Author: kkolinko
Date: Wed Jan 27 09:19:38 2010
New Revision: 903577
URL: http://svn.apache.org/viewvc?rev=903577&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47744
Prevent medium term memory leak if using SSL under a security manager
Based on a patch by Greg Vanore
Modified:
tomcat/tc5.5.x/trunk/STATUS.txt
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
Modified: tomcat/tc5.5.x/trunk/STATUS.txt
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/STATUS.txt?rev=903577&r1=903576&r2=903577&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/STATUS.txt (original)
+++ tomcat/tc5.5.x/trunk/STATUS.txt Wed Jan 27 09:19:38 2010
@@ -174,13 +174,6 @@
+1: markt, rjung
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47744
- Prevent medium term memory leak if using SSL under a security manager
- Based on a patch by Greg Vanore
- http://svn.apache.org/viewvc?rev=890350&view=rev
- +1: markt, rjung, kkolinko
- -1:
-
* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=47963
Prevent use of non-RFC2616 compliant custom status messages
http://svn.apache.org/viewvc?rev=892612&view=rev
Modified:
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java?rev=903577&r1=903576&r2=903577&view=diff
==============================================================================
---
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
(original)
+++
tomcat/tc5.5.x/trunk/connectors/util/java/org/apache/tomcat/util/net/jsse/JSSESupport.java
Wed Jan 27 09:19:38 2010
@@ -20,6 +20,8 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
+import java.util.Map;
+import java.util.WeakHashMap;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -45,6 +47,10 @@
private static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(JSSESupport.class);
+ // Map<SSLSession,Integer>
+ private static final Map keySizeCache =
+ new WeakHashMap();
+
protected SSLSocket ssl;
@@ -138,7 +144,12 @@
SSLSupport.CipherData c_aux[]=ciphers;
if (session == null)
return null;
- Integer keySize = (Integer) session.getValue(KEY_SIZE_KEY);
+
+ Integer keySize = null;
+ synchronized(keySizeCache) {
+ keySize = (Integer) keySizeCache.get(session);
+ }
+
if (keySize == null) {
int size = 0;
String cipherSuite = session.getCipherSuite();
@@ -149,7 +160,9 @@
}
}
keySize = new Integer(size);
- session.putValue(KEY_SIZE_KEY, keySize);
+ synchronized(keySizeCache) {
+ keySizeCache.put(session, keySize);
+ }
}
return keySize;
}
Modified: tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml?rev=903577&r1=903576&r2=903577&view=diff
==============================================================================
--- tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml (original)
+++ tomcat/tc5.5.x/trunk/container/webapps/docs/changelog.xml Wed Jan 27
09:19:38 2010
@@ -156,6 +156,11 @@
mapper. (markt)
</fix>
<fix>
+ <bug>47744</bug>: Prevent a medium term memory leak if using SSl with
+ the JSSE provider and also using a security manager. Based on a patch
by
+ Greg Vanore. (markt)
+ </fix>
+ <fix>
CVE-2009-3555. Provide option to disable legacy SSL renegotiation.
(markt/costin)
</fix>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
