jfarcand 2003/06/05 20:03:33
Modified: catalina/src/share/org/apache/coyote/tomcat5
CoyoteRequest.java
Log:
When the SecurityManager is turned on, the facade is never properly garbaged. Bugtraq 48
66915 demonstrates a case where CoyoteRequestFacade is re-used with a request object equ
als to null (the getAttribute throws NPE). The bug also exists in Tomcat 4.1.x. (should
I port the patch?)
Also, the way response are recycled may also produce the same behaviour, althrough I can
't reproduce the exception.
I'm not sure I understand what was going on, and I have no access to bugtraq. I believe the NPE occurred because of an access beyond the useful lifecycle of the request.
The facade should be set to null when recycling the request, so this is supposed to take care of the problem. BTW, there's no guarantee that getRequest will be called just once during the processing of the request.
I'm -1 on this patch unless you can explain what the bug exactly was, and how the recycling couldn't properly reset the facade.
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
