← Back to branch summary

~ubuntu-branches/ubuntu/vivid/tomcat6/vivid-proposed

« back to all changes in this revision

Viewing changes to debian/patches/0014-CVE-2012-4534.patch

  • Committer: Package Import Robot
  • Author(s): tony mancill
  • Date: 2012-12-06 21:10:11 UTC
  • Revision ID: package-import@ubuntu.com-20121206211011-zuimndvjmjiwul9z
Tags: 6.0.35-6
http://bugs.debian.org/692440
http://bugs.debian.org/695250
* Acknowledge NMU: 6.0.35-5+nmu1 (Closes: #692440)
  - Thank you to Michael Gilbert.
* Add patches for the following security issues: (Closes: #695250)
  - CVE-2012-4534, CVE-2012-4431, CVE-2012-3546

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/0014-CVE-2012-4534.patch
 
1
Description: Fix high CPU load with SSL, NIO and sendfile when
 
2
 client breaks the connection before reading all the requested data.
 
3
 It is a fix for CVE-2012-4534.
 
4
Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1372035&r2=1372034&pathrev=1372035
 
5
Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
 
6
 
 
7
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
 
8
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
 
9
@@ -1713,8 +1713,14 @@
 
10
         public boolean processSendfile(SelectionKey sk, KeyAttachment attachment, boolean reg, boolean event) {
 
11
             NioChannel sc = null;
 
12
             try {
 
13
-                //unreg(sk,attachment);//only do this if we do process send file on a separate thread
 
14
+                unreg(sk, attachment, sk.readyOps());
 
15
                 SendfileData sd = attachment.getSendfileData();
 
16
+
 
17
+                if (log.isTraceEnabled()) {
 
18
+                    log.trace("Processing send file for: " + sd.fileName);
 
19
+                }
 
20
+
 
21
+                //setup the file channel
 
22
                 if ( sd.fchannel == null ) {
 
23
                     File f = new File(sd.fileName);
 
24
                     if ( !f.exists() ) {
 
25
@@ -1723,10 +1729,14 @@
 
26
                     }
 
27
                     sd.fchannel = new FileInputStream(f).getChannel();
 
28
                 }
 
29
+
 
30
+                //configure output channel
 
31
                 sc = attachment.getChannel();
 
32
                 sc.setSendFile(true);
 
33
+                //ssl channel is slightly different
 
34
                 WritableByteChannel wc =(WritableByteChannel) ((sc instanceof SecureNioChannel)?sc:sc.getIOChannel());
 
35
-                
 
36
+
 
37
+                //we still have data in the buffer
 
38
                 if (sc.getOutboundRemaining()>0) {
 
39
                     if (sc.flushOutbound()) {
 
40
                         attachment.access();
 
41
@@ -1753,15 +1763,13 @@
 
42
                     attachment.setSendfileData(null);
 
43
                     try {sd.fchannel.close();}catch(Exception ignore){}
 
44
                     if ( sd.keepAlive ) {
 
45
-                        if (reg) {
 
46
-                            if (log.isDebugEnabled()) {
 
47
-                                log.debug("Connection is keep alive, registering back for OP_READ");
 
48
-                            }
 
49
-                            if (event) {
 
50
-                                this.add(attachment.getChannel(),SelectionKey.OP_READ);
 
51
-                            } else {
 
52
-                                reg(sk,attachment,SelectionKey.OP_READ);
 
53
-                            }
 
54
+                        if (log.isDebugEnabled()) {
 
55
+                            log.debug("Connection is keep alive, registering back for OP_READ");
 
56
+                        }
 
57
+                        if (event) {
 
58
+                            this.add(attachment.getChannel(),SelectionKey.OP_READ);
 
59
+                        } else {
 
60
+                            reg(sk,attachment,SelectionKey.OP_READ);
 
61
                         }
 
62
                     } else {
 
63
                         if (log.isDebugEnabled()) {
 
64
@@ -1770,9 +1778,9 @@
 
65
                         cancelledKey(sk,SocketStatus.STOP,false);
 
66
                         return false;
 
67
                     }
 
68
-                } else if ( attachment.interestOps() == 0 && reg ) {
 
69
+                } else {
 
70
                     if (log.isDebugEnabled()) {
 
71
-                        log.debug("OP_WRITE for sendilfe:"+sd.fileName);
 
72
+                        log.debug("OP_WRITE for sendfile:" + sd.fileName);
 
73
                     }
 
74
                     if (event) {
 
75
                         add(attachment.getChannel(),SelectionKey.OP_WRITE);