Re: (tomcat) branch main updated: Fix BZ 67929 - TLS config reload can trigger JVM crash

Mark Thomas Fri, 03 Nov 2023 01:39:58 -0700

On 02/11/2023 21:29, Rémy Maucherat wrote:

On Thu, Nov 2, 2023 at 7:37 PM <ma...@apache.org> wrote:


This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
      new 55e8e599b1 Fix BZ 67929 - TLS config reload can trigger JVM crash
55e8e599b1 is described below

commit 55e8e599b17f512ebdab6860237bed6f73096321
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Nov 2 18:26:01 2023 +0000

     Fix BZ 67929 - TLS config reload can trigger JVM crash
---
  java/org/apache/tomcat/util/net/SSLHostConfig.java            | 4 ++--
  java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 2 +-
  webapps/docs/changelog.xml                                    | 4 ++++
  3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index a447c7fec0..9917fe6673 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -73,11 +73,11 @@ public class SSLHostConfig implements Serializable {

      private String hostName = DEFAULT_SSL_HOST_NAME;

-    private transient Long openSslConfContext = Long.valueOf(0);
+    private transient volatile Long openSslConfContext = Long.valueOf(0);
      // OpenSSL can handle multiple certs in a single config so the reference 
to
      // the context is here at the virtual host level. JSSE can't so the
      // reference is held on the certificate.
-    private transient Long openSslContext = Long.valueOf(0);
+    private transient volatile Long openSslContext = Long.valueOf(0);


I don't understand the purpose of this (in trunk).
This is only used by the manager servlet (as a pseudo boolean) to
display various certificate info, but then the default (when it is 0)
should work fine anyway.
Am I missing anything ?

At the time I ported this from 9.0.x to 10.1.x and 11.0.x I was onlylooking at which parts of the 9.0.x would not apply due to the removalof APR. I wasn't looking at how the code was used in 10.1.x and 11.0.x.

Your are right that neither of the above changes are going to impact thestability of the Connector during reload as they play no part in TLSconnections.

Having thought about it some more this morning, the only argument I havefor keeping these changes is that it keeps the code aligned betweenversions. That isn't a great argument as we could always add a commentin 9.0.x and 8.5.x to ensure that volatile was retained.


Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: (tomcat) branch main updated: Fix BZ 67929 - TLS config reload can trigger JVM crash

Reply via email to