buildbot success in on tomcat-trunk
The Buildbot has detected a restored build on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5637 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 5ee9947fee01b7fa3e95d51a3092e9f5556d6df8 Blamelist: remm Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 7aab38f Avoid possible infinite loop in unwrap 7aab38f is described below commit 7aab38f545cbac418edcc42874b791e45bf8a8f5 Author: remm AuthorDate: Thu Jan 21 21:18:44 2021 +0100 Avoid possible infinite loop in unwrap As described in the testcase and debug info for 64771, an infinite loop can occur if the buffers state changes concurrently to unwrap. The capacity is set at the beginning of the method. If the last buffer remaining becomes 0 for some reason, then idx will become equal to endOffset and the code will loop endlessly, as long as pendingReadableBytesInSSL returns > 0. In that particular case, break the loop with an ISE that will allow noticing the issue. --- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 + webapps/docs/changelog.xml | 4 3 files changed, 10 insertions(+) diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties index 3606acd..84990f3 100644 --- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties @@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed engine.failedCipherSuite=Failed to enable cipher suite [{0}] engine.inboundClose=Inbound closed before receiving peer's close_notify engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) +engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the engine to only resuming existing sessions engine.noSSLContext=No SSL context engine.noSession=SSL session ID not available diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java index e48acb4..cdd0617 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java @@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } while (pendingApp > 0) { +if (idx == endOffset) { +// Destination buffer state changed (no remaining space although +// capacity is still available), so break loop with an error +throw new IllegalStateException(sm.getString("engine.invalidDestinationBuffersState")); +} // Write decrypted data to dsts buffers while (idx < endOffset) { ByteBuffer dst = dsts[idx]; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3861161..937e544 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -175,6 +175,10 @@ 65001: Fix error handling for exceptions throw from calls to ReadListener and WriteListener. (markt) + +Avoid possible infinite loop in OpenSSLEngine.unwrap +when the destination buffers state is changed concurrently. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 95ceaf7 Avoid possible infinite loop in unwrap 95ceaf7 is described below commit 95ceaf7b322eef7bc913d031a76306fd53c0cc48 Author: remm AuthorDate: Thu Jan 21 21:18:44 2021 +0100 Avoid possible infinite loop in unwrap As described in the testcase and debug info for 64771, an infinite loop can occur if the buffers state changes concurrently to unwrap. The capacity is set at the beginning of the method. If the last buffer remaining becomes 0 for some reason, then idx will become equal to endOffset and the code will loop endlessly, as long as pendingReadableBytesInSSL returns > 0. In that particular case, break the loop with an ISE that will allow noticing the issue. --- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 + webapps/docs/changelog.xml | 4 3 files changed, 10 insertions(+) diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties index 3606acd..84990f3 100644 --- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties @@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed engine.failedCipherSuite=Failed to enable cipher suite [{0}] engine.inboundClose=Inbound closed before receiving peer's close_notify engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) +engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the engine to only resuming existing sessions engine.noSSLContext=No SSL context engine.noSession=SSL session ID not available diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java index e48acb4..cdd0617 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java @@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } while (pendingApp > 0) { +if (idx == endOffset) { +// Destination buffer state changed (no remaining space although +// capacity is still available), so break loop with an error +throw new IllegalStateException(sm.getString("engine.invalidDestinationBuffersState")); +} // Write decrypted data to dsts buffers while (idx < endOffset) { ByteBuffer dst = dsts[idx]; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index effbe27..c9010e8 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -175,6 +175,10 @@ 65001: Fix error handling for exceptions throw from calls to ReadListener and WriteListener. (markt) + +Avoid possible infinite loop in OpenSSLEngine.unwrap +when the destination buffers state is changed concurrently. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Avoid possible infinite loop in unwrap
