Bug 59926 - ServerCookie memery leak
Summary: ServerCookie memery leak
Status: RESOLVED DUPLICATE of bug 59904
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: unspecified
Hardware: PC Mac OS X 10.1
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-08-02 11:22 UTC by gehui
Modified: 2016-08-02 14:47 UTC (History)
0 users



Attachments
avoid serverCookie memery leak (7.94 KB, patch)
2016-08-02 11:22 UTC, gehui
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description gehui 2016-08-02 11:22:51 UTC
Created attachment 34090 [details]
avoid serverCookie memery leak

i have a test 


GetMethod getMethod = new GetMethod("http://127.0.0.1:8080/");
Header h = new Header();
h.setName("Cookie");
StringBuilder sb=new StringBuilder();
for(int i=0;i<2000;i++){
	sb.append("a=b;");
}
h.setValue(sb.toString());
getMethod.addRequestHeader(h);
nt statusCode = httpClient.executeMethod(getMethod);


there are larger number ServerCookie arrays is cached in heap.

We saw two issues in this case:

1) the size of org.apache.tomcat.util.http.Cookies#scookies array never gets shrunk after recycle,  once it is dynamically resized. 

2) the number of org.apache.tomcat.util.http.ServerCookie object can be dramatically large, which might lead to memory leak. A maxHeaderSize of 8k has limit the number of ServerCookie object to no more than 2k, assuming each cookie is 4 bytes (e.g. 'a=b;'). This may have limited impact for a web application with low concurrency. However, for a heavily concurrent, NIO-based connector, this may have a  huge impact. Suppose a malicious client is sending 2k concurrent request, each sending 2k cookies, at tomcat side there will be 2k * 2k = 4m ServerCookie objects. Since the default maxConnection value is 10k for NIO, there can be at most 20m Server Cookies objects, and cannot be recycled because of 1).



We modify as follows:
1) shrink the org.apache.tomcat.util.http.ServerCookie object array back to its initial size after recycling org.apache.tomcat.util.http.ServerCookies object.

2) add a maxCookieCount configuration to limit the number of cookie to process. When exceeding the limit, throw exception just like the limit of head. The default value of maxCookieCount shall be unlimited to be compatible with current behavior, and configurable via server.xml

3) limit the max size of org.apache.tomcat.util.http.Cookies#serverCookies array. We argue the growing strategy here that the number of ServerCookie object should have an upper limit. for example, if maxHeaderSize is 9k and cookie string is 'a=;b=;...', then the number of ServerCookie object should be no more than 3k, hence the growing from 2k -> 4k will be unnecessary.
Comment 1 Remy Maucherat 2016-08-02 14:47:18 UTC

*** This bug has been marked as a duplicate of bug 59904 ***