|Summary:||Memory leak in Digest Authentication|
|Product:||Tomcat 5||Reporter:||Chris Sharp <csharp>|
|Component:||Catalina||Assignee:||Tomcat Developers Mailing List <dev>|
|OS:||Mac OS X 10.3|
Description Chris Sharp 2004-12-02 23:10:25 UTC
The DigestAuthenticator class contains a small but significant leak. In the generateNOnce method, the nOnceValue is inserted into a Hashtable with an expire time. This feature does not appear to be fully implemented and as a result the Hashtable "nOnceTokens" will continue to grow un-bounded. The short term solution to this problem is to remove the Hashtable insert since it isn't apparently being used. Longer term, the host-expireTime-otherState tuple could be encoded in client-opaque nOnceValue and used across multiple TC5 instances.
Comment 2 Yoav Shapira 2004-12-08 16:48:47 UTC
Fix committed (with additional clean ups) for Tomcat 5.0.31 and 5.5.6. Thanks for pointing this out.