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 5ee9947 Avoid possible infinite loop in unwrap 5ee9947 is described below commit 5ee9947fee01b7fa3e95d51a3092e9f5556d6df8 Author: remm AuthorDate: Thu Jan 21 21:18:44 2021 +0100 Avoid possible infinite loop in unwrap As described in the testcase and debug info for 64771, an infinite loop can occur if the buffers state changes concurrently to unwrap. The capacity is set at the beginning of the method. If the last buffer remaining becomes 0 for some reason, then idx will become equal to endOffset and the code will loop endlessly, as long as pendingReadableBytesInSSL returns > 0. In that particular case, break the loop with an ISE that will allow noticing the issue. --- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 + java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java | 5 + webapps/docs/changelog.xml | 4 3 files changed, 10 insertions(+) diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties index 3606acd..84990f3 100644 --- a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties +++ b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties @@ -19,6 +19,7 @@ engine.engineClosed=Engine is closed engine.failedCipherSuite=Failed to enable cipher suite [{0}] engine.inboundClose=Inbound closed before receiving peer's close_notify engine.invalidBufferArray=offset: [{0}], length: [{1}] (expected: offset <= offset + length <= srcs.length [{2}]) +engine.invalidDestinationBuffersState=The state of the destination buffers changed concurrently while unwrapping bytes engine.noRestrictSessionCreation=OpenSslEngine does not permit restricting the engine to only resuming existing sessions engine.noSSLContext=No SSL context engine.noSession=SSL session ID not available diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java index e48acb4..cdd0617 100644 --- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java +++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java @@ -567,6 +567,11 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn } while (pendingApp > 0) { +if (idx == endOffset) { +// Destination buffer state changed (no remaining space although +// capacity is still available), so break loop with an error +throw new IllegalStateException(sm.getString("engine.invalidDestinationBuffersState")); +} // Write decrypted data to dsts buffers while (idx < endOffset) { ByteBuffer dst = dsts[idx]; diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 0c6316b..4ff2839 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -175,6 +175,10 @@ 65001: Fix error handling for exceptions throw from calls to ReadListener and WriteListener. (markt) + +Avoid possible infinite loop in OpenSSLEngine.unwrap +when the destination buffers state is changed concurrently. (remm) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 --- Comment #11 from Mark Thomas --- The reproducer provided in the Spring issue uses Tomcat 9.0.41 and that has the available() fixes. Bug 65001 might be a factor and that is a post 9.0.41 fix but since I can't reproduce the issue, I can't test that. I'll point the OP of the Spring issue to the snapshots to see if that helps. My current thoughts are this is not a Tomcat issue as per my comment on the Spring issue. I agree with your ISE suggestion to catch his state. Async code is easy to get wrong and we should be defensive where practical. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
