From: markt Date: Tue, 12 Jul 2011 17:50:11 +0000 (+0000) Subject: Protect against crashes in the HTTP APR connector if sendfile is configured to send... X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=db89e039a0b4832d2e09890584b158cf5987106f;p=tomcat7.0 Protect against crashes in the HTTP APR connector if sendfile is configured to send more data than is available in the file. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@1145694 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/java/org/apache/coyote/http11/Http11AprProcessor.java b/java/org/apache/coyote/http11/Http11AprProcessor.java index 14f664b16..3b7e2e206 100644 --- a/java/org/apache/coyote/http11/Http11AprProcessor.java +++ b/java/org/apache/coyote/http11/Http11AprProcessor.java @@ -305,7 +305,18 @@ public class Http11AprProcessor extends AbstractHttp11Processor { sendfileData.socket = socketRef; sendfileData.keepAlive = keepAlive; if (!((AprEndpoint)endpoint).getSendfile().add(sendfileData)) { - openSocket = true; + if (sendfileData.socket == 0) { + // Didn't send all the data but the socket is no longer + // set. Something went wrong. Close the connection. + // Too late to set status code. + if (log.isDebugEnabled()) { + log.debug(sm.getString( + "http11processor.sendfile.error")); + } + error = true; + } else { + openSocket = true; + } break; } } diff --git a/java/org/apache/coyote/http11/LocalStrings.properties b/java/org/apache/coyote/http11/LocalStrings.properties index dd49940b9..00916296d 100644 --- a/java/org/apache/coyote/http11/LocalStrings.properties +++ b/java/org/apache/coyote/http11/LocalStrings.properties @@ -35,6 +35,7 @@ http11processor.socket.ssl=Exception getting SSL attributes http11processor.socket.sslreneg=Exception re-negotiating SSL connection http11processor.socket.timeout=Error setting socket timeout http11processor.comet.notsupported=The Comet protocol is not supported by this connector +http11processor.sendfile.error=Error sending data using sendfile. May be caused by invalid request attributes for start/end points iib.eof.error=Unexpected EOF read on the socket iib.requestheadertoolarge.error=Request header is too large diff --git a/java/org/apache/tomcat/util/net/AprEndpoint.java b/java/org/apache/tomcat/util/net/AprEndpoint.java index 9efb2c381..024a08e22 100644 --- a/java/org/apache/tomcat/util/net/AprEndpoint.java +++ b/java/org/apache/tomcat/util/net/AprEndpoint.java @@ -1460,7 +1460,9 @@ public class AprEndpoint extends AbstractEndpoint { data.pos, data.end - data.pos, 0); if (nw < 0) { if (!(-nw == Status.EAGAIN)) { - destroySocket(data.socket); + Pool.destroy(data.fdpool); + // No need to close socket, this will be done by + // calling code since data.socket == 0 data.socket = 0; return false; } else { diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bdd461df5..cfa4eec2e 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -121,8 +121,9 @@ is used. Fixes null thread name in access log and JMX MBean. (rjung) - Protect against infinite loops in the HTTP NIO connector if sendfile is - configured to send more data than is available in the file. (markt) + Protect against infinite loops (HTTP NIO) and crashes (HTTP APR) if + sendfile is configured to send more data than is available in the file. + (markt) Prevent NPEs when a socket is closed in non-error conditions after