This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push: new d51e8c6 Fix potential resource leaks on exception paths d51e8c6 is described below commit d51e8c63795bf318b5b7999a60b89ca3ece243d4 Author: Mark Thomas <ma...@apache.org> AuthorDate: Wed Apr 17 16:16:53 2019 +0100 Fix potential resource leaks on exception paths Identified by Coverity scan --- .../org/apache/catalina/realm/DataSourceRealm.java | 95 +++++++--------------- webapps/docs/changelog.xml | 4 + 2 files changed, 34 insertions(+), 65 deletions(-) diff --git a/java/org/apache/catalina/realm/DataSourceRealm.java b/java/org/apache/catalina/realm/DataSourceRealm.java index 0868241..a30fe26 100644 --- a/java/org/apache/catalina/realm/DataSourceRealm.java +++ b/java/org/apache/catalina/realm/DataSourceRealm.java @@ -429,29 +429,31 @@ public class DataSourceRealm extends RealmBase { } } + /** * Return the password associated with the given principal's user name. + * * @param dbConnection The database connection to be used * @param username Username for which password should be retrieved + * * @return the password for the specified user */ - protected String getPassword(Connection dbConnection, - String username) { + protected String getPassword(Connection dbConnection, String username) { String dbCredentials = null; - try (PreparedStatement stmt = credentials(dbConnection, username); - ResultSet rs = stmt.executeQuery()) { - if (rs.next()) { - dbCredentials = rs.getString(1); - } + try (PreparedStatement stmt = dbConnection.prepareStatement(preparedCredentials)) { + stmt.setString(1, username); - return (dbCredentials != null) ? dbCredentials.trim() : null; + try (ResultSet rs = stmt.executeQuery()) { + if (rs.next()) { + dbCredentials = rs.getString(1); + } + return (dbCredentials != null) ? dbCredentials.trim() : null; + } } catch (SQLException e) { - containerLog.error( - sm.getString("dataSourceRealm.getPassword.exception", - username), e); + containerLog.error(sm.getString("dataSourceRealm.getPassword.exception", username), e); } return null; @@ -501,14 +503,16 @@ public class DataSourceRealm extends RealmBase { } } + /** - * Return the roles associated with the given user name + * Return the roles associated with the given user name. + * * @param dbConnection The database connection to be used * @param username User name for which roles should be retrieved + * * @return an array list of the role names */ - protected ArrayList<String> getRoles(Connection dbConnection, - String username) { + protected ArrayList<String> getRoles(Connection dbConnection, String username) { if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) { // Using an authentication only configuration and no role store has @@ -518,66 +522,27 @@ public class DataSourceRealm extends RealmBase { ArrayList<String> list = null; - try (PreparedStatement stmt = roles(dbConnection, username); - ResultSet rs = stmt.executeQuery()) { - list = new ArrayList<>(); + try (PreparedStatement stmt = dbConnection.prepareStatement(preparedRoles)) { + stmt.setString(1, username); - while (rs.next()) { - String role = rs.getString(1); - if (role != null) { - list.add(role.trim()); + try (ResultSet rs = stmt.executeQuery()) { + list = new ArrayList<>(); + + while (rs.next()) { + String role = rs.getString(1); + if (role != null) { + list.add(role.trim()); + } } + return list; } - return list; } catch(SQLException e) { - containerLog.error( - sm.getString("dataSourceRealm.getRoles.exception", username), e); + containerLog.error(sm.getString("dataSourceRealm.getRoles.exception", username), e); } return null; } - /** - * Return a PreparedStatement configured to perform the SELECT required - * to retrieve user credentials for the specified username. - * - * @param dbConnection The database connection to be used - * @param username User name for which credentials should be retrieved - * @return the prepared statement - * @exception SQLException if a database error occurs - */ - private PreparedStatement credentials(Connection dbConnection, - String username) - throws SQLException { - - PreparedStatement credentials = - dbConnection.prepareStatement(preparedCredentials); - - credentials.setString(1, username); - return (credentials); - - } - - /** - * Return a PreparedStatement configured to perform the SELECT required - * to retrieve user roles for the specified username. - * - * @param dbConnection The database connection to be used - * @param username User name for which roles should be retrieved - * @return the prepared statement - * @exception SQLException if a database error occurs - */ - private PreparedStatement roles(Connection dbConnection, String username) - throws SQLException { - - PreparedStatement roles = - dbConnection.prepareStatement(preparedRoles); - - roles.setString(1, username); - return (roles); - - } - private boolean isRoleStoreDefined() { return userRoleTable != null || roleNameCol != null; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index c843b0a..a417b9a 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -63,6 +63,10 @@ Fix a potential resource leak when running a web application from a WAR file. Identified by Coverity scan. (markt) </fix> + <fix> + Fix a potential resource leak on some exception paths in the + <code>DataSourceRealm</code>. Identified by Coverity scan. (markt) + </fix> </changelog> </subsection> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org