Hmm, makes me think about two comments: 1. Looks like a custom formatter not matching inline syntax of abstract logging valve so maybe extract the parser/element factory in a class reusable by multiple implementations. 2. Your pre and post are specific to json but dont enable native json since null case will need a default and details like that dont make it too json friendly. Id rather use element extractors to create a json object i would jsonb.toJson before logging. It also brings another issue which is in some cases you will want to batch json log lines in arrays for faster sending - when not using docker json logging driver typically but directly pushing to solr/elasticsearch for ex. So overall a new valve creating a JsonRecord and serialized to string -or just using jsongenerator - is way easier for your use case imo than making the default valve abstracted which will require a lot of details. However, being able to list the elements to log and reusing logging valve element factory impl can ease it to be configurable so this is the part i would extract and then i would just do a JsonLoggingValve using a list of elements - not a real string pattern hut a list. Only code to import for json support looks like the string escaping (can be copied from johnzon Strings class or log4j2 equivalent class, it is small and avoids any dep). Hope it makes sense and helps a bit to solve your need. Side note: such a valve is already embeddable in your app enabling to have any custom dependency if it helps. Le jeu. 21 janv. 2021 à 16:03, Thomas Meyer a écrit : > On Thu, Jan 21, 2021 at 03:28:12PM +0100, Romain Manni-Bucau wrote: > > Hi > > Hi, > > > Why cant it be added as element earlier at pattern parsing time? Would > > avoid to have two particular cases and keep current pattern/impl. > > A %java or so sounds more natural no? > > Mhh, maybe I just share my idea of the concrete implementation, so you see > what I want to do: > > Premise: The JUL logging is configured to log all below to an own handler. > > public class LoggingAccessLogValve extends AbstractAccessLogValve { > > private static final Log log = > LogFactory.getLog(LoggingAccessLogValve.class); > private Map writers = new > WeakHashMap<>(); > > @Override > protected void log(CharArrayWriter message) { > if(log.isInfoEnabled()) { > log.info(message); > } > } > > protected void preLogAddElement(CharArrayWriter result) { > JsonGenerator jsonWriter = Json.createGenerator(result); > synchronized (this) { > writers.put(result,jsonWriter); > } > jsonWriter.writeStartObject(); > } > > protected void postLogAddElement(CharArrayWriter result) { > JsonGenerator jsonWriter = null; > synchronized (this) { > jsonWriter = writers.remove(result); > } > if(jsonWriter != null) { > jsonWriter.writeEnd(); > jsonWriter.close(); > } > } > > private class JsonAccessLogElementWrapper implements > AccessLogElement { > > private final String jsonAttributeName; > private final AccessLogElement delegate; > > public JsonAccessLogElementWrapper(AccessLogElement e, > String name) { > delegate = e; > jsonAttributeName = name; > } > > @Override > public void addElement(CharArrayWriter buf, Date date, > Request request, Response response, long time) { > JsonGenerator jsonWriter = null; > synchronized (this) { > jsonWriter = writers.get(buf); > } > if(jsonWriter == null) { > // TODO: add warn > return; > } > > // TODO: maybe even use stack/cache of > CharyArrayWriter here, too > CharArrayWriter writer = new CharArrayWriter(); > delegate.addElement(writer, date, request, > response, time); > jsonWriter.write(jsonAttributeName, > writer.toString()); > } > } > > @Override > protected AccessLogElement createAccessLogElement(String name, > char pattern) { > AccessLogElement e = super.createAccessLogElement(name, > pattern); > return new JsonAccessLogElementWrapper(e, mapName(e) + '-' > + name); > } > > @Override > protected AccessLogElement createAccessLogElement(char pattern) { > AccessLogElement e = super.createAccessLogElement(pattern); > re
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
On Thu, Jan 21, 2021 at 03:28:12PM +0100, Romain Manni-Bucau wrote: > Hi Hi, > Why cant it be added as element earlier at pattern parsing time? Would > avoid to have two particular cases and keep current pattern/impl. > A %java or so sounds more natural no? Mhh, maybe I just share my idea of the concrete implementation, so you see what I want to do: Premise: The JUL logging is configured to log all below to an own handler. public class LoggingAccessLogValve extends AbstractAccessLogValve { private static final Log log = LogFactory.getLog(LoggingAccessLogValve.class); private Map writers = new WeakHashMap<>(); @Override protected void log(CharArrayWriter message) { if(log.isInfoEnabled()) { log.info(message); } } protected void preLogAddElement(CharArrayWriter result) { JsonGenerator jsonWriter = Json.createGenerator(result); synchronized (this) { writers.put(result,jsonWriter); } jsonWriter.writeStartObject(); } protected void postLogAddElement(CharArrayWriter result) { JsonGenerator jsonWriter = null; synchronized (this) { jsonWriter = writers.remove(result); } if(jsonWriter != null) { jsonWriter.writeEnd(); jsonWriter.close(); } } private class JsonAccessLogElementWrapper implements AccessLogElement { private final String jsonAttributeName; private final AccessLogElement delegate; public JsonAccessLogElementWrapper(AccessLogElement e, String name) { delegate = e; jsonAttributeName = name; } @Override public void addElement(CharArrayWriter buf, Date date, Request request, Response response, long time) { JsonGenerator jsonWriter = null; synchronized (this) { jsonWriter = writers.get(buf); } if(jsonWriter == null) { // TODO: add warn return; } // TODO: maybe even use stack/cache of CharyArrayWriter here, too CharArrayWriter writer = new CharArrayWriter(); delegate.addElement(writer, date, request, response, time); jsonWriter.write(jsonAttributeName, writer.toString()); } } @Override protected AccessLogElement createAccessLogElement(String name, char pattern) { AccessLogElement e = super.createAccessLogElement(name, pattern); return new JsonAccessLogElementWrapper(e, mapName(e) + '-' + name); } @Override protected AccessLogElement createAccessLogElement(char pattern) { AccessLogElement e = super.createAccessLogElement(pattern); return new JsonAccessLogElementWrapper(e, mapName(e)); } private String mapName(AccessLogElement e) { if(e instanceof RemoteAddrElement) { return "remoteAddr"; } else if(e instanceof HostElement) { return "host"; // TODO: finish } throw new IllegalArgumentException(); } } so what do you think about this approach? mfg thomas > > Le jeu. 21 janv. 2021 à 13:59, Thomas Meyer a écrit : > > > a sub class can extend before and after the addElement loop to > > establish a context via thread-dependend CharArrayWriter object. > > --- > > java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 + > > 1 file changed, 5 insertions(+) > > > > diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java > > b/java/org/apache/catalina/valves/AbstractAccessLogValve.java > > index e23f49d3a5..5e774c2320 100644 > > --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java > > +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java > > @@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends > > ValveBase implements Access > > result = new CharArrayWriter(128); > > } > > > > +preLogAddElement(result); > > for (int i = 0; i < logElements.length; i++) { > > logElements[i].addElement(result, date, request, response, > > time); > > } > > +postLogAddElement(result); > > > > log(result); > > > > @@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends > > ValveBase implements Access > > > > // --
Re: [PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
Hi Why cant it be added as element earlier at pattern parsing time? Would avoid to have two particular cases and keep current pattern/impl. A %java or so sounds more natural no? Le jeu. 21 janv. 2021 à 13:59, Thomas Meyer a écrit : > a sub class can extend before and after the addElement loop to > establish a context via thread-dependend CharArrayWriter object. > --- > java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java > b/java/org/apache/catalina/valves/AbstractAccessLogValve.java > index e23f49d3a5..5e774c2320 100644 > --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java > +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java > @@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends > ValveBase implements Access > result = new CharArrayWriter(128); > } > > +preLogAddElement(result); > for (int i = 0; i < logElements.length; i++) { > logElements[i].addElement(result, date, request, response, > time); > } > +postLogAddElement(result); > > log(result); > > @@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends > ValveBase implements Access > > // Protected > Methods > > +protected void preLogAddElement(CharArrayWriter result) {} > +protected void postLogAddElement(CharArrayWriter result) {} > + > /** > * Log the specified message. > * > -- > 2.20.1 > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
