You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by sc...@apache.org on 2019/12/20 15:34:58 UTC
[tomcat] branch master updated: Fix
https://bz.apache.org/bugzilla/show_bug.cgi?id=64023
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new d9f243a Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64023
d9f243a is described below
commit d9f243aa49bbe1426534cf131722243bfcd89261
Author: Christopher Schultz <ch...@christopherschultz.net>
AuthorDate: Fri Dec 20 10:34:12 2019 -0500
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=64023
Skip null-valued session attributes when de-serializing sessions.
---
java/org/apache/catalina/ha/session/DeltaSession.java | 4 +++-
java/org/apache/catalina/session/StandardSession.java | 4 +++-
webapps/docs/changelog.xml | 4 ++++
3 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/java/org/apache/catalina/ha/session/DeltaSession.java b/java/org/apache/catalina/ha/session/DeltaSession.java
index 947fa62..2465c60 100644
--- a/java/org/apache/catalina/ha/session/DeltaSession.java
+++ b/java/org/apache/catalina/ha/session/DeltaSession.java
@@ -846,7 +846,9 @@ public class DeltaSession extends StandardSession implements Externalizable,Clus
if (exclude(name, value)) {
continue;
}
- attributes.put(name, value);
+ // ConcurrentHashMap does not allow null keys or values
+ if(null != value)
+ attributes.put(name, value);
}
isValid = isValidSave;
diff --git a/java/org/apache/catalina/session/StandardSession.java b/java/org/apache/catalina/session/StandardSession.java
index 7753212..c8446f9 100644
--- a/java/org/apache/catalina/session/StandardSession.java
+++ b/java/org/apache/catalina/session/StandardSession.java
@@ -1595,7 +1595,9 @@ public class StandardSession implements HttpSession, Session, Serializable {
if (exclude(name, value)) {
continue;
}
- attributes.put(name, value);
+ // ConcurrentHashMap does not allow null keys or values
+ if(null != value)
+ attributes.put(name, value);
}
isValid = isValidSave;
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 55781a4..7fb5f6b 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -75,6 +75,10 @@
the JRE. This listener will be removed in Tomcat 10 and may be removed
from Tomcat 9.0.x some time after 2020-12-31. (markt)
</scode>
+ <fix>
+ <bug>64023</bug>: Skip null-valued session attributes when deserializing
+ sessions. (schultz)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org