[tomcat] branch main updated: Fix unsafe map access

Wed, 20 Sep 2023 07:32:33 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 4650fa0953 Fix unsafe map access
4650fa0953 is described below

commit 4650fa09539c285f906ff8ec2dd60b593d76df49
Author: remm <r...@apache.org>
AuthorDate: Wed Sep 20 10:29:26 2023 +0200

    Fix unsafe map access
    
    Although unlikely, concurrent updates (which are synced) are possible.
    Found by coverity.
---
 .../tomcat/util/security/ConcurrentMessageDigest.java    | 16 +++++++---------
 webapps/docs/changelog.xml                               |  3 +++
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java 
b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
index c2d385dfe8..c59a0fe8ea 100644
--- a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
+++ b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
@@ -18,9 +18,9 @@ package org.apache.tomcat.util.security;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Queue;
+import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentLinkedQueue;
 
 import org.apache.tomcat.util.res.StringManager;
@@ -38,7 +38,7 @@ public class ConcurrentMessageDigest {
     private static final String SHA1 = "SHA-1";
 
     private static final Map<String,Queue<MessageDigest>> queues =
-            new HashMap<>();
+            new ConcurrentHashMap<>();
 
 
     private ConcurrentMessageDigest() {
@@ -117,13 +117,11 @@ public class ConcurrentMessageDigest {
      *                                  JVM
      */
     public static void init(String algorithm) throws NoSuchAlgorithmException {
-        synchronized (queues) {
-            if (!queues.containsKey(algorithm)) {
-                MessageDigest md = MessageDigest.getInstance(algorithm);
-                Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
-                queue.add(md);
-                queues.put(algorithm, queue);
-            }
+        if (!queues.containsKey(algorithm)) {
+            MessageDigest md = MessageDigest.getInstance(algorithm);
+            Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
+            queue.add(md);
+            queues.putIfAbsent(algorithm, queue);
         }
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5862f2eae3..2d223df227 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -137,6 +137,9 @@
         Improve thread safety around readNotify and writeNotify in the NIO2
         endpoint. (remm)
       </fix>
+      <fix>
+        Avoid rare thread safety issue accessing message digest map. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to