This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4650fa0953 Fix unsafe map access
4650fa0953 is described below
commit 4650fa09539c285f906ff8ec2dd60b593d76df49
Author: remm <[email protected]>
AuthorDate: Wed Sep 20 10:29:26 2023 +0200
Fix unsafe map access
Although unlikely, concurrent updates (which are synced) are possible.
Found by coverity.
---
.../tomcat/util/security/ConcurrentMessageDigest.java | 16 +++++++---------
webapps/docs/changelog.xml | 3 +++
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
index c2d385dfe8..c59a0fe8ea 100644
--- a/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
+++ b/java/org/apache/tomcat/util/security/ConcurrentMessageDigest.java
@@ -18,9 +18,9 @@ package org.apache.tomcat.util.security;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
-import java.util.HashMap;
import java.util.Map;
import java.util.Queue;
+import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentLinkedQueue;
import org.apache.tomcat.util.res.StringManager;
@@ -38,7 +38,7 @@ public class ConcurrentMessageDigest {
private static final String SHA1 = "SHA-1";
private static final Map<String,Queue<MessageDigest>> queues =
- new HashMap<>();
+ new ConcurrentHashMap<>();
private ConcurrentMessageDigest() {
@@ -117,13 +117,11 @@ public class ConcurrentMessageDigest {
* JVM
*/
public static void init(String algorithm) throws NoSuchAlgorithmException {
- synchronized (queues) {
- if (!queues.containsKey(algorithm)) {
- MessageDigest md = MessageDigest.getInstance(algorithm);
- Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
- queue.add(md);
- queues.put(algorithm, queue);
- }
+ if (!queues.containsKey(algorithm)) {
+ MessageDigest md = MessageDigest.getInstance(algorithm);
+ Queue<MessageDigest> queue = new ConcurrentLinkedQueue<>();
+ queue.add(md);
+ queues.putIfAbsent(algorithm, queue);
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5862f2eae3..2d223df227 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -137,6 +137,9 @@
Improve thread safety around readNotify and writeNotify in the NIO2
endpoint. (remm)
</fix>
+ <fix>
+ Avoid rare thread safety issue accessing message digest map. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
