(tomcat) branch main updated: Fix race condition in HTTP/2 stream reset. Fixes 500 responses.

Wed, 26 Feb 2025 08:30:20 -0800 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new 6318783952 Fix race condition in HTTP/2 stream reset. Fixes 500 
responses.
6318783952 is described below

commit 63187839521a26c1b7d0a1c076ce6a331cf8b035
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Wed Feb 26 16:28:21 2025 +0000

    Fix race condition in HTTP/2 stream reset. Fixes 500 responses.
---
 java/org/apache/coyote/http2/Stream.java | 21 ++++++++++++++++-----
 webapps/docs/changelog.xml               |  4 ++++
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/coyote/http2/Stream.java 
b/java/org/apache/coyote/http2/Stream.java
index 2efe820f3a..427bd4e97f 100644
--- a/java/org/apache/coyote/http2/Stream.java
+++ b/java/org/apache/coyote/http2/Stream.java
@@ -1413,11 +1413,22 @@ class Stream extends AbstractNonZeroStream implements 
HeaderEmitter {
                 readStateLock.unlock();
             }
 
-            // Trigger ReadListener.onError()
-            getCoyoteRequest().setAttribute(RequestDispatcher.ERROR_EXCEPTION,
-                    new 
IOException(sm.getString("stream.clientResetRequest")));
-            coyoteRequest.action(ActionCode.DISPATCH_ERROR, null);
-            coyoteRequest.action(ActionCode.DISPATCH_EXECUTE, null);
+            /*
+             * There is a potential race between a reset being received by the 
Http2UpgradeHandler and the
+             * StreamProcessor recycling the Stream. The use of recycledLock 
ensures that an attempt is not made to
+             * notify the ReadListener after the Stream has been recycled.
+             */
+            if (!recycled) {
+                synchronized (recycledLock) {
+                    if (!recycled) {
+                        // Trigger ReadListener.onError()
+                        
getCoyoteRequest().setAttribute(RequestDispatcher.ERROR_EXCEPTION,
+                                new 
IOException(sm.getString("stream.clientResetRequest")));
+                        coyoteRequest.action(ActionCode.DISPATCH_ERROR, null);
+                        coyoteRequest.action(ActionCode.DISPATCH_EXECUTE, 
null);
+                    }
+                }
+            }
         }
 
         @Override
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5f0741cc28..e22e6bb796 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -191,6 +191,10 @@
         <code>Content-Encoding</code> if the client submits a <code>TE</code>
         header containing <code>gzip</code>. (remm)
       </update>
+      <fix>
+        Fix a race condition in the handling of HTTP/2 stream reset that could
+        cause unexpected 500 responses. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to