Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@apache.org Received: (qmail 88684 invoked from network); 6 Jun 2003 06:43:13 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 6 Jun 2003 06:43:13 -0000 Received: (qmail 12708 invoked by uid 97); 6 Jun 2003 06:45:38 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-dev@nagoya.betaversion.org Received: (qmail 12701 invoked from network); 6 Jun 2003 06:45:38 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 6 Jun 2003 06:45:38 -0000 Received: (qmail 87787 invoked by uid 500); 6 Jun 2003 06:43:03 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 87774 invoked from network); 6 Jun 2003 06:43:02 -0000 Received: from victor.wilshire.com (209.0.86.70) by daedalus.apache.org with SMTP; 6 Jun 2003 06:43:02 -0000 Received: from harpy.wilshire.com (harpy.wilshire.com [192.168.1.58]) by victor.wilshire.com (8.12.3/8.12.3/Debian-6.4) with ESMTP id h566hE84020316 for ; Thu, 5 Jun 2003 23:43:14 -0700 Received: from oemcomputer (lsanca2-ar30-4-43-179-210.lsanca2.dsl-verizon.net [4.43.179.210]) (authenticated bits=0) by harpy.wilshire.com (8.12.9/8.12.9) with ESMTP id h566hDeB012815 for ; Thu, 5 Jun 2003 23:43:14 -0700 (PDT) Message-ID: <011701c32bf8$3e2e2080$d2b32b04@dslverizon.net> From: "Bill Barker" To: "Tomcat Developers List" References: <20030606030333.30819.qmail@icarus.apache.org> <3EE0356C.3040803@apache.org> Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java Date: Thu, 5 Jun 2003 23:52:48 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 X-Archived: msg.XX1KpGvr@harpy X-Scanned-By: MIMEDefang 2.31 (www . roaringpenguin . com / mimedefang) X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N ----- Original Message ----- From: "Remy Maucherat" To: "Tomcat Developers List" Sent: Thursday, June 05, 2003 11:32 PM Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java > jfarcand@apache.org wrote: > > jfarcand 2003/06/05 20:03:33 > > > > Modified: catalina/src/share/org/apache/coyote/tomcat5 > > CoyoteRequest.java > > Log: > > When the SecurityManager is turned on, the facade is never properly garbaged. Bugtraq 48 > > 66915 demonstrates a case where CoyoteRequestFacade is re-used with a request object equ > > als to null (the getAttribute throws NPE). The bug also exists in Tomcat 4.1.x. (should > > I port the patch?) > > > > Also, the way response are recycled may also produce the same behaviour, althrough I can > > 't reproduce the exception. > > I'm not sure I understand what was going on, and I have no access to > bugtraq. I believe the NPE occurred because of an access beyond the > useful lifecycle of the request. > The facade should be set to null when recycling the request, so this is > supposed to take care of the problem. BTW, there's no guarantee that > getRequest will be called just once during the processing of the request. > > I'm -1 on this patch unless you can explain what the bug exactly was, > and how the recycling couldn't properly reset the facade. > I'm not really happy with the patch either. I'll postpone adding my (since it's the second, binding) -1 until you provide a better explaination. > Remy > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org > For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org