(tomcat) branch 10.1.x updated: Fix BZ 67929 - TLS config reload can trigger JVM crash

Thu, 02 Nov 2023 11:36:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new 95208c4a14 Fix BZ 67929 - TLS config reload can trigger JVM crash
95208c4a14 is described below

commit 95208c4a14cf8fe03518b2c4fbb84060f740589e
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Thu Nov 2 18:26:01 2023 +0000

    Fix BZ 67929 - TLS config reload can trigger JVM crash
---
 java/org/apache/tomcat/util/net/SSLHostConfig.java            | 4 ++--
 java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java | 2 +-
 webapps/docs/changelog.xml                                    | 4 ++++
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/tomcat/util/net/SSLHostConfig.java 
b/java/org/apache/tomcat/util/net/SSLHostConfig.java
index a447c7fec0..9917fe6673 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfig.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfig.java
@@ -73,11 +73,11 @@ public class SSLHostConfig implements Serializable {
 
     private String hostName = DEFAULT_SSL_HOST_NAME;
 
-    private transient Long openSslConfContext = Long.valueOf(0);
+    private transient volatile Long openSslConfContext = Long.valueOf(0);
     // OpenSSL can handle multiple certs in a single config so the reference to
     // the context is here at the virtual host level. JSSE can't so the
     // reference is held on the certificate.
-    private transient Long openSslContext = Long.valueOf(0);
+    private transient volatile Long openSslContext = Long.valueOf(0);
 
     private boolean tls13RenegotiationAvailable = false;
 
diff --git a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java 
b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
index 68a6d2d378..4b7b2a4c70 100644
--- a/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
+++ b/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
@@ -53,7 +53,7 @@ public class SSLHostConfigCertificate implements Serializable 
{
     // OpenSSL can handle multiple certs in a single config so the reference to
     // the context is at the virtual host level. JSSE can't so the reference is
     // held here on the certificate.
-    private transient SSLContext sslContext;
+    private transient volatile SSLContext sslContext;
 
     // Common
     private final SSLHostConfig sslHostConfig;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 861dc68a28..480626a10f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -169,6 +169,10 @@
         than the combinations supported by the JVM by default. Specifically,
         support the OpenSSL default of HmacSHA256 and DES-EDE3-CBC. (markt)
       </fix>
+      <fix>
+        <bug>67927</bug>: Reloading TLS configuration can cause the Connector 
to
+        refuse new connections or the JVM to crash. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to