Bug 64485 - UserDatabase Realm leaks os file descriptors for conf/tomcat-users.xml
Summary: UserDatabase Realm leaks os file descriptors for conf/tomcat-users.xml
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.35
Hardware: PC Linux
: P2 normal (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-06-01 07:47 UTC by Vassili Alibabaev
Modified: 2020-06-01 14:02 UTC (History)
0 users



Attachments
Stacktrace of file open failure when os file descriptors are over (recorded with v9.0.29) (4.74 KB, text/plain)
2020-06-01 07:47 UTC, Vassili Alibabaev
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Vassili Alibabaev 2020-06-01 07:47:38 UTC
Created attachment 37285 [details]
Stacktrace of file open failure when os file descriptors are over (recorded with v9.0.29)

There is a bug in org.apache.catalina.users.MemoryUserDatabase that leaves the os file descriptors in open state.
This is caused by the code line:
https://github.com/apache/tomcat/blob/9.0.35/java/org/apache/catalina/users/MemoryUserDatabase.java#L428

Exact code line is:
this.lastModified = resource.getURI().toURL().openConnection().getLastModified();

The org.apache.tomcat.util.file.ConfigurationSource.Resource is handled properly by the try-with-resources block, but a call to the URI/URL inside this block does not close any opened resources. 
These resources just stay in memory and occupy limited os resources.

There is a similar bug in the OpenJDK:
https://bugs.openjdk.java.net/browse/JDK-6956385

This behavior was introduced in version 9.0.13 and after bugs:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62924
https://bz.apache.org/bugzilla/show_bug.cgi?id=62958

The leaked file handles are usually collected by the GC, but if server has enough memory and stays idle, then too many handles are acquired from the os and there is no more available.
A stacktrace of such failure is in the attachment.

The read time period is 10 seconds by default and one file handle is leaked withing every read of tomcat-users.xml file.
MemoryUserDatabase#watchSource is also true by default and this behavior is enabled in the default conf.

A list of open files can be obtained by cmd:
lsof -K | grep $TOMCAT_PID | grep "tomcat-users.xml" | wc -l

org.apache.tomcat.util.file.ConfigurationSource.Resource#getLastModified() may be voulnerable too.
Please analyze all places where java.net.URL#openConnection() is used
Comment 1 Remy Maucherat 2020-06-01 13:35:17 UTC
I guess it can be improved, but this problem actually doesn't do anything for me, so I never care.
Comment 2 Remy Maucherat 2020-06-01 14:02:34 UTC
The fis will be in 10.0.0-M6 and 9.0.36.