cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From yu...@apache.org
Subject [02/12] cassandra git commit: Fix unreleased resource sockets
Date Thu, 20 Oct 2016 14:48:23 GMT
Fix unreleased resource sockets

patch by Arunkumar M; reviewed by yukim for CASSANDRA-12329


Project: http://git-wip-us.apache.org/repos/asf/cassandra/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra/commit/86a73d43
Tree: http://git-wip-us.apache.org/repos/asf/cassandra/tree/86a73d43
Diff: http://git-wip-us.apache.org/repos/asf/cassandra/diff/86a73d43

Branch: refs/heads/cassandra-3.X
Commit: 86a73d439c56faf1c0309e1b808368f8d04bc734
Parents: c9ca441
Author: Arunkumar M <arunkumar.0190@gmail.com>
Authored: Thu Aug 11 22:16:21 2016 -0700
Committer: Yuki Morishita <yukim@apache.org>
Committed: Thu Oct 20 09:44:23 2016 -0500

----------------------------------------------------------------------
 CHANGES.txt                                     |  1 +
 .../apache/cassandra/security/SSLFactory.java   | 72 ++++++++++++++------
 2 files changed, 53 insertions(+), 20 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra/blob/86a73d43/CHANGES.txt
----------------------------------------------------------------------
diff --git a/CHANGES.txt b/CHANGES.txt
index 749a3b0..ec32945 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.0.10
+ * Fix potential socket leak (CASSANDRA-12329)
  * Fix ViewTest.testCompaction (CASSANDRA-12789)
  * Improve avg aggregate functions (CASSANDRA-12417)
  * Preserve quoted reserved keyword column names in MV creation (CASSANDRA-11803)

http://git-wip-us.apache.org/repos/asf/cassandra/blob/86a73d43/src/java/org/apache/cassandra/security/SSLFactory.java
----------------------------------------------------------------------
diff --git a/src/java/org/apache/cassandra/security/SSLFactory.java b/src/java/org/apache/cassandra/security/SSLFactory.java
index a327de9..56a3a3f 100644
--- a/src/java/org/apache/cassandra/security/SSLFactory.java
+++ b/src/java/org/apache/cassandra/security/SSLFactory.java
@@ -59,14 +59,22 @@ public final class SSLFactory
     public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress
address, int port) throws IOException
     {
         SSLContext ctx = createSSLContext(options, true);
-        SSLServerSocket serverSocket = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket();
-        serverSocket.setReuseAddress(true);
-        String[] suites = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites);
-        serverSocket.setEnabledCipherSuites(suites);
-        serverSocket.setNeedClientAuth(options.require_client_auth);
-        serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
-        serverSocket.bind(new InetSocketAddress(address, port), 500);
-        return serverSocket;
+        SSLServerSocket serverSocket = (SSLServerSocket) ctx.getServerSocketFactory().createServerSocket();
+        try
+        {
+            serverSocket.setReuseAddress(true);
+            String[] suites = filterCipherSuites(serverSocket.getSupportedCipherSuites(),
options.cipher_suites);
+            serverSocket.setEnabledCipherSuites(suites);
+            serverSocket.setNeedClientAuth(options.require_client_auth);
+            serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
+            serverSocket.bind(new InetSocketAddress(address, port), 500);
+            return serverSocket;
+        }
+        catch (IllegalArgumentException | SecurityException | IOException e)
+        {
+            serverSocket.close();
+            throw e;
+        }
     }
 
     /** Create a socket and connect */
@@ -74,10 +82,18 @@ public final class SSLFactory
     {
         SSLContext ctx = createSSLContext(options, true);
         SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port,
localAddress, localPort);
-        String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
-        socket.setEnabledCipherSuites(suites);
-        socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
-        return socket;
+        try
+        {
+            String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
+            socket.setEnabledCipherSuites(suites);
+            socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
+            return socket;
+        }
+        catch (IllegalArgumentException e)
+        {
+            socket.close();
+            throw e;
+        }
     }
 
     /** Create a socket and connect, using any local address */
@@ -85,10 +101,18 @@ public final class SSLFactory
     {
         SSLContext ctx = createSSLContext(options, true);
         SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket(address, port);
-        String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
-        socket.setEnabledCipherSuites(suites);
-        socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
-        return socket;
+        try
+        {
+            String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
+            socket.setEnabledCipherSuites(suites);
+            socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
+            return socket;
+        }
+        catch (IllegalArgumentException e)
+        {
+            socket.close();
+            throw e;
+        }
     }
 
     /** Just create a socket */
@@ -96,10 +120,18 @@ public final class SSLFactory
     {
         SSLContext ctx = createSSLContext(options, true);
         SSLSocket socket = (SSLSocket) ctx.getSocketFactory().createSocket();
-        String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
-        socket.setEnabledCipherSuites(suites);
-        socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
-        return socket;
+        try
+        {
+            String[] suites = filterCipherSuites(socket.getSupportedCipherSuites(), options.cipher_suites);
+            socket.setEnabledCipherSuites(suites);
+            socket.setEnabledProtocols(ACCEPTED_PROTOCOLS);
+            return socket;
+        }
+        catch (IllegalArgumentException e)
+        {
+            socket.close();
+            throw e;
+        }
     }
 
     @SuppressWarnings("resource")


Mime
View raw message