buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5637 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 5ee9947fee01b7fa3e95d51a3092e9f5556d6df8 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 7aab38f Avoid possible infinite loop in unwrap
7aab38f is described below
commit 7aab38f545cbac418edcc42874b791e45bf8a8f5
Author: remm
AuthorDate: Thu Jan 21 21:18:44 2021 +0100
Avoid possible infinite loop in unwrap
As described in the testcase and debug info for 64771, an infinite loop
can occur if the buffers state changes concurrently to unwrap. The
capacity is set at the beginning of the method. If the last buffer
remaining becomes 0 for some reason, then idx will become equal to
endOffset and the code will loop endlessly, as long as
pendingReadableBytesInSSL returns > 0.
In that particular case, break the loop with an ISE that will allow
noticing the issue.
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 +
webapps/docs/changelog.xml | 4
3 files changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 3606acd..84990f3 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
+engine.invalidDestinationBuffersState=The state of the destination buffers
changed concurrently while unwrapping bytes
engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the
engine to only resuming existing sessions
engine.noSSLContext=No SSL context
engine.noSession=SSL session ID not available
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index e48acb4..cdd0617 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
while (pendingApp > 0) {
+if (idx == endOffset) {
+// Destination buffer state changed (no remaining space
although
+// capacity is still available), so break loop with an error
+throw new
IllegalStateException(sm.getString("engine.invalidDestinationBuffersState"));
+}
// Write decrypted data to dsts buffers
while (idx < endOffset) {
ByteBuffer dst = dsts[idx];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 3861161..937e544 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,10 @@
65001: Fix error handling for exceptions throw from calls
to ReadListener and WriteListener. (markt)
+
+Avoid possible infinite loop in OpenSSLEngine.unwrap
+when the destination buffers state is changed concurrently. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 95ceaf7 Avoid possible infinite loop in unwrap
95ceaf7 is described below
commit 95ceaf7b322eef7bc913d031a76306fd53c0cc48
Author: remm
AuthorDate: Thu Jan 21 21:18:44 2021 +0100
Avoid possible infinite loop in unwrap
As described in the testcase and debug info for 64771, an infinite loop
can occur if the buffers state changes concurrently to unwrap. The
capacity is set at the beginning of the method. If the last buffer
remaining becomes 0 for some reason, then idx will become equal to
endOffset and the code will loop endlessly, as long as
pendingReadableBytesInSSL returns > 0.
In that particular case, break the loop with an ISE that will allow
noticing the issue.
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 +
webapps/docs/changelog.xml | 4
3 files changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 3606acd..84990f3 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
+engine.invalidDestinationBuffersState=The state of the destination buffers
changed concurrently while unwrapping bytes
engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the
engine to only resuming existing sessions
engine.noSSLContext=No SSL context
engine.noSession=SSL session ID not available
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index e48acb4..cdd0617 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
while (pendingApp > 0) {
+if (idx == endOffset) {
+// Destination buffer state changed (no remaining space
although
+// capacity is still available), so break loop with an error
+throw new
IllegalStateException(sm.getString("engine.invalidDestinationBuffersState"));
+}
// Write decrypted data to dsts buffers
while (idx < endOffset) {
ByteBuffer dst = dsts[idx];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index effbe27..c9010e8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,10 @@
65001: Fix error handling for exceptions throw from calls
to ReadListener and WriteListener. (markt)
+
+Avoid possible infinite loop in OpenSSLEngine.unwrap
+when the destination buffers state is changed concurrently. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 5ee9947 Avoid possible infinite loop in unwrap
5ee9947 is described below
commit 5ee9947fee01b7fa3e95d51a3092e9f5556d6df8
Author: remm
AuthorDate: Thu Jan 21 21:18:44 2021 +0100
Avoid possible infinite loop in unwrap
As described in the testcase and debug info for 64771, an infinite loop
can occur if the buffers state changes concurrently to unwrap. The
capacity is set at the beginning of the method. If the last buffer
remaining becomes 0 for some reason, then idx will become equal to
endOffset and the code will loop endlessly, as long as
pendingReadableBytesInSSL returns > 0.
In that particular case, break the loop with an ISE that will allow
noticing the issue.