On 21/01/2021 14:17, Christopher Schultz wrote: > Mark, > > On 1/21/21 09:15, Mark Thomas wrote: >> On 21/01/2021 13:51, Christopher Schultz wrote: >>> Mark, >>> >>> On 1/20/21 11:58, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 7c3fb67 File separator, not path separator >>> >>> Any reason not to use java.nio.Path here instead of a String? >> >> I assume you mean java.nio.file.Path > > Yep. > >> Tomcat 7 has a minimum requirement of Java 6 and Path is only available >> from Java 7 onwards. > > Oh, right. :( > > I'd complain about "legacy Java versions" except that I'm still deployed > on Java 8 wah wahhh. A little over 2 months and we can say goodbye to Java 6 support... .. and we'll be able to advance to the dizzy heights of Java 7 as a minimum :) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
Mark, On 1/21/21 09:15, Mark Thomas wrote: On 21/01/2021 13:51, Christopher Schultz wrote: Mark, On 1/20/21 11:58, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 7c3fb67 File separator, not path separator Any reason not to use java.nio.Path here instead of a String? I assume you mean java.nio.file.Path Yep. Tomcat 7 has a minimum requirement of Java 6 and Path is only available from Java 7 onwards. Oh, right. :( I'd complain about "legacy Java versions" except that I'm still deployed on Java 8 wah wahhh. -chris Mark -chris 7c3fb67 is described below commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7 Author: Mark Thomas AuthorDate: Wed Jan 20 16:38:32 2021 + File separator, not path separator --- java/org/apache/catalina/util/FileUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/util/FileUtil.java b/java/org/apache/catalina/util/FileUtil.java index d25bde7..c8a69cb 100644 --- a/java/org/apache/catalina/util/FileUtil.java +++ b/java/org/apache/catalina/util/FileUtil.java @@ -26,8 +26,8 @@ public class FileUtil { public FileUtil(File f) throws IOException { String path = f.getCanonicalPath(); - if (!path.endsWith(File.pathSeparator)) { - path += File.pathSeparatorChar; + if (!path.endsWith(File.separator)) { + path += File.separatorChar; } canonicalPath = path; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
On 21/01/2021 13:51, Christopher Schultz wrote: > Mark, > > On 1/20/21 11:58, ma...@apache.org wrote: >> This is an automated email from the ASF dual-hosted git repository. >> >> markt pushed a commit to branch 7.0.x >> in repository https://gitbox.apache.org/repos/asf/tomcat.git >> >> >> The following commit(s) were added to refs/heads/7.0.x by this push: >> new 7c3fb67 File separator, not path separator > > Any reason not to use java.nio.Path here instead of a String? I assume you mean java.nio.file.Path Tomcat 7 has a minimum requirement of Java 6 and Path is only available from Java 7 onwards. Mark > > -chris > >> 7c3fb67 is described below >> >> commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7 >> Author: Mark Thomas >> AuthorDate: Wed Jan 20 16:38:32 2021 + >> >> File separator, not path separator >> --- >> java/org/apache/catalina/util/FileUtil.java | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/java/org/apache/catalina/util/FileUtil.java >> b/java/org/apache/catalina/util/FileUtil.java >> index d25bde7..c8a69cb 100644 >> --- a/java/org/apache/catalina/util/FileUtil.java >> +++ b/java/org/apache/catalina/util/FileUtil.java >> @@ -26,8 +26,8 @@ public class FileUtil { >> public FileUtil(File f) throws IOException { >> String path = f.getCanonicalPath(); >> - if (!path.endsWith(File.pathSeparator)) { >> - path += File.pathSeparatorChar; >> + if (!path.endsWith(File.separator)) { >> + path += File.separatorChar; >> } >> canonicalPath = path; >> >> >> - >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 7.0.x updated: File separator, not path separator
Mark, On 1/20/21 11:58, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 7.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/7.0.x by this push: new 7c3fb67 File separator, not path separator Any reason not to use java.nio.Path here instead of a String? -chris 7c3fb67 is described below commit 7c3fb673f4f17a9c31ebb5be54d3017d50aa41e7 Author: Mark Thomas AuthorDate: Wed Jan 20 16:38:32 2021 + File separator, not path separator --- java/org/apache/catalina/util/FileUtil.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/org/apache/catalina/util/FileUtil.java b/java/org/apache/catalina/util/FileUtil.java index d25bde7..c8a69cb 100644 --- a/java/org/apache/catalina/util/FileUtil.java +++ b/java/org/apache/catalina/util/FileUtil.java @@ -26,8 +26,8 @@ public class FileUtil { public FileUtil(File f) throws IOException { String path = f.getCanonicalPath(); -if (!path.endsWith(File.pathSeparator)) { -path += File.pathSeparatorChar; +if (!path.endsWith(File.separator)) { +path += File.separatorChar; } canonicalPath = path; - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch 9.0.x updated: Use java.nio.file.Path for consistent sub-directory checking
