file
-if (!f.createNewFile()) {
-return;
-}
+// create file
+if (!f.createNewFile()) {
+return;
+}
-try {
Files.copy(is, f.toPath());
-} finally {
-is.close();
-}
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("cgiServlet.expandOk", srcPath,
destPath));
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("cgiServlet.expandOk",
srcPath, destPath));
+}
}
-}
-} catch (IOException ioe) {
-log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
-// delete in case file is corrupted
-if (f.exists()) {
-if (!f.delete()) {
-log.warn(sm.getString("cgiServlet.expandDeleteFail",
f.getAbsolutePath()));
+} catch (IOException ioe) {
+log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
+// delete in case file is corrupted
+if (f.exists()) {
+if (!f.delete()) {
+
log.warn(sm.getString("cgiServlet.expandDeleteFail", f.getAbsolutePath()));
+}
}
}
+} finally {
+try {
+is.close();
+} catch (IOException e) {
+log.warn(sm.getString("cgiServlet.expandCloseFail",
srcPath), e);
+}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6574a45..56917cf 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -41,10 +41,18 @@
There is no ordering by add/update/fix/scode.
Other fixed issues are added to the end of the list, chronologically.
- They eventually become mixed with the numbered issues. (I.e., numbered
+ They eventually become mixed with the nu
[tomcat] branch master updated: Fix a potential resource leak
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new a77d54f Fix a potential resource leak
a77d54f is described below
commit a77d54fd6116d44dba2bee029cb3e57342ab1857
Author: Mark Thomas
AuthorDate: Wed Apr 17 12:37:36 2019 +0100
Fix a potential resource leak
---
java/org/apache/catalina/servlets/CGIServlet.java | 75 +++
webapps/docs/changelog.xml| 4 ++
2 files changed, 41 insertions(+), 38 deletions(-)
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index 7a3396a..b519497 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1178,54 +1178,53 @@ public final class CGIServlet extends HttpServlet {
return;
}
-File f = new File(destPath.toString());
-if (f.exists()) {
-try {
-is.close();
-} catch (IOException e) {
-log.warn(sm.getString("cgiServlet.expandCloseFail",
srcPath), e);
+try {
+File f = new File(destPath.toString());
+if (f.exists()) {
+// Don't need to expand if it already exists
+return;
}
-// Don't need to expand if it already exists
-return;
-}
-// create directories
-File dir = f.getParentFile();
-if (!dir.mkdirs() && !dir.isDirectory()) {
-log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
-return;
-}
+// create directories
+File dir = f.getParentFile();
+if (!dir.mkdirs() && !dir.isDirectory()) {
+log.warn(sm.getString("cgiServlet.expandCreateDirFail",
dir.getAbsolutePath()));
+return;
+}
-try {
-synchronized (expandFileLock) {
-// make sure file doesn't exist
-if (f.exists()) {
-return;
-}
+try {
+synchronized (expandFileLock) {
+// make sure file doesn't exist
+if (f.exists()) {
+return;
+}
-// create file
-if (!f.createNewFile()) {
-return;
-}
+// create file
+if (!f.createNewFile()) {
+return;
+}
-try {
Files.copy(is, f.toPath());
-} finally {
-is.close();
-}
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("cgiServlet.expandOk", srcPath,
destPath));
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("cgiServlet.expandOk",
srcPath, destPath));
+}
}
-}
-} catch (IOException ioe) {
-log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
-// delete in case file is corrupted
-if (f.exists()) {
-if (!f.delete()) {
-log.warn(sm.getString("cgiServlet.expandDeleteFail",
f.getAbsolutePath()));
+} catch (IOException ioe) {
+log.warn(sm.getString("cgiServlet.expandFail", srcPath,
destPath), ioe);
+// delete in case file is corrupted
+if (f.exists()) {
+if (!f.delete()) {
+
log.warn(sm.getString("cgiServlet.expandDeleteFail", f.getAbsolutePath()));
+}
}
}
+} finally {
+try {
+is.close();
+} catch (IOException e) {
+log.warn(sm.getString("cgiServlet.expandCloseFail",
srcPath), e);
+}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9e99e0b..d1648f8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,6 +52,10 @@
path which in turn meant resource URLs were not being constructed as
expected. (markt)
+
+Fix a potential resource leak when executing CGI scripts from a WAR
+file. Identified by Coverity scan.
