svn commit: r1811328 - in /tomcat/trunk: java/org/apache/tomcat/util/security/PrivilegedSetTccl.java java/org/apache/tomcat/util/threads/TaskThreadFactory.java webapps/docs/changelog.xml

Fri, 06 Oct 2017 06:16:22 -0700 

Author: markt
Date: Fri Oct  6 13:15:57 2017
New Revision: 1811328

URL: http://svn.apache.org/viewvc?rev=1811328&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=61568
Avoid a potential SecurityException when using the NIO2 connector and a new 
thread is added to the pool.

Modified:
    tomcat/trunk/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java
    tomcat/trunk/java/org/apache/tomcat/util/threads/TaskThreadFactory.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java?rev=1811328&r1=1811327&r2=1811328&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/security/PrivilegedSetTccl.java 
Fri Oct  6 13:15:57 2017
@@ -20,15 +20,22 @@ import java.security.PrivilegedAction;
 
 public class PrivilegedSetTccl implements PrivilegedAction<Void> {
 
-    private ClassLoader cl;
+    private final ClassLoader cl;
+    private final Thread t;
 
     public PrivilegedSetTccl(ClassLoader cl) {
+        this(Thread.currentThread(), cl);
+    }
+
+    public PrivilegedSetTccl(Thread t, ClassLoader cl) {
+        this.t = t;
         this.cl = cl;
     }
 
+
     @Override
     public Void run() {
-        Thread.currentThread().setContextClassLoader(cl);
+        t.setContextClassLoader(cl);
         return null;
     }
 }
\ No newline at end of file

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/threads/TaskThreadFactory.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/threads/TaskThreadFactory.java?rev=1811328&r1=1811327&r2=1811328&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/threads/TaskThreadFactory.java 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/threads/TaskThreadFactory.java Fri 
Oct  6 13:15:57 2017
@@ -45,28 +45,21 @@ public class TaskThreadFactory implement
 
     @Override
     public Thread newThread(Runnable r) {
-        ClassLoader loader = Thread.currentThread().getContextClassLoader();
-        try {
-            // Threads should not be created by the webapp classloader
-            if (Constants.IS_SECURITY_ENABLED) {
-                PrivilegedAction<Void> pa = new PrivilegedSetTccl(
-                        getClass().getClassLoader());
-                AccessController.doPrivileged(pa);
-            } else {
-                Thread.currentThread().setContextClassLoader(
-                        getClass().getClassLoader());
-            }
-            TaskThread t = new TaskThread(group, r, namePrefix + 
threadNumber.getAndIncrement());
-            t.setDaemon(daemon);
-            t.setPriority(threadPriority);
-            return t;
-        } finally {
-            if (Constants.IS_SECURITY_ENABLED) {
-                PrivilegedAction<Void> pa = new PrivilegedSetTccl(loader);
-                AccessController.doPrivileged(pa);
-            } else {
-                Thread.currentThread().setContextClassLoader(loader);
-            }
+        TaskThread t = new TaskThread(group, r, namePrefix + 
threadNumber.getAndIncrement());
+        t.setDaemon(daemon);
+        t.setPriority(threadPriority);
+
+        // Set the context class loader of newly created threads to be the 
class
+        // loader that loaded this factory. This avoids retaining references to
+        // web application class loaders and similar.
+        if (Constants.IS_SECURITY_ENABLED) {
+            PrivilegedAction<Void> pa = new PrivilegedSetTccl(
+                    t, getClass().getClassLoader());
+            AccessController.doPrivileged(pa);
+        } else {
+            t.setContextClassLoader(getClass().getClassLoader());
         }
+
+        return t;
     }
 }

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1811328&r1=1811327&r2=1811328&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Fri Oct  6 13:15:57 2017
@@ -56,6 +56,10 @@
   <subsection name="Coyote">
     <changelog>
       <fix>
+        <bug>61568</bug>: Avoid a potential <code>SecurityException</code> when
+        using the NIO2 connector and a new thread is added to the pool. (markt)
+      </fix>
+      <fix>
         <bug>61583</bug>: Correct a further regression in the fix to enable the
         use of Java key stores that contained multiple keys that did not all
         have the same password. This fixes PKCS11 key store handling with



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to