Mark, On 1/20/21 08:56, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 4785433 Use java.nio.file.Path for consistent sub-directory checking Good call. No more File.separator yay! -chris 4785433 is described below commit 4785433a226a20df6acbea49296e1ce7e23de453 Author: Mark Thomas AuthorDate: Wed Jan 20 13:28:57 2021 + Use java.nio.file.Path for consistent sub-directory checking --- .../apache/catalina/servlets/DefaultServlet.java| 2 +- java/org/apache/catalina/session/FileStore.java | 2 +- java/org/apache/catalina/startup/ContextConfig.java | 3 ++- java/org/apache/catalina/startup/ExpandWar.java | 21 +++-- java/org/apache/catalina/startup/HostConfig.java| 3 +-- webapps/docs/changelog.xml | 4 6 files changed, 16 insertions(+), 19 deletions(-) diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java b/java/org/apache/catalina/servlets/DefaultServlet.java index 2aca1b2..e0b6711 100644 --- a/java/org/apache/catalina/servlets/DefaultServlet.java +++ b/java/org/apache/catalina/servlets/DefaultServlet.java @@ -2137,7 +2137,7 @@ public class DefaultServlet extends HttpServlet { // First check that the resulting path is under the provided base try { -if (!candidate.getCanonicalPath().startsWith(base.getCanonicalPath())) { +if (!candidate.getCanonicalFile().toPath().startsWith(base.getCanonicalFile().toPath())) { return null; } } catch (IOException ioe) { diff --git a/java/org/apache/catalina/session/FileStore.java b/java/org/apache/catalina/session/FileStore.java index cf3ea88..cac6027 100644 --- a/java/org/apache/catalina/session/FileStore.java +++ b/java/org/apache/catalina/session/FileStore.java @@ -351,7 +351,7 @@ public final class FileStore extends StoreBase { File file = new File(storageDir, filename); // Check the file is within the storage directory -if (!file.getCanonicalPath().startsWith(storageDir.getCanonicalPath())) { +if (!file.getCanonicalFile().toPath().startsWith(storageDir.getCanonicalFile().toPath())) { log.warn(sm.getString("fileStore.invalid", file.getPath(), id)); return null; } diff --git a/java/org/apache/catalina/startup/ContextConfig.java b/java/org/apache/catalina/startup/ContextConfig.java index 2e02b7f..5926bfc 100644 --- a/java/org/apache/catalina/startup/ContextConfig.java +++ b/java/org/apache/catalina/startup/ContextConfig.java @@ -858,7 +858,8 @@ public class ContextConfig implements LifecycleListener { String docBaseCanonical = docBaseAbsoluteFile.getCanonicalPath(); // Re-calculate now docBase is a canonical path -boolean docBaseCanonicalInAppBase = docBaseCanonical.startsWith(appBase.getPath() + File.separatorChar); +boolean docBaseCanonicalInAppBase = + docBaseAbsoluteFile.getCanonicalFile().toPath().startsWith(appBase.toPath()); String docBase; if (docBaseCanonicalInAppBase) { docBase = docBaseCanonical.substring(appBase.getPath().length()); diff --git a/java/org/apache/catalina/startup/ExpandWar.java b/java/org/apache/catalina/startup/ExpandWar.java index a76acc2..ebc3e46 100644 --- a/java/org/apache/catalina/startup/ExpandWar.java +++ b/java/org/apache/catalina/startup/ExpandWar.java @@ -26,6 +26,7 @@ import java.net.JarURLConnection; import java.net.URL; import java.net.URLConnection; import java.nio.channels.FileChannel; +import java.nio.file.Path; import java.util.Enumeration; import java.util.jar.JarEntry; import java.util.jar.JarFile; @@ -116,10 +117,7 @@ public class ExpandWar { } // Expand the WAR into the new document base directory -String canonicalDocBasePrefix = docBase.getCanonicalPath(); -if (!canonicalDocBasePrefix.endsWith(File.separator)) { -canonicalDocBasePrefix += File.separator; -} +Path canonicalDocBasePath = docBase.getCanonicalFile().toPath(); // Creating war tracker parent (normally META-INF) File warTrackerParent = warTracker.getParentFile(); @@ -134,14 +132,13 @@ public class ExpandWar { JarEntry jarEntry = jarEntries.nextElement(); String name = jarEntry.getName(); File expandedFile = new File(docBase, name); -if (!expandedFile.getCanonicalPath().startsWith( -canonicalDocBasePrefix)) { +if (!expandedFile.getCanonicalFile().toPath().startsWith(canonicalDocBasePath)) { // Trying to expand outside the docBase
[PATCH] AbstractAccessLogValve: Add pre/post add log element extension points