[Bug 63359] New: jsp:setProperty not spec compliant
https://bz.apache.org/bugzilla/show_bug.cgi?id=63359 Bug ID: 63359 Summary: jsp:setProperty not spec compliant Product: Tomcat 9 Version: 9.0.x Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Jasper Assignee: dev@tomcat.apache.org Reporter: ma...@apache.org Target Milestone: - I came across this while reviewing the coverity scan results. JSP.5.2 sets out should behave. That references JSP.1.14.2.1 for conversion from String values. Reviewing the code there appear to be multiple related issues: - PropertyEditor with null value may result in an exception when it should always be null - Empty strings are not correctly coerced - Coercion to Object is to String[] rather than String - Coercion to File is defined which is not present in the spec Since this report originates from code inspection, test cases need to be constructed to validate the bugs above before fixing. It would also be prudent to run the full Tomcat test suite and the JSP TCK against any fix. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63354] forced compression in HTTP2 truncate files
https://bz.apache.org/bugzilla/show_bug.cgi?id=63354 Alejandro Anadon changed: What|Removed |Added Resolution|FIXED |--- Status|RESOLVED|REOPENED --- Comment #3 from Alejandro Anadon --- Now I do not know if it is a bug or not. In some browser it works, in other do not. these are my results: 1) It work's in: -opera (all versions that I tested) -crome (all versions that I tested) -Internet Explorer 11.0.9600 with windows 7 2) It doesn't work with: -firefox -Internet Explorer 11.437.17 with Windows 10 -Microsoft edge windows 10 3) It closes the conexion without any result (so, it doesn't work) in: -any version of Safari that I tested. It seems that the gzip compresion, with http2 and small files (<90 bytes more or less) it is not well implemented in all browsers giving randoms resluts. If e.g. https://www.testdomain.com/test.html contains only (added the file in bug report https://bz.apache.org/bugzilla/attachment.cgi?id=36533 ): www.mydomain.com it returns only (when it fails): www.my The query headers are: Host: www.testdomain.com User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-US;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: JSESSIONID=3067C83FD0F2B5F506A95B1A14014C44 Upgrade-Insecure-Requests: 1 Pragma: no-cache Cache-Control: no-cache The response headers are: HTTP/2.0 200 OK content-type: text/html;charset=ISO-8859-1 content-length: 17 date: Wed, 17 Apr 2019 09:33:20 GMT vary: accept-encoding content-encoding: gzip X-Firefox-Spdy: h2 And the result in windows is only : www.my -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63354] forced compression in HTTP2 truncate files
https://bz.apache.org/bugzilla/show_bug.cgi?id=63354 --- Comment #2 from Alejandro Anadon --- Created attachment 36533 --> https://bz.apache.org/bugzilla/attachment.cgi?id=36533&action=edit test file rhat in some browser does not work with gzip and http2 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Avoid using object caches when disabled
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 2045d61 Avoid using object caches when disabled
2045d61 is described below
commit 2045d619a317af1cef2774402839e2ba15ef40cb
Author: remm
AuthorDate: Wed Apr 17 11:08:48 2019 +0200
Avoid using object caches when disabled
The special size value 0 allows disabling them, as is documented. In
addition to the structure creation, using a SynchronizedStack when they
have zero size still causes connector wide synchronization.
