Bug 32502 - Memory leak in Digest Authentication
Summary: Memory leak in Digest Authentication
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.0.29
Hardware: Macintosh Mac OS X 10.3
: P2 critical (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
Depends on:
Reported: 2004-12-02 23:10 UTC by Chris Sharp
Modified: 2004-12-08 07:48 UTC (History)
0 users

Patch (584 bytes, patch)
2004-12-02 23:19 UTC, Chris Sharp
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Sharp 2004-12-02 23:10:25 UTC
The DigestAuthenticator class contains a small but significant leak. In the generateNOnce method, the 
nOnceValue is inserted into a Hashtable with an expire time. This feature does not appear to be fully 
implemented and as a result the Hashtable "nOnceTokens" will continue to grow un-bounded.

The short term solution to this problem is to remove the Hashtable insert since it isn't apparently being 

Longer term, the host-expireTime-otherState tuple could be encoded in client-opaque nOnceValue and 
used across multiple TC5 instances.
Comment 1 Chris Sharp 2004-12-02 23:19:19 UTC
Created attachment 13633 [details]
Comment 2 Yoav Shapira 2004-12-08 16:48:47 UTC
Fix committed (with additional clean ups) for Tomcat 5.0.31 and 5.5.6.  Thanks 
for pointing this out.