You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2014/04/24 10:54:27 UTC
svn commit: r1589640 - in /tomcat/tc6.0.x/trunk: ./ STATUS.txt
java/org/apache/catalina/security/SecurityClassLoad.java
java/org/apache/catalina/servlets/DefaultServlet.java
webapps/docs/changelog.xml
Author: markt
Date: Thu Apr 24 08:54:26 2014
New Revision: 1589640
URL: http://svn.apache.org/r1589640
Log:
Avoid memory leak and add small optimisation to default Servlet
Modified:
tomcat/tc6.0.x/trunk/ (props changed)
tomcat/tc6.0.x/trunk/STATUS.txt
tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
Propchange: tomcat/tc6.0.x/trunk/
------------------------------------------------------------------------------
Merged /tomcat/trunk:r1588193,1588197
Merged /tomcat/tc7.0.x/trunk:r1588199
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/STATUS.txt (original)
+++ tomcat/tc6.0.x/trunk/STATUS.txt Thu Apr 24 08:54:26 2014
@@ -52,11 +52,6 @@ PATCHES PROPOSED TO BACKPORT:
http://wiki.openssl.org/index.php/FIPS_mode%28%29
-1:
-* Avoid memory leak and add small optimisation to default Servlet
- http://svn.apache.org/r1588199
- +1: markt, kkolinko, remm
- -1:
-
PATCHES/ISSUES THAT ARE STALLED:
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/security/SecurityClassLoad.java Thu Apr 24 08:54:26 2014
@@ -39,6 +39,7 @@ public final class SecurityClassLoad {
loadCorePackage(loader);
loadLoaderPackage(loader);
+ loadServletsPackage(loader);
loadSessionPackage(loader);
loadUtilPackage(loader);
loadJavaxPackage(loader);
@@ -81,6 +82,18 @@ public final class SecurityClassLoad {
}
+ private static final void loadServletsPackage(ClassLoader loader)
+ throws Exception {
+ final String basePackage = "org.apache.catalina.servlets.";
+ // Avoid a possible memory leak in the DefaultServlet when running with
+ // a security manager. The DefaultServlet needs to load an XML parser
+ // when running under a security manager. We want this to be loaded by
+ // the container rather than a web application to prevent a memory leak
+ // via web application class loader.
+ loader.loadClass(basePackage + "DefaultServlet");
+ }
+
+
private final static void loadSessionPackage(ClassLoader loader)
throws Exception {
String basePackage = "org.apache.catalina.";
Modified: tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java (original)
+++ tomcat/tc6.0.x/trunk/java/org/apache/catalina/servlets/DefaultServlet.java Thu Apr 24 08:54:26 2014
@@ -123,8 +123,7 @@ public class DefaultServlet
private static final DocumentBuilderFactory factory;
- private static final SecureEntityResolver secureEntityResolver =
- new SecureEntityResolver();
+ private static final SecureEntityResolver secureEntityResolver;
// ----------------------------------------------------- Instance Variables
@@ -232,9 +231,15 @@ public class DefaultServlet
urlEncoder.addSafeCharacter('*');
urlEncoder.addSafeCharacter('/');
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setValidating(false);
+ if (Globals.IS_SECURITY_ENABLED) {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ secureEntityResolver = new SecureEntityResolver();
+ } else {
+ factory = null;
+ secureEntityResolver = null;
+ }
}
Modified: tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml?rev=1589640&r1=1589639&r2=1589640&view=diff
==============================================================================
--- tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml Thu Apr 24 08:54:26 2014
@@ -87,6 +87,10 @@
reverts all the operations performed when adding an MBean notification
listener. (markt)
</fix>
+ <fix>
+ Only create XML parsing objects if required and fix associated potential
+ memory leak in the default Servlet. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org