---
.../apache/tomcat/util/net/AbstractEndpoint.java | 5 +-
java/org/apache/tomcat/util/net/AprEndpoint.java | 13 +++--
java/org/apache/tomcat/util/net/Nio2Endpoint.java | 35 +-
java/org/apache/tomcat/util/net/NioEndpoint.java | 56 +++---
webapps/docs/changelog.xml | 3 ++
5 files changed, 80 insertions(+), 32 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
index 64be45b..8d01292 100644
--- a/java/org/apache/tomcat/util/net/AbstractEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AbstractEndpoint.java
@@ -1066,7 +1066,10 @@ public abstract class AbstractEndpoint {
if (socketWrapper == null) {
return false;
}
-SocketProcessorBase sc = processorCache.pop();
+SocketProcessorBase sc = null;
+if (processorCache != null) {
+sc = processorCache.pop();
+}
if (sc == null) {
sc = createSocketProcessor(socketWrapper, event);
} else {
diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java
b/java/org/apache/tomcat/util/net/AprEndpoint.java
index bfb5c55..fea7c15 100644
--- a/java/org/apache/tomcat/util/net/AprEndpoint.java
+++ b/java/org/apache/tomcat/util/net/AprEndpoint.java
@@ -455,8 +455,10 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
running = true;
paused = false;
-processorCache = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
-socketProperties.getProcessorCache());
+if (socketProperties.getProcessorCache() != 0) {
+processorCache = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
+socketProperties.getProcessorCache());
+}
// Create worker collection
if (getExecutor() == null) {
@@ -539,7 +541,10 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
}
sendfile = null;
}
-processorCache.clear();
+if (processorCache != null) {
+processorCache.clear();
+processorCache = null;
+}
}
shutdownExecutor();
}
@@ -2119,7 +2124,7 @@ public class AprEndpoint extends
AbstractEndpoint implements SNICallB
socketWrapper = null;
event = null;
//return to cache
-if (running && !paused) {
+if (running && !paused && processorCache != null) {
processorCache.push(this);
}
}
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index 65cdf4b..6d3e5d0 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -163,13 +163,17 @@ public class Nio2Endpoint extends
AbstractJsseEndpoint(SynchronizedStack.DEFAULT_SIZE,
-socketProperties.getProcessorCache());
-nioChannels = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
-socketProperties.getBufferPool());
+if (socketProperties.getProcessorCache() != 0) {
+processorCache = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
+socketProperties.getProcessorCache());
+}
+if (socketProperties.getBufferPool() != 0) {
+nioChannels = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
+socketProperties.getBufferPool());
+}
// Create worker collection
-if ( getExecutor() == null ) {
+if (getExecutor() == null) {
createExecutor();
}
@@ -229,8 +233,14 @@ public class Nio2Endpoint extends
AbstractJsseEndpoint
running = true;
paused = false;
-processorCache = new
SynchronizedStack<>(SynchronizedStack.DEFAULT_SIZE,
-socketProperties.getProcessorCache());
-eventCache = new
[Bug 63358] Allow exceptions thrown by Connector.start() when adding a connector to be caught and handled in code that embeds Tomcat
https://bz.apache.org/bugzilla/show_bug.cgi?id=63358 --- Comment #1 from Remy Maucherat --- I was going to complain, but ContainerBase.addChildInternal has a template for that. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63354] forced compression in HTTP2 truncate files
https://bz.apache.org/bugzilla/show_bug.cgi?id=63354 Alejandro Anadon changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: SSLv2Hello "Protocol" Support
On 16/04/2019 13:28, Coty Sutherland wrote: > Hi, > > It appears that the IBM JDK (version 8) has dropped support for SSLv2Hello > so when you startup tomcat with the IBM JDK you get a warning saying that > the protocol is being skipped. OpenJDK seems to have dropped it in version > 12 or 13 (I haven't tested, just noticed a user list thread about it) so I > guess we should look at dropping support for SSLv2Hello whenever Tomcat's > minimum JDK is one of those versions? Is there a document somewhere I can > add this too so it doesn't get forgotten? > > > > Thanks, > Coty > See https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html basically java5/6 clients need SSLv2Hello. I remember removing SSLv2Hello broke tests in 2004 and we had to put SSLv2Hello back... -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 63358] New: Allow exceptions thrown by Connector.start() when adding a connector to be caught and handled in code that embeds Tomcat
https://bz.apache.org/bugzilla/show_bug.cgi?id=63358 Bug ID: 63358 Summary: Allow exceptions thrown by Connector.start() when adding a connector to be caught and handled in code that embeds Tomcat Product: Tomcat 9 Version: 9.0.x Hardware: PC OS: All Status: NEW Severity: enhancement Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: awilkin...@pivotal.io Target Milestone: - This is a follow-on from https://bz.apache.org/bugzilla/show_bug.cgi?id=60152. When a connector is added to StandardService it calls Connector.start() if the service is available. If the connector throws an exception it is caught, logged, and swallowed [1]. This prevents an embedder from handling the exception. Could a similar change to [2] please be made that makes it possible for an embedder to catch and handle the exception themselves? [1] https://github.com/apache/tomcat/blob/d7a770acf8761c42958b56d6ce4864e32f8a9957/java/org/apache/catalina/core/StandardService.java#L227 [2] http://svn.apache.org/viewvc?view=revision&revision=1763769 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
