Author: markt
Date: Fri Aug 26 18:18:39 2016
New Revision: 1757903
URL: http://svn.apache.org/viewvc?rev=1757903&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60035
Fix a potential connection leak if the client drops a TLS connection before the
handshake completes.
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java
tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java?rev=1757903&r1=1757902&r2=1757903&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/Nio2Endpoint.java Fri Aug 26
18:18:39 2016
@@ -1608,14 +1608,15 @@ public class Nio2Endpoint extends Abstra
int handshake = -1;
try {
- // For STOP there is no point trying to handshake as the
- // Poller has been stopped.
- if (!socketWrapper.getSocket().isHandshakeComplete() &&
event == SocketEvent.ERROR) {
- handshake = -1;
- } else if (socketWrapper.getSocket().isHandshakeComplete()
||
- event == SocketEvent.STOP ||
- event == SocketEvent.ERROR) {
+ if (socketWrapper.getSocket().isHandshakeComplete()) {
+ // No TLS handshaking required. Let the handler
+ // process this socket / event combination.
handshake = 0;
+ } else if (event == SocketEvent.STOP || event ==
SocketEvent.DISCONNECT ||
+ event == SocketEvent.ERROR) {
+ // Unable to complete the TLS handshake. Treat it as
+ // if the handshake failed.
+ handshake = -1;
} else {
handshake = socketWrapper.getSocket().handshake();
// The handshake process reads/writes from/to the
Modified: tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?rev=1757903&r1=1757902&r2=1757903&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java Fri Aug 26
18:18:39 2016
@@ -1374,10 +1374,15 @@ public class NioEndpoint extends Abstrac
try {
if (key != null) {
- // For STOP there is no point trying to handshake as
the
- // Poller has been stopped.
- if (socket.isHandshakeComplete() || event ==
SocketEvent.STOP) {
+ if (socket.isHandshakeComplete()) {
+ // No TLS handshaking required. Let the handler
+ // process this socket / event combination.
handshake = 0;
+ } else if (event == SocketEvent.STOP || event ==
SocketEvent.DISCONNECT ||
+ event == SocketEvent.ERROR) {
+ // Unable to complete the TLS handshake. Treat it
as
+ // if the handshake failed.
+ handshake = -1;
} else {
handshake = socket.handshake(key.isReadable(),
key.isWritable());
// The handshake process reads/writes from/to the
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1757903&r1=1757902&r2=1757903&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Aug 26 18:18:39 2016
@@ -229,6 +229,10 @@
Use the proper ERROR socket status code for async errors with NIO2.
(remm)
</fix>
+ <fix>
+ <bug>60035</bug>: Fix a potential connection leak if the client drops a
+ TLS connection before the handshake completes. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