---
java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 +
webapps/docs/changelog.xml | 4
3 files changed, 10 insertions(+)
diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
index 3606acd..84990f3 100644
--- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
@@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed
engine.failedCipherSuite=Failed to enable cipher suite [{0}]
engine.inboundClose=Inbound closed before receiving peer's close_notify
engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <=
offset + length <= srcs.length [{2}])
+engine.invalidDestinationBuffersState=The state of the destination buffers
changed concurrently while unwrapping bytes
engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the
engine to only resuming existing sessions
engine.noSSLContext=No SSL context
engine.noSession=SSL session ID not available
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index e48acb4..cdd0617 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
}
while (pendingApp > 0) {
+if (idx == endOffset) {
+// Destination buffer state changed (no remaining space
although
+// capacity is still available), so break loop with an error
+throw new
IllegalStateException(sm.getString("engine.invalidDestinationBuffersState"));
+}
// Write decrypted data to dsts buffers
while (idx < endOffset) {
ByteBuffer dst = dsts[idx];
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0c6316b..4ff2839 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -175,6 +175,10 @@
65001: Fix error handling for exceptions throw from calls
to ReadListener and WriteListener. (markt)
+
+Avoid possible infinite loop in OpenSSLEngine.unwrap
+when the destination buffers state is changed concurrently. (remm)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 --- Comment #11 from Mark Thomas --- The reproducer provided in the Spring issue uses Tomcat 9.0.41 and that has the available() fixes. Bug 65001 might be a factor and that is a post 9.0.41 fix but since I can't reproduce the issue, I can't test that. I'll point the OP of the Spring issue to the snapshots to see if that helps. My current thoughts are this is not a Tomcat issue as per my comment on the Spring issue. I agree with your ISE suggestion to catch his state. Async code is easy to get wrong and we should be defensive where practical. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
Hmm, makes me think about two comments:
1. Looks like a custom formatter not matching inline syntax of abstract
logging valve so maybe extract the parser/element factory in a class
reusable by multiple implementations.
2. Your pre and post are specific to json but dont enable native json since
null case will need a default and details like that dont make it too json
friendly. Id rather use element extractors to create a json object i would
jsonb.toJson before logging. It also brings another issue which is in some
cases you will want to batch json log lines in arrays for faster sending -
when not using docker json logging driver typically but directly pushing to
solr/elasticsearch for ex.
So overall a new valve creating a JsonRecord and serialized to string -or
just using jsongenerator - is way easier for your use case imo than making
the default valve abstracted which will require a lot of details.
However, being able to list the elements to log and reusing logging valve
element factory impl can ease it to be configurable so this is the part i
would extract and then i would just do a JsonLoggingValve using a list of
elements - not a real string pattern hut a list. Only code to import for
json support looks like the string escaping (can be copied from johnzon
Strings class or log4j2 equivalent class, it is small and avoids any dep).
Hope it makes sense and helps a bit to solve your need.
Side note: such a valve is already embeddable in your app enabling to have
any custom dependency if it helps.
Le jeu. 21 janv. 2021 à 16:03, Thomas Meyer a écrit :
> On Thu, Jan 21, 2021 at 03:28:12PM +0100, Romain Manni-Bucau wrote:
> > Hi
>
> Hi,
>
> > Why cant it be added as element earlier at pattern parsing time? Would
> > avoid to have two particular cases and keep current pattern/impl.
> > A %java or so sounds more natural no?
>
> Mhh, maybe I just share my idea of the concrete implementation, so you see
> what I want to do:
>
> Premise: The JUL logging is configured to log all below to an own handler.
