This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 6627420134 Fix cause of crashes with Native + NIO2 + OpenSSL
6627420134 is described below
commit 66274201341dbdb73ec26237ec111319de54f21b
Author: Mark Thomas <[email protected]>
AuthorDate: Tue Jan 20 23:58:27 2026 +0000
Fix cause of crashes with Native + NIO2 + OpenSSL
Prevent concurrent release of <code>OpenSSLEngine</code> resources and
the termination of the Tomcat Native library as it can cause crashes
during Tomcat shutdown. NIO2 is no longer present in 12.0.x but there
may be rarer crashes with NIO.
---
.../tomcat/util/net/openssl/OpenSSLEngine.java | 22 ++++++++++++++++------
webapps/docs/changelog.xml | 5 +++++
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
index 87505b32b6..4516e0b970 100644
--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
@@ -30,6 +30,7 @@ import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.util.concurrent.locks.Lock;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLEngineResult;
@@ -42,6 +43,7 @@ import javax.net.ssl.SSLSessionContext;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
+import org.apache.tomcat.jni.AprStatus;
import org.apache.tomcat.jni.Buffer;
import org.apache.tomcat.jni.Pool;
import org.apache.tomcat.jni.SSL;
@@ -222,9 +224,9 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
public synchronized void shutdown() {
if (!destroyed) {
destroyed = true;
- cleanable.clean();
// internal errors can cause shutdown without marking the engine
closed
isInboundDone = isOutboundDone = engineClosed = true;
+ cleanable.clean();
ByteBufferUtils.cleanDirectBuffer(buf);
}
}
@@ -1400,11 +1402,19 @@ public final class OpenSSLEngine extends SSLEngine
implements SSLUtil.ProtocolIn
private record OpenSSLState(long ssl, long networkBIO) implements Runnable
{
@Override
public void run() {
- if (networkBIO != 0) {
- SSL.freeBIO(networkBIO);
- }
- if (ssl != 0) {
- SSL.freeSSL(ssl);
+ Lock readLock = AprStatus.getStatusLock().readLock();
+ readLock.lock();
+ try {
+ if (!AprStatus.isAprInitialized()) {
+ if (networkBIO != 0) {
+ SSL.freeBIO(networkBIO);
+ }
+ if (ssl != 0) {
+ SSL.freeSSL(ssl);
+ }
+ }
+ } finally {
+ readLock.unlock();
}
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 6e6a645031..bc4299f918 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -307,6 +307,11 @@
Fix OpenSSL FFM code compatibility with LibreSSL versions below 3.5.
(remm)
</fix>
+ <fix>
+ Prevent concurrent release of <code>OpenSSLEngine</code> resources and
+ the termination of the Tomcat Native library as it might cause crashes
+ during Tomcat shutdown. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