a sub class can extend before and after the addElement loop to establish a context via thread-dependend CharArrayWriter object. --- java/org/apache/catalina/valves/AbstractAccessLogValve.java | 5 + 1 file changed, 5 insertions(+) diff --git a/java/org/apache/catalina/valves/AbstractAccessLogValve.java b/java/org/apache/catalina/valves/AbstractAccessLogValve.java index e23f49d3a5..5e774c2320 100644 --- a/java/org/apache/catalina/valves/AbstractAccessLogValve.java +++ b/java/org/apache/catalina/valves/AbstractAccessLogValve.java @@ -685,9 +685,11 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access result = new CharArrayWriter(128); } +preLogAddElement(result); for (int i = 0; i < logElements.length; i++) { logElements[i].addElement(result, date, request, response, time); } +postLogAddElement(result); log(result); @@ -699,6 +701,9 @@ public abstract class AbstractAccessLogValve extends ValveBase implements Access // Protected Methods +protected void preLogAddElement(CharArrayWriter result) {} +protected void postLogAddElement(CharArrayWriter result) {} + /** * Log the specified message. * -- 2.20.1 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building tomcat. Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/5636 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch master] 721e6e1f21d4b0180f6e5d3d225878d27e21f7dd Blamelist: remm BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Graal 21.0 now supports serialization
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 69c2453 Graal 21.0 now supports serialization 69c2453 is described below commit 69c2453ed47931fc525163af936545779f499b01 Author: remm AuthorDate: Thu Jan 21 11:00:14 2021 +0100 Graal 21.0 now supports serialization I have not actually tested with clustering or session serialization, and it is possible the base json descriptors need an update, but the general warning is now out of date. --- webapps/docs/graal.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index f079197..0394d5a 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -201,9 +201,6 @@ mvn package Missing items for better Tomcat functionality: - https://github.com/oracle/graal/issues/460";>Java -serialization: Clustering and session persistence are not -functional https://github.com/oracle/graal/issues/2103";>JMX: The usual monitoring and management is not usable java.util.logging LogManager: Configuration through a system property - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch master updated: Graal 21.0 now supports serialization
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/master by this push: new 721e6e1 Graal 21.0 now supports serialization 721e6e1 is described below commit 721e6e1f21d4b0180f6e5d3d225878d27e21f7dd Author: remm AuthorDate: Thu Jan 21 11:00:14 2021 +0100 Graal 21.0 now supports serialization I have not actually tested with clustering or session serialization, and it is possible the base json descriptors need an update, but the general warning is now out of date. --- webapps/docs/graal.xml | 3 --- 1 file changed, 3 deletions(-) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index f751d03..6def03d 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -201,9 +201,6 @@ mvn package Missing items for better Tomcat functionality: - https://github.com/oracle/graal/issues/460";>Java -serialization: Clustering and session persistence are not -functional https://github.com/oracle/graal/issues/2103";>JMX: The usual monitoring and management is not usable java.util.logging LogManager: Configuration through a system property - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 --- Comment #10 from Remy Maucherat --- (In reply to Mark Thomas from comment #9) > RE-opening this issue while I look at the test case... The use of non container threads doing ??? seems to be the root cause of the problems here. Also the behavior of available() could be a contributor, and you did change that for the better very recently. So you might not be able to reproduce. OTOH, I would still like to add a ISE exit for the loop in OpenSSLEngine.unwrap, in case the state becomes inconsistent. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64771] Windows CPU processor always running by a thread reading request body from https connection
https://bz.apache.org/bugzilla/show_bug.cgi?id=64771 Mark Thomas changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WORKSFORME |--- --- Comment #9 from Mark Thomas --- RE-opening this issue while I look at the test case... -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org