On Sat, Jun 2, 2018 at 9:25 PM Alex Marchevskiy <a...@backblaze.com> wrote:
> Hi Rémy, > > Thank you for your quick follow up to the issue posted by Adam. I have > been reviewing the patch from r1832519 and it appears that if a connection > is established and no bytes are sent, the socket remains open indefinitely > waiting for the handshakeReadCompletionHandler to callback. Hence it would > be possible for a malicious user to establish enough connections to match > the OS file descriptor limit and prevent Tomcat from servicing any new > connections simply by keeping the connections open and not sending any > data. > Ok, there were three read operations that did not have a timeout and that is now fixed as well. However, the timeout is often "longish", so it won't make such a big difference anyway and NIO2 is not supposed to operate with any real connection limit. Rémy