changelog.xml

markt Tue, 12 Jul 2011 10:50:39 -0700

Author: markt
Date: Tue Jul 12 17:50:11 2011
New Revision: 1145694

URL: http://svn.apache.org/viewvc?rev=1145694&view=rev
Log:
Protect against crashes in the HTTP APR connector if sendfile is configured to 
send more data than is available in the file.


Modified:
    tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
    tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
    tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
    tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java?rev=1145694&r1=1145693&r2=1145694&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/Http11AprProcessor.java Tue Jul 
12 17:50:11 2011
@@ -305,7 +305,18 @@ public class Http11AprProcessor extends 
                 sendfileData.socket = socketRef;
                 sendfileData.keepAlive = keepAlive;
                 if (!((AprEndpoint)endpoint).getSendfile().add(sendfileData)) {
-                    openSocket = true;
+                    if (sendfileData.socket == 0) {
+                        // Didn't send all the data but the socket is no longer
+                        // set. Something went wrong. Close the connection.
+                        // Too late to set status code.
+                        if (log.isDebugEnabled()) {
+                            log.debug(sm.getString(
+                                    "http11processor.sendfile.error"));
+                        }
+                        error = true;
+                    } else {
+                        openSocket = true;
+                    }
                     break;
                 }
             }

Modified: tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties?rev=1145694&r1=1145693&r2=1145694&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/coyote/http11/LocalStrings.properties Tue Jul 
12 17:50:11 2011
@@ -35,6 +35,7 @@ http11processor.socket.ssl=Exception get
 http11processor.socket.sslreneg=Exception re-negotiating SSL connection
 http11processor.socket.timeout=Error setting socket timeout
 http11processor.comet.notsupported=The Comet protocol is not supported by this 
connector
+http11processor.sendfile.error=Error sending data using sendfile. May be 
caused by invalid request attributes for start/end points
 
 iib.eof.error=Unexpected EOF read on the socket
 iib.requestheadertoolarge.error=Request header is too large

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java?rev=1145694&r1=1145693&r2=1145694&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/AprEndpoint.java Tue Jul 12 
17:50:11 2011
@@ -1460,7 +1460,9 @@ public class AprEndpoint extends Abstrac
                                                data.pos, data.end - data.pos, 
0);
                     if (nw < 0) {
                         if (!(-nw == Status.EAGAIN)) {
-                            destroySocket(data.socket);
+                            Pool.destroy(data.fdpool);
+                            // No need to close socket, this will be done by
+                            // calling code since data.socket == 0
                             data.socket = 0;
                             return false;
                         } else {

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1145694&r1=1145693&r2=1145694&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Jul 12 17:50:11 2011
@@ -121,8 +121,9 @@
         is used. Fixes null thread name in access log and JMX MBean. (rjung)
       </fix>
       <fix>
-        Protect against infinite loops in the HTTP NIO connector if sendfile is
-        configured to send more data than is available in the file. (markt)
+        Protect against infinite loops (HTTP NIO) and crashes (HTTP APR) if
+        sendfile is configured to send more data than is available in the file.
+        (markt)
       </fix>
       <fix>
         Prevent NPEs when a socket is closed in non-error conditions after



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1145694 - in /tomcat/trunk: java/org/apache/coyote/http11/Http11AprProcessor.java java/org/apache/coyote/http11/LocalStrings.properties java/org/apache/tomcat/util/net/AprEndpoint.java webapps/docs/changelog.xml

Reply via email to