You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by kk...@apache.org on 2012/03/23 18:00:20 UTC
svn commit: r1304483 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/catalina/loader/WebappClassLoader.java
webapps/docs/changelog.xml
Author: kkolinko
Date: Fri Mar 23 17:00:20 2012
New Revision: 1304483
URL: http://svn.apache.org/viewvc?rev=1304483&view=rev
Log:
Merged revision 1298140 from tomcat/trunk:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52719
Correct theoretical resource leak during Jar validation
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1298140
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1304483&r1=1304482&r2=1304483&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Mar 23 17:00:20 2012
@@ -95,12 +95,6 @@ PATCHES PROPOSED TO BACKPORT:
+1: rjung, mturk, fhanik, markt
-1:
-* Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=52719
- Correct theoretical resource leak during Jar validation
- http://svn.apache.org/viewvc?rev=1298143&view=rev
- +1: markt, fhanik, kkolinko
- -1:
-
* Replicate Principal in ClusterSingleSignOn.
http://svn.apache.org/viewvc?view=revision&revision=1298299
+1: kfujino, fhanik, markt
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java?rev=1304483&r1=1304482&r2=1304483&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoader.java Fri Mar 23 17:00:20 2012
@@ -3256,44 +3256,53 @@ public class WebappClassLoader
* Check the specified JAR file, and return <code>true</code> if it does
* not contain any of the trigger classes.
*
- * @param jarfile The JAR file to be checked
+ * @param file The JAR file to be checked
*
* @exception IOException if an input/output error occurs
*/
- protected boolean validateJarFile(File jarfile)
+ protected boolean validateJarFile(File file)
throws IOException {
if (triggers == null)
return (true);
- JarFile jarFile = new JarFile(jarfile);
- for (int i = 0; i < triggers.length; i++) {
- Class clazz = null;
- try {
- if (parent != null) {
- clazz = parent.loadClass(triggers[i]);
- } else {
- clazz = Class.forName(triggers[i]);
+
+ JarFile jarFile = null;
+ try {
+ jarFile = new JarFile(file);
+ for (int i = 0; i < triggers.length; i++) {
+ Class<?> clazz = null;
+ try {
+ if (parent != null) {
+ clazz = parent.loadClass(triggers[i]);
+ } else {
+ clazz = Class.forName(triggers[i]);
+ }
+ } catch (Throwable t) {
+ clazz = null;
+ }
+ if (clazz == null)
+ continue;
+ String name = triggers[i].replace('.', '/') + ".class";
+ if (log.isDebugEnabled())
+ log.debug(" Checking for " + name);
+ JarEntry jarEntry = jarFile.getJarEntry(name);
+ if (jarEntry != null) {
+ log.info("validateJarFile(" + file +
+ ") - jar not loaded. See Servlet Spec 2.3, "
+ + "section 9.7.2. Offending class: " + name);
+ return false;
}
- } catch (Throwable t) {
- clazz = null;
}
- if (clazz == null)
- continue;
- String name = triggers[i].replace('.', '/') + ".class";
- if (log.isDebugEnabled())
- log.debug(" Checking for " + name);
- JarEntry jarEntry = jarFile.getJarEntry(name);
- if (jarEntry != null) {
- log.info("validateJarFile(" + jarfile +
- ") - jar not loaded. See Servlet Spec 2.3, "
- + "section 9.7.2. Offending class: " + name);
- jarFile.close();
- return (false);
+ return true;
+ } finally {
+ if (jarFile != null) {
+ try {
+ jarFile.close();
+ } catch (IOException ioe) {
+ // Ignore
+ }
}
}
- jarFile.close();
- return (true);
-
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1304483&r1=1304482&r2=1304483&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Fri Mar 23 17:00:20 2012
@@ -119,6 +119,10 @@
<code>org.apache.catalina.filters</code> package so that it is
available for all web applications. (kkolinko)
</add>
+ <fix>
+ <bug>52719</bug>: Fix a theoretical resource leak in the JAR validation
+ that checks for non-permitted classes in web application JARs. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org