----- Original Message ----- From: "Remy Maucherat" <[EMAIL PROTECTED]> To: "Tomcat Developers List" <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 11:32 PM Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/coyote/tomcat5 CoyoteRequest.java
> [EMAIL PROTECTED] wrote: > > jfarcand 2003/06/05 20:03:33 > > > > Modified: catalina/src/share/org/apache/coyote/tomcat5 > > CoyoteRequest.java > > Log: > > When the SecurityManager is turned on, the facade is never properly garbaged. Bugtraq 48 > > 66915 demonstrates a case where CoyoteRequestFacade is re-used with a request object equ > > als to null (the getAttribute throws NPE). The bug also exists in Tomcat 4.1.x. (should > > I port the patch?) > > > > Also, the way response are recycled may also produce the same behaviour, althrough I can > > 't reproduce the exception. > > I'm not sure I understand what was going on, and I have no access to > bugtraq. I believe the NPE occurred because of an access beyond the > useful lifecycle of the request. > The facade should be set to null when recycling the request, so this is > supposed to take care of the problem. BTW, there's no guarantee that > getRequest will be called just once during the processing of the request. > > I'm -1 on this patch unless you can explain what the bug exactly was, > and how the recycling couldn't properly reset the facade. > I'm not really happy with the patch either. I'll postpone adding my (since it's the second, binding) -1 until you provide a better explaination. > Remy > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
