You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Joshua McKenzie (JIRA)" <ji...@apache.org> on 2016/09/06 15:46:20 UTC
[jira] [Updated] (CASSANDRA-12329) Unreleased Resource: Sockets
[ https://issues.apache.org/jira/browse/CASSANDRA-12329?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joshua McKenzie updated CASSANDRA-12329:
----------------------------------------
Status: Patch Available (was: Open)
> Unreleased Resource: Sockets
> ----------------------------
>
> Key: CASSANDRA-12329
> URL: https://issues.apache.org/jira/browse/CASSANDRA-12329
> Project: Cassandra
> Issue Type: Sub-task
> Reporter: Eduardo Aguinaga
> Assignee: Arunkumar M
> Labels: easyfix, newbie, patch
> Fix For: 3.0.x
>
> Attachments: 12329-3.0.txt
>
>
> Overview:
> In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
> Issue:
> Sockets are low level resources that must be explicitly released so subsequent callers will have access to previously used sockets. In the file SSLFactory.java on line 62 a SSL server socket is acquired and eventually returned to the caller on line 69.
> If an exception is thrown by any of the code between lines 62 and 69 the socket acquired on line 62 will not be released for subsequent reuse..
> {code:java}
> SSLFactory.java, lines 59-70:
> 59 public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException
> 60 {
> 61 SSLContext ctx = createSSLContext(options, true);
> 62 SSLServerSocket serverSocket = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket();
> 63 serverSocket.setReuseAddress(true);
> 64 String[] suites = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites);
> 65 serverSocket.setEnabledCipherSuites(suites);
> 66 serverSocket.setNeedClientAuth(options.require_client_auth);
> 67 serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
> 68 serverSocket.bind(new InetSocketAddress(address, port), 500);
> 69 return serverSocket;
> 70 }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)