You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/09/09 10:57:01 UTC
svn commit: r1623704 - in /tomcat/trunk:
java/org/apache/catalina/servlets/WebdavServlet.java
webapps/docs/changelog.xml
Author: markt
Date: Tue Sep 9 08:57:00 2014
New Revision: 1623704
URL: http://svn.apache.org/r1623704
Log:
Fix unsafe concurrent use of MD5 digest by multiple threads
Modified:
tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java?rev=1623704&r1=1623703&r2=1623704&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/servlets/WebdavServlet.java Tue Sep 9 08:57:00 2014
@@ -21,8 +21,6 @@ import java.io.StringReader;
import java.io.StringWriter;
import java.io.Writer;
import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.Enumeration;
import java.util.Hashtable;
@@ -34,7 +32,6 @@ import java.util.Vector;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
-import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilder;
@@ -48,6 +45,7 @@ import org.apache.catalina.util.XMLWrite
import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.http.FastHttpDateFormat;
import org.apache.tomcat.util.http.RequestUtil;
+import org.apache.tomcat.util.security.ConcurrentMessageDigest;
import org.apache.tomcat.util.security.MD5Encoder;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -191,12 +189,6 @@ public class WebdavServlet
TimeZone.getTimeZone("GMT"));
- /**
- * MD5 message digest provider.
- */
- protected static MessageDigest md5Helper;
-
-
// ----------------------------------------------------- Instance Variables
/**
@@ -271,14 +263,6 @@ public class WebdavServlet
if (getServletConfig().getInitParameter("allowSpecialPaths") != null)
allowSpecialPaths = Boolean.parseBoolean(
getServletConfig().getInitParameter("allowSpecialPaths"));
-
- // Load the MD5 helper used to calculate signatures.
- try {
- md5Helper = MessageDigest.getInstance("MD5");
- } catch (NoSuchAlgorithmException e) {
- throw new UnavailableException("No MD5");
- }
-
}
@@ -1076,7 +1060,7 @@ public class WebdavServlet
+ lock.depth + "-" + lock.owner + "-" + lock.tokens + "-"
+ lock.expiresAt + "-" + System.currentTimeMillis() + "-"
+ secret;
- String lockToken = MD5Encoder.encode(md5Helper.digest(
+ String lockToken = MD5Encoder.encode(ConcurrentMessageDigest.digestMD5(
lockTokenStr.getBytes(StandardCharsets.ISO_8859_1)));
if (resource.isDirectory() && lock.depth == maxDepth) {
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1623704&r1=1623703&r2=1623704&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep 9 08:57:00 2014
@@ -121,6 +121,9 @@
version. Make sure that never undeploy older Context If current context
is not running. (kfujino)
</fix>
+ <fix>
+ Fix threading issue when locking resources via WebDAV. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org