>
> public class LoggingAccessLogValve extends AbstractAccessLogValve {
>
> private static final Log log =
> LogFactory.getLog(LoggingAccessLogValve.class);
> private Map writers = new
> WeakHashMap<>();
>
> @Override
> protected void log(CharArrayWriter message) {
> if(log.isInfoEnabled()) {
> log.info(message);
> }
> }
>
> protected void preLogAddElement(CharArrayWriter result) {
> JsonGenerator jsonWriter = Json.createGenerator(result);
> synchronized (this) {
> writers.put(result,jsonWriter);
> }
> jsonWriter.writeStartObject();
> }
>
> protected void postLogAddElement(CharArrayWriter result) {
> JsonGenerator jsonWriter = null;
> synchronized (this) {
> jsonWriter = writers.remove(result);
> }
> if(jsonWriter != null) {
> jsonWriter.writeEnd();
> jsonWriter.close();
> }
> }
>
> private class JsonAccessLogElementWrapper implements
> AccessLogElement {
>
> private final String jsonAttributeName;
> private final AccessLogElement delegate;
>
> public JsonAccessLogElementWrapper(AccessLogElement e,
> String name) {
> delegate = e;
> jsonAttributeName = name;
> }
>
> @Override
> public void addElement(CharArrayWriter buf, Date date,
> Request request, Response response, long time) {
> JsonGenerator jsonWriter = null;
> synchronized (this) {
> jsonWriter = writers.get(buf);
> }
> if(jsonWriter == null) {
> // TODO: add warn
> return;
> }
>
> // TODO: maybe even use stack/cache of
> CharyArrayWriter here, too
> CharArrayWriter writer = new CharArrayWriter();
> delegate.addElement(writer, date, request,
> response, time);
> jsonWriter.write(jsonAttributeName,
> writer.toString());
> }
> }
>
> @Override
> protected AccessLogElement createAccessLogElement(String name,
> char pattern) {
> AccessLogElement e = super.createAccessLogElement(name,
> pattern);
> return new JsonAccessLogElementWrapper(e, mapName(e) + '-'
> + name);
> }
>
> @Override
> protected AccessLogElement createAccessLogElement(char pattern) {
> AccessLogElement e = super.createAccessLogElement(pattern);
> re
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
On Thu, Jan 21, 2021 at 03:28:12PM +0100, Romain Manni-Bucau wrote:
> Hi
Hi,
> Why cant it be added as element earlier at pattern parsing time? Would
> avoid to have two particular cases and keep current pattern/impl.
> A %java or so sounds more natural no?
Mhh, maybe I just share my idea of the concrete implementation, so you see
what I want to do:
Premise: The JUL logging is configured to log all below to an own handler.
public class LoggingAccessLogValve extends AbstractAccessLogValve {
private static final Log log =
LogFactory.getLog(LoggingAccessLogValve.class);
private Map writers = new
WeakHashMap<>();
@Override
protected void log(CharArrayWriter message) {
if(log.isInfoEnabled()) {
log.info(message);
}
}
protected void preLogAddElement(CharArrayWriter result) {
JsonGenerator jsonWriter = Json.createGenerator(result);
synchronized (this) {
writers.put(result,jsonWriter);
}
jsonWriter.writeStartObject();
}
protected void postLogAddElement(CharArrayWriter result) {
JsonGenerator jsonWriter = null;
synchronized (this) {
jsonWriter = writers.remove(result);
}
if(jsonWriter != null) {
jsonWriter.writeEnd();
jsonWriter.close();
}
}
private class JsonAccessLogElementWrapper implements AccessLogElement {
private final String jsonAttributeName;
private final AccessLogElement delegate;
public JsonAccessLogElementWrapper(AccessLogElement e, String
name) {
delegate = e;
jsonAttributeName = name;
}
@Override
public void addElement(CharArrayWriter buf, Date date, Request
request, Response response, long time) {
JsonGenerator jsonWriter = null;
synchronized (this) {
jsonWriter = writers.get(buf);
}
if(jsonWriter == null) {
// TODO: add warn
return;
}
// TODO: maybe even use stack/cache of CharyArrayWriter
here, too
CharArrayWriter writer = new CharArrayWriter();
delegate.addElement(writer, date, request, response,
time);
jsonWriter.write(jsonAttributeName, writer.toString());
}
}
@Override
protected AccessLogElement createAccessLogElement(String name, char
pattern) {
AccessLogElement e = super.createAccessLogElement(name,
pattern);
return new JsonAccessLogElementWrapper(e, mapName(e) + '-' +
name);
}
@Override
protected AccessLogElement createAccessLogElement(char pattern) {
AccessLogElement e = super.createAccessLogElement(pattern);
return new JsonAccessLogElementWrapper(e, mapName(e));
}
private String mapName(AccessLogElement e) {
if(e instanceof RemoteAddrElement) {
return "remoteAddr";
} else if(e instanceof HostElement) {
return "host";
// TODO: finish
}
throw new IllegalArgumentException();
}
}
so what do you think about this approach?
mfg
thomas
>
> Le jeu. 21 janv. 2021 à 13:59, Thomas Meyer a écrit :
>
> > a sub class can extend before and after the addElement loop to
> > establish a context via thread-dependend CharArrayWriter object.
> > ---
> > java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 +
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> > b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> > index e23f49d3a5..5e774c2320 100644
> > --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> > +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> > @@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends
> > ValveBase implements Access
> > result = new CharArrayWriter(128);
> > }
> >
> > +preLogAddElement(result);
> > for (int i = 0; i < logElements.length; i++) {
> > logElements[i].addElement(result, date, request, response,
> > time);
> > }
> > +postLogAddElement(result);
> >
> > log(result);
> >
> > @@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends
> > ValveBase implements Access
> >
> > // --
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
Hi
Why cant it be added as element earlier at pattern parsing time? Would
avoid to have two particular cases and keep current pattern/impl.
