[SCM] tomcat6 packaging branch, master, updated. debian/6.0.35-5+nmu1-5-g62b0e7f
tony mancill
tmancill at debian.org
Sat Dec 8 04:38:45 UTC 2012
The following commit has been merged in the master branch:
commit e5fc0f9e0a2c7de0eff3b1f72652d072a52e72d0
Author: tony mancill <tmancill at debian.org>
Date: Thu Dec 6 21:29:46 2012 -0800
patch for CVE-2012-4534
diff --git a/debian/patches/0014-CVE-2012-4534.patch b/debian/patches/0014-CVE-2012-4534.patch
new file mode 100644
index 0000000..fec0610
--- /dev/null
+++ b/debian/patches/0014-CVE-2012-4534.patch
@@ -0,0 +1,75 @@
+Description: Fix high CPU load with SSL, NIO and sendfile when
+ client breaks the connection before reading all the requested data.
+ It is a fix for CVE-2012-4534.
+Origin: upstream, http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/net/NioEndpoint.java?r1=1372035&r2=1372034&pathrev=1372035
+Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=52858
+
+--- a/java/org/apache/tomcat/util/net/NioEndpoint.java
++++ b/java/org/apache/tomcat/util/net/NioEndpoint.java
+@@ -1713,8 +1713,14 @@
+ public boolean processSendfile(SelectionKey sk, KeyAttachment attachment, boolean reg, boolean event) {
+ NioChannel sc = null;
+ try {
+- //unreg(sk,attachment);//only do this if we do process send file on a separate thread
++ unreg(sk, attachment, sk.readyOps());
+ SendfileData sd = attachment.getSendfileData();
++
++ if (log.isTraceEnabled()) {
++ log.trace("Processing send file for: " + sd.fileName);
++ }
++
++ //setup the file channel
+ if ( sd.fchannel == null ) {
+ File f = new File(sd.fileName);
+ if ( !f.exists() ) {
+@@ -1723,10 +1729,14 @@
+ }
+ sd.fchannel = new FileInputStream(f).getChannel();
+ }
++
++ //configure output channel
+ sc = attachment.getChannel();
+ sc.setSendFile(true);
++ //ssl channel is slightly different
+ WritableByteChannel wc =(WritableByteChannel) ((sc instanceof SecureNioChannel)?sc:sc.getIOChannel());
+-
++
++ //we still have data in the buffer
+ if (sc.getOutboundRemaining()>0) {
+ if (sc.flushOutbound()) {
+ attachment.access();
+@@ -1753,15 +1763,13 @@
+ attachment.setSendfileData(null);
+ try {sd.fchannel.close();}catch(Exception ignore){}
+ if ( sd.keepAlive ) {
+- if (reg) {
+- if (log.isDebugEnabled()) {
+- log.debug("Connection is keep alive, registering back for OP_READ");
+- }
+- if (event) {
+- this.add(attachment.getChannel(),SelectionKey.OP_READ);
+- } else {
+- reg(sk,attachment,SelectionKey.OP_READ);
+- }
++ if (log.isDebugEnabled()) {
++ log.debug("Connection is keep alive, registering back for OP_READ");
++ }
++ if (event) {
++ this.add(attachment.getChannel(),SelectionKey.OP_READ);
++ } else {
++ reg(sk,attachment,SelectionKey.OP_READ);
+ }
+ } else {
+ if (log.isDebugEnabled()) {
+@@ -1770,9 +1778,9 @@
+ cancelledKey(sk,SocketStatus.STOP,false);
+ return false;
+ }
+- } else if ( attachment.interestOps() == 0 && reg ) {
++ } else {
+ if (log.isDebugEnabled()) {
+- log.debug("OP_WRITE for sendilfe:"+sd.fileName);
++ log.debug("OP_WRITE for sendfile:" + sd.fileName);
+ }
+ if (event) {
+ add(attachment.getChannel(),SelectionKey.OP_WRITE);
diff --git a/debian/patches/series b/debian/patches/series
index fd7d743..b8bf1ac 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@
0011-CVE-2012-0022-regression-fix.patch
cve-2012-2733.patch
cve-2012-3439.patch
+0014-CVE-2012-4534.patch
--
tomcat6 packaging
More information about the pkg-java-commits
mailing list