Details
Normal Description
Overview:
In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.
Issue:
Sockets are low level resources that must be explicitly released so subsequent callers will have access to previously used sockets. In the file DefaultConnectionFactory.java on line 52 a socket is acquired and eventually returned to the caller on line 55.
If an exception is thrown by any of the code between lines 52 and 55 the socket acquired on line 52 will not be released for subsequent reuse.
DefaultConnectionFactory.java, lines 50-73:
50 try 51 { 52 Socket socket = OutboundTcpConnectionPool.newSocket(peer); 53 socket.setSoTimeout(DatabaseDescriptor.getStreamingSocketTimeout()); 54 socket.setKeepAlive(true); 55 return socket; 56 } 57 catch (IOException e) 58 { 59 if (++attempts >= MAX_CONNECT_ATTEMPTS) 60 throw e; 61 62 long waitms = DatabaseDescriptor.getRpcTimeout() * (long)Math.pow(2, attempts); 63 logger.warn("Failed attempt {} to connect to {}. Retrying in {} ms. ({})", attempts, peer, waitms, e); 64 try 65 { 66 Thread.sleep(waitms); 67 } 68 catch (InterruptedException wtf) 69 { 70 throw new IOException("interrupted", wtf); 71 } 72 } 73 }