On operating systems where /dev/urandom exists, org.apache.catalina.session.ManagerBase will use it as a source of data for getRandomBytes(). If you stop a context or undeploy a host, the number of file descriptors that have /dev/urandom open tomcat remains constant. For example, if you use the manager application to stop or undeploy a context, the number of file descriptors to /dev/urandom is the same as before the stop. File descriptor use is determined by using lsof or examining the /proc/<pid>/fd directory on Linux. The same issue is seen if you undeploy a virtual host. If you undeploy/deploy a context, or remove/add a virtual host, the # of file descriptors to /dev/urandom will increase each time. This is because ManagerBase does not close the DataInputStream it holds to /dev/urandom. The patch shown below resolves this issue. Stopping a context, or undeploying a virtual host will close the session manager's reference to /dev/urandom. --- apache-tomcat-5.5.28-src/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java 2009-07-24 13:35:00.000000000 -0600 +++ apache-tomcat-5.5.28-gls/container/catalina/src/share/org/apache/catalina/session/ManagerBase.java 2009-08-20 13:38:03.000000000 -0600 @@ -688,10 +688,17 @@ } public void destroy() { if( oname != null ) Registry.getRegistry(null, null).unregisterComponent(oname); + if (randomIS!=null) { + try { + randomIS.close(); + } catch (IOException ioe) { + } + randomIS=null; + } initialized=false; oname = null; // Don't clear log since it is required in case attributes are changed // (eg via JMX) whilst the manager is stopped. }
This issue also applies to Tomcat 6.0.20.
Many thanks for the patch. It has been applied to trunk and proposed for 6.0.x and 5.5.x
The patch has been applied to 6.0.x and will be included in 6.0.21 onwards.
The patch was applied to 5.5, will be in 5.5.29 onwards. Thank you.