1
Description: Fix high CPU load with SSL, NIO and sendfile when
2
client breaks the connection before reading all the requested data.
3
It is a fix for CVE-2012-4534.
4
Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1372035&r2=1372034&pathrev=1372035
5
Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
7
--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
8
+++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
10
public boolean processSendfile(SelectionKey sk, KeyAttachment attachment, boolean reg, boolean event) {
13
- //unreg(sk,attachment);//only do this if we do process send file on a separate thread
14
+ unreg(sk, attachment, sk.readyOps());
15
SendfileData sd = attachment.getSendfileData();
17
+ if (log.isTraceEnabled()) {
18
+ log.trace("Processing send file for: " + sd.fileName);
21
+ //setup the file channel
22
if ( sd.fchannel == null ) {
23
File f = new File(sd.fileName);
25
@@ -1723,10 +1729,14 @@
27
sd.fchannel = new FileInputStream(f).getChannel();
30
+ //configure output channel
31
sc = attachment.getChannel();
33
+ //ssl channel is slightly different
34
WritableByteChannel wc =(WritableByteChannel) ((sc instanceof SecureNioChannel)?sc:sc.getIOChannel());
37
+ //we still have data in the buffer
38
if (sc.getOutboundRemaining()>0) {
39
if (sc.flushOutbound()) {
41
@@ -1753,15 +1763,13 @@
42
attachment.setSendfileData(null);
43
try {sd.fchannel.close();}catch(Exception ignore){}
46
- if (log.isDebugEnabled()) {
47
- log.debug("Connection is keep alive, registering back for OP_READ");
50
- this.add(attachment.getChannel(),SelectionKey.OP_READ);
52
- reg(sk,attachment,SelectionKey.OP_READ);
54
+ if (log.isDebugEnabled()) {
55
+ log.debug("Connection is keep alive, registering back for OP_READ");
58
+ this.add(attachment.getChannel(),SelectionKey.OP_READ);
60
+ reg(sk,attachment,SelectionKey.OP_READ);
63
if (log.isDebugEnabled()) {
65
cancelledKey(sk,SocketStatus.STOP,false);
68
- } else if ( attachment.interestOps() == 0 && reg ) {
70
if (log.isDebugEnabled()) {
71
- log.debug("OP_WRITE for sendilfe:"+sd.fileName);
72
+ log.debug("OP_WRITE for sendfile:" + sd.fileName);
75
add(attachment.getChannel(),SelectionKey.OP_WRITE);