[tomcat] branch master updated: Fix a potential resource leak.

2019-04-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new 108df0e  Fix a potential resource leak.
108df0e is described below

commit 108df0e38ea841aa153161d39342f84266ad4a22
Author: Mark Thomas 
AuthorDate: Wed Apr 17 16:01:41 2019 +0100

Fix a potential resource leak.

Identified by Coverity scan.
---
 java/org/apache/catalina/webresources/JarWarResource.java | 2 ++
 webapps/docs/changelog.xml| 4 
 2 files changed, 6 insertions(+)

diff --git a/java/org/apache/catalina/webresources/JarWarResource.java 
b/java/org/apache/catalina/webresources/JarWarResource.java
index 90321ee..cce1233 100644
--- a/java/org/apache/catalina/webresources/JarWarResource.java
+++ b/java/org/apache/catalina/webresources/JarWarResource.java
@@ -72,6 +72,8 @@ public class JarWarResource extends AbstractArchiveResource {
 log.debug(sm.getString("jarResource.getInputStreamFail",
 getResource().getName(), getBaseUrl()), e);
 }
+// Ensure jarIs is closed if there is an exception
+entry = null;
 return null;
 } finally {
 if (entry == null) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 73ac6fb..534424d 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -64,6 +64,10 @@
 Fix a potential concurrency issue in the main Sendfile thread of the 
APR
 connector. Identified by Coverity scan. (markt)
   
+  
+Fix a potential resource leak when running a web application from a WAR
+file. Identified by Coverity scan. (markt)
+  
 
   
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch master updated: Fix a potential resource leak

2019-04-17 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
 new a77d54f  Fix a potential resource leak
a77d54f is described below

commit a77d54fd6116d44dba2bee029cb3e57342ab1857
Author: Mark Thomas 
AuthorDate: Wed Apr 17 12:37:36 2019 +0100

Fix a potential resource leak
---
 java/org/apache/catalina/servlets/CGIServlet.java | 75 +++
 webapps/docs/changelog.xml|  4 ++
 2 files changed, 41 insertions(+), 38 deletions(-)

diff --git a/java/org/apache/catalina/servlets/CGIServlet.java 
b/java/org/apache/catalina/servlets/CGIServlet.java
index 7a3396a..b519497 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -1178,54 +1178,53 @@ public final class CGIServlet extends HttpServlet {
 return;
 }
 
-File f = new File(destPath.toString());
-if (f.exists()) {
-try {
-is.close();
-} catch (IOException e) {
-log.warn(sm.getString("cgiServlet.expandCloseFail", 
srcPath), e);
+try {
+File f = new File(destPath.toString());
+if (f.exists()) {
+// Don't need to expand if it already exists
+return;
 }
-// Don't need to expand if it already exists
-return;
-}
 
-// create directories
-File dir = f.getParentFile();
-if (!dir.mkdirs() && !dir.isDirectory()) {
-log.warn(sm.getString("cgiServlet.expandCreateDirFail", 
dir.getAbsolutePath()));
-return;
-}
+// create directories
+File dir = f.getParentFile();
+if (!dir.mkdirs() && !dir.isDirectory()) {
+log.warn(sm.getString("cgiServlet.expandCreateDirFail", 
dir.getAbsolutePath()));
+return;
+}
 
-try {
-synchronized (expandFileLock) {
-// make sure file doesn't exist
-if (f.exists()) {
-return;
-}
+try {
+synchronized (expandFileLock) {
+// make sure file doesn't exist
+if (f.exists()) {
+return;
+}
 
-// create file
-if (!f.createNewFile()) {
-return;
-}
+// create file
+if (!f.createNewFile()) {
+return;
+}
 
-try {
 Files.copy(is, f.toPath());
-} finally {
-is.close();
-}
 
-if (log.isDebugEnabled()) {
-log.debug(sm.getString("cgiServlet.expandOk", srcPath, 
destPath));
+if (log.isDebugEnabled()) {
+log.debug(sm.getString("cgiServlet.expandOk", 
srcPath, destPath));
+}
 }
-}
-} catch (IOException ioe) {
-log.warn(sm.getString("cgiServlet.expandFail", srcPath, 
destPath), ioe);
-// delete in case file is corrupted
-if (f.exists()) {
-if (!f.delete()) {
-log.warn(sm.getString("cgiServlet.expandDeleteFail", 
f.getAbsolutePath()));
+} catch (IOException ioe) {
+log.warn(sm.getString("cgiServlet.expandFail", srcPath, 
destPath), ioe);
+// delete in case file is corrupted
+if (f.exists()) {
+if (!f.delete()) {
+
log.warn(sm.getString("cgiServlet.expandDeleteFail", f.getAbsolutePath()));
+}
 }
 }
+} finally {
+try {
+is.close();
+} catch (IOException e) {
+log.warn(sm.getString("cgiServlet.expandCloseFail", 
srcPath), e);
+}
 }
 }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 9e99e0b..d1648f8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -52,6 +52,10 @@
 path which in turn meant resource URLs were not being constructed as
 expected. (markt)
   
+  
+Fix a potential resource leak when executing CGI scripts from a WAR
+file. Identified by Coverity