tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5
Date Fri, 06 Jun 2003 06:32:12 GMT wrote:
> jfarcand    2003/06/05 20:03:33
>   Modified:    catalina/src/share/org/apache/coyote/tomcat5
>   Log:
>   When the SecurityManager is turned on, the facade is never properly garbaged. Bugtraq
>   66915 demonstrates a case where CoyoteRequestFacade is re-used with a request object
>   als to null (the getAttribute throws NPE). The bug also exists in Tomcat 4.1.x. (should
>   I port the patch?)
>   Also, the way response are recycled may also produce the same behaviour, althrough
I can
>   't reproduce the exception.

I'm not sure I understand what was going on, and I have no access to 
bugtraq. I believe the NPE occurred because of an access beyond the 
useful lifecycle of the request.
The facade should be set to null when recycling the request, so this is 
supposed to take care of the problem. BTW, there's no guarantee that 
getRequest will be called just once during the processing of the request.

I'm -1 on this patch unless you can explain what the bug exactly was, 
and how the recycling couldn't properly reset the facade.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message