[tomcat] branch 8.5.x updated: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64023

Fri, 20 Dec 2019 07:45:38 -0800 

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
     new 50dacc5  Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64023
50dacc5 is described below

commit 50dacc525502387a326c3f47de53c0742b8a478b
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Dec 20 10:34:12 2019 -0500

    Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64023
    
    Skip null-valued session attributes when de-serializing sessions.
---
 java/org/apache/catalina/ha/session/DeltaSession.java | 4 +++-
 java/org/apache/catalina/session/StandardSession.java | 4 +++-
 webapps/docs/changelog.xml                            | 4 ++++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/ha/session/DeltaSession.java 
b/java/org/apache/catalina/ha/session/DeltaSession.java
index 947fa62..2465c60 100644
--- a/java/org/apache/catalina/ha/session/DeltaSession.java
+++ b/java/org/apache/catalina/ha/session/DeltaSession.java
@@ -846,7 +846,9 @@ public class DeltaSession extends StandardSession 
implements Externalizable,Clus
             if (exclude(name, value)) {
                 continue;
             }
-            attributes.put(name, value);
+            // ConcurrentHashMap does not allow null keys or values
+            if(null != value)
+                attributes.put(name, value);
         }
         isValid = isValidSave;
 
diff --git a/java/org/apache/catalina/session/StandardSession.java 
b/java/org/apache/catalina/session/StandardSession.java
index da2ae4c..3c17587 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -1600,7 +1600,9 @@ public class StandardSession implements HttpSession, 
Session, Serializable {
             if (exclude(name, value)) {
                 continue;
             }
-            attributes.put(name, value);
+            // ConcurrentHashMap does not allow null keys or values
+            if(null != value)
+                attributes.put(name, value);
         }
         isValid = isValidSave;
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 71fb984..845562c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -83,6 +83,10 @@
         the JRE. This listener will be removed in Tomcat 10 and may be removed
         from Tomcat 8.5.x some time after 2020-12-31. (markt)
       </scode>
+      <fix>
+        <bug>64023</bug>: Skip null-valued session attributes when 
deserializing
+        sessions. (schultz)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to