[tomcat] branch 9.0.x updated: Fix potential concurrency issue.

Tue, 08 Mar 2022 08:32:42 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
     new 5975de9  Fix potential concurrency issue.
5975de9 is described below

commit 5975de9818244c8e967f2d22020948404d0547c2
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 8 16:27:03 2022 +0000

    Fix potential concurrency issue.
    
    If the request is split across multiple packets and those packets are
    processed in rapid succession then it is possible that subsequent
    packets see the wrong value for readComplete and register the socket for
    a further read rather than processing the request.
---
 java/org/apache/coyote/http11/Http11Processor.java | 4 ++--
 webapps/docs/changelog.xml                         | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/coyote/http11/Http11Processor.java 
b/java/org/apache/coyote/http11/Http11Processor.java
index 7aaf1f8..eb9199d 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -111,13 +111,13 @@ public class Http11Processor extends AbstractProcessor {
      * Flag used to indicate that the socket should be kept open (e.g. for keep
      * alive or send file.
      */
-    private boolean openSocket = false;
+    private volatile boolean openSocket = false;
 
 
     /**
      * Flag that indicates if the request headers have been completely read.
      */
-    private boolean readComplete = true;
+    private volatile boolean readComplete = true;
 
     /**
      * HTTP/1.1 flag.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ef55841..9f28ce2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -127,6 +127,11 @@
         when user code was doing sequential operations in a single thread.
         Test case code submitted by Istvan Szekely. (remm)
       </fix>
+      <fix>
+        Fix potential thread-safety issue that could cause HTTP/1.1 request
+        processing to wait, and potentially timeout, waiting for additional
+        data when the full request has been received. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to