[tomcat] branch master updated: 63412: Fix security manager issue with async IO

Wed, 08 May 2019 12:34:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/master by this push:
     new c662b54  63412: Fix security manager issue with async IO
c662b54 is described below

commit c662b54b1328acf9db89085ffba0b2ad5e186306
Author: remm <r...@apache.org>
AuthorDate: Wed May 8 21:33:35 2019 +0200

    63412: Fix security manager issue with async IO
    
    Seen with websockets.
---
 java/org/apache/catalina/security/SecurityClassLoad.java |  8 ++++++++
 java/org/apache/tomcat/util/net/Nio2Endpoint.java        | 10 +++-------
 java/org/apache/tomcat/util/net/NioEndpoint.java         | 10 +++-------
 webapps/docs/changelog.xml                               |  4 ++++
 4 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java 
b/java/org/apache/catalina/security/SecurityClassLoad.java
index 2d902bc..8e34f4e 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,6 +190,14 @@ public final class SecurityClassLoad {
         loader.loadClass(basePackage + 
"util.net.NioBlockingSelector$BlockPoller$RunnableAdd");
         loader.loadClass(basePackage + 
"util.net.NioBlockingSelector$BlockPoller$RunnableCancel");
         loader.loadClass(basePackage + 
"util.net.NioBlockingSelector$BlockPoller$RunnableRemove");
+        loader.loadClass(basePackage + 
"util.net.NioEndpoint$NioSocketWrapper$OperationState");
+        loader.loadClass(basePackage + 
"util.net.NioEndpoint$NioSocketWrapper$VectoredIOCompletionHandler");
+        loader.loadClass(basePackage + 
"util.net.Nio2Endpoint$Nio2SocketWrapper$OperationState");
+        loader.loadClass(basePackage + 
"util.net.Nio2Endpoint$Nio2SocketWrapper$VectoredIOCompletionHandler");
+        loader.loadClass(basePackage + 
"util.net.SocketWrapperBase$BlockingMode");
+        loader.loadClass(basePackage + 
"util.net.SocketWrapperBase$CompletionCheck");
+        loader.loadClass(basePackage + 
"util.net.SocketWrapperBase$CompletionHandlerCall");
+        loader.loadClass(basePackage + 
"util.net.SocketWrapperBase$CompletionState");
         // security
         loader.loadClass(basePackage + "util.security.PrivilegedGetTccl");
         loader.loadClass(basePackage + "util.security.PrivilegedSetTccl");
diff --git a/java/org/apache/tomcat/util/net/Nio2Endpoint.java 
b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
index a4844bc..c307369 100644
--- a/java/org/apache/tomcat/util/net/Nio2Endpoint.java
+++ b/java/org/apache/tomcat/util/net/Nio2Endpoint.java
@@ -1148,15 +1148,11 @@ public class Nio2Endpoint extends 
AbstractJsseEndpoint<Nio2Channel,AsynchronousS
                     boolean complete = true;
                     boolean completion = true;
                     if (state.check != null) {
-                        switch (state.check.callHandler(currentState, 
state.buffers, state.offset, state.length)) {
-                        case CONTINUE:
+                        CompletionHandlerCall call = 
state.check.callHandler(currentState, state.buffers, state.offset, 
state.length);
+                        if (call == CompletionHandlerCall.CONTINUE) {
                             complete = false;
-                            break;
-                        case DONE:
-                            break;
-                        case NONE:
+                        } else if (call == CompletionHandlerCall.NONE) {
                             completion = false;
-                            break;
                         }
                     }
                     if (complete) {
diff --git a/java/org/apache/tomcat/util/net/NioEndpoint.java 
b/java/org/apache/tomcat/util/net/NioEndpoint.java
index a087ed8..1910bed 100644
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
@@ -1719,15 +1719,11 @@ public class NioEndpoint extends 
AbstractJsseEndpoint<NioChannel,SocketChannel>
                     boolean complete = true;
                     boolean completion = true;
                     if (state.check != null) {
-                        switch (state.check.callHandler(currentState, 
state.buffers, state.offset, state.length)) {
-                        case CONTINUE:
+                        CompletionHandlerCall call = 
state.check.callHandler(currentState, state.buffers, state.offset, 
state.length);
+                        if (call == CompletionHandlerCall.CONTINUE) {
                             complete = false;
-                            break;
-                        case DONE:
-                            break;
-                        case NONE:
+                        } else if (call == CompletionHandlerCall.NONE) {
                             completion = false;
-                            break;
                         }
                     }
                     if (complete) {
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1a2085c..69c5f45 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -62,6 +62,10 @@
       <fix>
         Filter out some cases of incorrect HTTP/2 connection timeout. (remm)
       </fix>
+      <fix>
+        <bug>63412</bug>: Security manager failure when using the async IO
+        API from a webapp. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to