A %java or so sounds more natural no?
Le jeu. 21 janv. 2021 à 13:59, Thomas Meyer a écrit :
> a sub class can extend before and after the addElement loop to
> establish a context via thread-dependend CharArrayWriter object.
> ---
> java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> index e23f49d3a5..5e774c2320 100644
> --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
> @@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends
> ValveBase implements Access
> result = new CharArrayWriter(128);
> }
>
> +preLogAddElement(result);
> for (int i = 0; i < logElements.length; i++) {
> logElements[i].addElement(result, date, request, response,
> time);
> }
> +postLogAddElement(result);
>
> log(result);
>
> @@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends
> ValveBase implements Access
>
> // Protected
> Methods
>
> +protected void preLogAddElement(CharArrayWriter result) {}
> +protected void postLogAddElement(CharArrayWriter result) {}
> +
> /**
> * Log the specified message.
> *
> --
> 2.20.1
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
On 21/01/2021 14:17, Christopher Schultz wrote: > Mark, > > On 1/21/21 09:15, Mark Thomas wrote: >> On 21/01/2021 13:51, Christopher Schultz wrote: >>> Mark, >>> >>> On 1/20/21 11:58, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 7c3fb67 File separator, not path separator >>> >>> Any reason not to use java.nio.Path here instead of a String? >> >> I assume you mean java.nio.file.Path > > Yep. > >> Tomcat 7 has a minimum requirement of Java 6 and Path is only available >> from Java 7 onwards. > > Oh, right. :( > > I'd complain about "legacy Java versions" except that I'm still deployed > on Java 8 wah wahhh. A little over 2 months and we can say goodbye to Java 6 support... .. and we'll be able to advance to the dizzy heights of Java 7 as a minimum :) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
Mark,
On 1/21/21 09:15, Mark Thomas wrote:
On 21/01/2021 13:51, Christopher Schultz wrote:
Mark,
On 1/20/21 11:58, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 7c3fb67 File separator, not path separator
Any reason not to use java.nio.Path here instead of a String?
I assume you mean java.nio.file.Path
Yep.
Tomcat 7 has a minimum requirement of Java 6 and Path is only available
from Java 7 onwards.
Oh, right. :(
I'd complain about "legacy Java versions" except that I'm still deployed
on Java 8 wah wahhh.
-chris
Mark
-chris
7c3fb67 is described below
commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7
Author: Mark Thomas
AuthorDate: Wed Jan 20 16:38:32 2021 +
File separator, not path separator
---
java/org/apache/catalina/util/FileUtil.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/util/FileUtil.java
b/java/org/apache/catalina/util/FileUtil.java
index d25bde7..c8a69cb 100644
--- a/java/org/apache/catalina/util/FileUtil.java
+++ b/java/org/apache/catalina/util/FileUtil.java
@@ -26,8 +26,8 @@ public class FileUtil {
public FileUtil(File f) throws IOException {
String path = f.getCanonicalPath();
- if (!path.endsWith(File.pathSeparator)) {
- path += File.pathSeparatorChar;
+ if (!path.endsWith(File.separator)) {
+ path += File.separatorChar;
}
canonicalPath = path;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
On 21/01/2021 13:51, Christopher Schultz wrote:
> Mark,
>
> On 1/20/21 11:58, ma...@apache.org wrote:
>> This is an automated email from the ASF dual-hosted git repository.
>>
>> markt pushed a commit to branch 7.0.x
>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>
>>
>> The following commit(s) were added to refs/heads/7.0.x by this push:
>> new 7c3fb67 File separator, not path separator
>
> Any reason not to use java.nio.Path here instead of a String?
I assume you mean java.nio.file.Path
Tomcat 7 has a minimum requirement of Java 6 and Path is only available
from Java 7 onwards.
