(tomcat) branch 10.1.x updated: Using cleanups here to improve safety

Fri, 27 Oct 2023 05:39:47 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 7ed0893eb5 Using cleanups here to improve safety
7ed0893eb5 is described below

commit 7ed0893eb50cd87a4db32dd3246b288d112062ab
Author: remm <r...@apache.org>
AuthorDate: Fri Oct 27 14:39:08 2023 +0200

    Using cleanups here to improve safety
    
    Otherwise, the segments are still alive after the actual free operation.
    This way the check will fail before the actual deallocation.
---
 .../util/net/openssl/panama/OpenSSLContext.java    | 27 +++++++++++++---------
 .../util/net/openssl/panama/OpenSSLEngine.java     | 24 +++++++++++--------
 2 files changed, 31 insertions(+), 20 deletions(-)

diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
index 65de58247e..81100fc323 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLContext.java
@@ -43,6 +43,7 @@ import java.util.Base64;
 import java.util.Iterator;
 import java.util.List;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Consumer;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLEngine;
@@ -1458,9 +1459,20 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
             this.negotiableProtocols = negotiableProtocols;
             // Use another arena to avoid keeping a reference through segments
             // This also allows making further accesses to the main pointers 
safer
-            this.sslCtx = sslCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), 
stateArena, null);
+            this.sslCtx = sslCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), 
stateArena,
+                    new Consumer<MemorySegment>() {
+                        @Override
+                        public void accept(MemorySegment t) {
+                            SSL_CTX_free(t);
+                        }});
             if (!MemorySegment.NULL.equals(confCtx)) {
-                this.confCtx = 
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena, null);
+                this.confCtx = 
confCtx.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
+                        new Consumer<MemorySegment>() {
+                            @Override
+                            public void accept(MemorySegment t) {
+                                SSL_CONF_CTX_free(t);
+                            }
+                });
             } else {
                 this.confCtx = null;
             }
@@ -1468,15 +1480,8 @@ public class OpenSSLContext implements 
org.apache.tomcat.util.net.SSLContext {
 
         @Override
         public void run() {
-            try {
-                states.remove(Long.valueOf(sslCtx.address()));
-                SSL_CTX_free(sslCtx);
-                if (confCtx != null) {
-                    SSL_CONF_CTX_free(confCtx);
-                }
-            } finally {
-                stateArena.close();
-            }
+            states.remove(Long.valueOf(sslCtx.address()));
+            stateArena.close();
         }
     }
 }
diff --git 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
index 4ef4f41c12..bd23503956 100644
--- 
a/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
+++ 
b/modules/openssl-foreign/src/main/java/org/apache/tomcat/util/net/openssl/panama/OpenSSLEngine.java
@@ -47,6 +47,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
+import java.util.function.Consumer;
 
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLEngineResult;
@@ -1740,19 +1741,24 @@ public final class OpenSSLEngine extends SSLEngine 
implements SSLUtil.ProtocolIn
             this.noOcspCheck = noOcspCheck;
             // Use another arena to avoid keeping a reference through segments
             // This also allows making further accesses to the main pointers 
safer
-            this.ssl = ssl.reinterpret(ValueLayout.ADDRESS.byteSize(), 
stateArena, null);
-            this.networkBIO = 
networkBIO.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena, null);
+            this.ssl = ssl.reinterpret(ValueLayout.ADDRESS.byteSize(), 
stateArena,
+                    new Consumer<MemorySegment>() {
+                @Override
+                public void accept(MemorySegment t) {
+                    SSL_free(t);
+                }});
+            this.networkBIO = 
networkBIO.reinterpret(ValueLayout.ADDRESS.byteSize(), stateArena,
+                    new Consumer<MemorySegment>() {
+                @Override
+                public void accept(MemorySegment t) {
+                    BIO_free(t);
+                }});
         }
 
         @Override
         public void run() {
-            try {
-                states.remove(Long.valueOf(ssl.address()));
-                BIO_free(networkBIO);
-                SSL_free(ssl);
-            } finally {
-                stateArena.close();
-            }
+            states.remove(Long.valueOf(ssl.address()));
+            stateArena.close();
         }
     }
 }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to