You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/08/02 11:22:51 UTC
[Bug 59926] New: ServerCookie memery leak
https://bz.apache.org/bugzilla/show_bug.cgi?id=59926
Bug ID: 59926
Summary: ServerCookie memery leak
Product: Tomcat 9
Version: unspecified
Hardware: PC
OS: Mac OS X 10.1
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: gehill_cn@sina.com
Created attachment 34090
--> https://bz.apache.org/bugzilla/attachment.cgi?id=34090&action=edit
avoid serverCookie memery leak
i have a test
GetMethod getMethod = new GetMethod("http://127.0.0.1:8080/");
Header h = new Header();
h.setName("Cookie");
StringBuilder sb=new StringBuilder();
for(int i=0;i<2000;i++){
sb.append("a=b;");
}
h.setValue(sb.toString());
getMethod.addRequestHeader(h);
nt statusCode = httpClient.executeMethod(getMethod);
there are larger number ServerCookie arrays is cached in heap.
We saw two issues in this case:
1) the size of org.apache.tomcat.util.http.Cookies#scookies array never gets
shrunk after recycle, once it is dynamically resized.
2) the number of org.apache.tomcat.util.http.ServerCookie object can be
dramatically large, which might lead to memory leak. A maxHeaderSize of 8k has
limit the number of ServerCookie object to no more than 2k, assuming each
cookie is 4 bytes (e.g. 'a=b;'). This may have limited impact for a web
application with low concurrency. However, for a heavily concurrent, NIO-based
connector, this may have a huge impact. Suppose a malicious client is sending
2k concurrent request, each sending 2k cookies, at tomcat side there will be 2k
* 2k = 4m ServerCookie objects. Since the default maxConnection value is 10k
for NIO, there can be at most 20m Server Cookies objects, and cannot be
recycled because of 1).
We modify as follows:
1) shrink the org.apache.tomcat.util.http.ServerCookie object array back to its
initial size after recycling org.apache.tomcat.util.http.ServerCookies object.
2) add a maxCookieCount configuration to limit the number of cookie to process.
When exceeding the limit, throw exception just like the limit of head. The
default value of maxCookieCount shall be unlimited to be compatible with
current behavior, and configurable via server.xml
3) limit the max size of org.apache.tomcat.util.http.Cookies#serverCookies
array. We argue the growing strategy here that the number of ServerCookie
object should have an upper limit. for example, if maxHeaderSize is 9k and
cookie string is 'a=;b=;...', then the number of ServerCookie object should be
no more than 3k, hence the growing from 2k -> 4k will be unnecessary.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59926] ServerCookie memery leak
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59926
Remy Maucherat <re...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #1 from Remy Maucherat <re...@apache.org> ---
*** This bug has been marked as a duplicate of bug 59904 ***
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org