Mark
>
> -chris
>
>> 7c3fb67 is described below
>>
>> commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7
>> Author: Mark Thomas
>> AuthorDate: Wed Jan 20 16:38:32 2021 +
>>
>> File separator, not path separator
>> ---
>> java/org/apache/catalina/util/FileUtil.java | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/java/org/apache/catalina/util/FileUtil.java
>> b/java/org/apache/catalina/util/FileUtil.java
>> index d25bde7..c8a69cb 100644
>> --- a/java/org/apache/catalina/util/FileUtil.java
>> +++ b/java/org/apache/catalina/util/FileUtil.java
>> @@ -26,8 +26,8 @@ public class FileUtil {
>> public FileUtil(File f) throws IOException {
>> String path = f.getCanonicalPath();
>> - if (!path.endsWith(File.pathSeparator)) {
>> - path += File.pathSeparatorChar;
>> + if (!path.endsWith(File.separator)) {
>> + path += File.separatorChar;
>> }
>> canonicalPath = path;
>>
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
Mark,
On 1/20/21 11:58, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/7.0.x by this push:
new 7c3fb67 File separator, not path separator
Any reason not to use java.nio.Path here instead of a String?
-chris
7c3fb67 is described below
commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7
Author: Mark Thomas
AuthorDate: Wed Jan 20 16:38:32 2021 +
File separator, not path separator
---
java/org/apache/catalina/util/FileUtil.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/util/FileUtil.java
b/java/org/apache/catalina/util/FileUtil.java
index d25bde7..c8a69cb 100644
--- a/java/org/apache/catalina/util/FileUtil.java
+++ b/java/org/apache/catalina/util/FileUtil.java
@@ -26,8 +26,8 @@ public class FileUtil {
public FileUtil(File f) throws IOException {
String path = f.getCanonicalPath();
-if (!path.endsWith(File.pathSeparator)) {
-path += File.pathSeparatorChar;
+if (!path.endsWith(File.separator)) {
+path += File.separatorChar;
}
canonicalPath = path;
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 9.0.x updated: Use java.nio.file.Path for consistent sub-directory checking
Mark,
On 1/20/21 08:56, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4785433 Use java.nio.file.Path for consistent sub-directory checking
Good call. No more File.separator yay!
-chris
4785433 is described below
commit 4785433a226a20df6acbea49296e1ce7e23de453
Author: Mark Thomas
AuthorDate: Wed Jan 20 13:28:57 2021 +
Use java.nio.file.Path for consistent sub-directory checking
---
.../apache/catalina/servlets/DefaultServlet.java| 2 +-
java/org/apache/catalina/session/FileStore.java | 2 +-
java/org/apache/catalina/startup/ContextConfig.java | 3 ++-
java/org/apache/catalina/startup/ExpandWar.java | 21 +++--
java/org/apache/catalina/startup/HostConfig.java| 3 +--
webapps/docs/changelog.xml | 4
6 files changed, 16 insertions(+), 19 deletions(-)
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 2aca1b2..e0b6711 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -2137,7 +2137,7 @@ public class DefaultServlet extends HttpServlet {
// First check that the resulting path is under the provided base
try {
-if
(!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) {
+if
(!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath()))
{
return null;
}
} catch (IOException ioe) {
diff --git a/java/org/apache/catalina/session/FileStore.java
b/java/org/apache/catalina/session/FileStore.java
index cf3ea88..cac6027 100644
--- a/java/org/apache/catalina/session/FileStore.java
+++ b/java/org/apache/catalina/session/FileStore.java
@@ -351,7 +351,7 @@ public final class FileStore extends StoreBase {
File file = new File(storageDir, filename);
// Check the file is within the storage directory
-if
(!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) {
+if
(!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath()))
{
log.warn(sm.getString("fileStore.invalid", file.getPath(), id));
return null;
}
diff --git a/java/org/apache/catalina/startup/ContextConfig.java
b/java/org/apache/catalina/startup/ContextConfig.java
index 2e02b7f..5926bfc 100644
--- a/java/org/apache/catalina/startup/ContextConfig.java
+++ b/java/org/apache/catalina/startup/ContextConfig.java
@@ -858,7 +858,8 @@ public class ContextConfig implements LifecycleListener {
String docBaseCanonical = docBaseAbsoluteFile.getCanonicalPath();
// Re-calculate now docBase is a canonical path
-boolean docBaseCanonicalInAppBase =
docBaseCanonical.startsWith(appBase.getPath() + File.separatorChar);
+boolean docBaseCanonicalInAppBase =
+
docBaseAbsoluteFile.getCanonicalFile().toPath().startsWith(appBase.toPath());
String docBase;
if (docBaseCanonicalInAppBase) {
docBase = docBaseCanonical.substring(appBase.getPath().length());
diff --git a/java/org/apache/catalina/startup/ExpandWar.java
b/java/org/apache/catalina/startup/ExpandWar.java
index a76acc2..ebc3e46 100644
--- a/java/org/apache/catalina/startup/ExpandWar.java
+++ b/java/org/apache/catalina/startup/ExpandWar.java
@@ -26,6 +26,7 @@ import java.net.JarURLConnection;
import java.net.URL;
import java.net.URLConnection;
import java.nio.channels.FileChannel;
