You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/03/08 16:32:10 UTC

[tomcat] branch main updated: Fix potential concurrency issue.

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
     new a605286  Fix potential concurrency issue.
a605286 is described below

commit a60528617e512330f91553e925d50a6c34016dd4
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Mar 8 16:27:03 2022 +0000

    Fix potential concurrency issue.
    
    If the request is split across multiple packets and those packets are
    processed in rapid succession then it is possible that subsequent
    packets see the wrong value for readComplete and register the socket for
    a further read rather than processing the request.
---
 java/org/apache/coyote/http11/Http11Processor.java | 4 ++--
 webapps/docs/changelog.xml                         | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/coyote/http11/Http11Processor.java b/java/org/apache/coyote/http11/Http11Processor.java
index 623631a..4f82613 100644
--- a/java/org/apache/coyote/http11/Http11Processor.java
+++ b/java/org/apache/coyote/http11/Http11Processor.java
@@ -112,13 +112,13 @@ public class Http11Processor extends AbstractProcessor {
      * Flag used to indicate that the socket should be kept open (e.g. for keep
      * alive or send file.
      */
-    private boolean openSocket = false;
+    private volatile boolean openSocket = false;
 
 
     /**
      * Flag that indicates if the request headers have been completely read.
      */
-    private boolean readComplete = true;
+    private volatile boolean readComplete = true;
 
     /**
      * HTTP/1.1 flag.
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index aa6a32a..5f0850f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -132,6 +132,11 @@
         when user code was doing sequential operations in a single thread.
         Test case code submitted by Istvan Szekely. (remm)
       </fix>
+      <fix>
+        Fix potential thread-safety issue that could cause HTTP/1.1 request
+        processing to wait, and potentially timeout, waiting for additional
+        data when the full request has been received. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Jasper">

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org