+import java.nio.file.Path;
import java.util.Enumeration;
import java.util.jar.JarEntry;
import java.util.jar.JarFile;
@@ -116,10 +117,7 @@ public class ExpandWar {
}
// Expand the WAR into the new document base directory
-String canonicalDocBasePrefix = docBase.getCanonicalPath();
-if (!canonicalDocBasePrefix.endsWith(File.separator)) {
-canonicalDocBasePrefix += File.separator;
-}
+Path canonicalDocBasePath = docBase.getCanonicalFile().toPath();
// Creating war tracker parent (normally META-INF)
File warTrackerParent = warTracker.getParentFile();
@@ -134,14 +132,13 @@ public class ExpandWar {
JarEntry jarEntry = jarEntries.nextElement();
String name = jarEntry.getName();
File expandedFile = new File(docBase, name);
-if (!expandedFile.getCanonicalPath().startsWith(
-canonicalDocBasePrefix)) {
+if
(!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) {
// Trying to expand outside the docBase
[PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
a sub class can extend before and after the addElement loop to
establish a context via thread-dependend CharArrayWriter object.
---
java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 +
1 file changed, 5 insertions(+)
diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
index e23f49d3a5..5e774c2320 100644
--- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java
+++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java
@@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
result = new CharArrayWriter(128);
}
+preLogAddElement(result);
for (int i = 0; i < logElements.length; i++) {
logElements[i].addElement(result, date, request, response, time);
}
+postLogAddElement(result);
log(result);
@@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends
ValveBase implements Access
// Protected
Methods
+protected void preLogAddElement(CharArrayWriter result) {}
+protected void postLogAddElement(CharArrayWriter result) {}
+
/**
* Log the specified message.
*
--
2.20.1
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5636 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 721e6e1f21d4b0180f6e5d3d225878d27e21f7dd Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Graal 21.0 now supports serialization
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 69c2453 Graal 21.0 now supports serialization 69c2453 is described below commit 69c2453ed47931fc525163af936545779f499b01 Author: remm AuthorDate: Thu Jan 21 11:00:14 2021 +0100 Graal 21.0 now supports serialization I have not actually tested with clustering or session serialization, and it is possible the base json descriptors need an update, but the general warning is now out of date. --- webapps/docs/graal.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index f079197..0394d5a 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -201,9 +201,6 @@ mvn package Missing items for better Tomcat functionality: - https://github.com/oracle/graal/issues/460";>Java -serialization: Clustering and session persistence are not -functional https://github.com/oracle/graal/issues/2103";>JMX: The usual monitoring and management is not usable java.util.logging LogManager: Configuration through a system property - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Graal 21.0 now supports serialization
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 721e6e1 Graal 21.0 now supports serialization 721e6e1 is described below commit 721e6e1f21d4b0180f6e5d3d225878d27e21f7dd Author: remm AuthorDate: Thu Jan 21 11:00:14 2021 +0100 Graal 21.0 now supports serialization I have not actually tested with clustering or session serialization, and it is possible the base json descriptors need an update, but the general warning is now out of date. --- webapps/docs/graal.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index f751d03..6def03d 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -201,9 +201,6 @@ mvn package Missing items for better Tomcat functionality: - https://github.com/oracle/graal/issues/460";>Java -serialization: Clustering and session persistence are not -functional https://github.com/oracle/graal/issues/2103";>JMX: The usual monitoring and management is not usable java.util.logging LogManager: Configuration through a system property - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 --- Comment #10 from Remy Maucherat --- (In reply to Mark Thomas from comment #9) > RE-opening this issue while I look at the test case... The use of non container threads doing ??? seems to be the root cause of the problems here. Also the behavior of available() could be a contributor, and you did change that for the better very recently. So you might not be able to reproduce. OTOH, I would still like to add a ISE exit for the loop in OpenSSLEngine.unwrap, in case the state becomes inconsistent. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 Mark Thomas changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WORKSFORME |--- --- Comment #9 from Mark Thomas --- RE-opening this issue while I look at the test case... -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
