XMLWordPrintableJSON

    Details

      Description

      Overview:
      In May through June of 2016 a static analysis was performed on version 3.0.5 of the Cassandra source code. The analysis included an automated analysis using HP Fortify v4.21 SCA and a manual analysis utilizing SciTools Understand v4. The results of that analysis includes the issue below.

      Issue:
      Sockets are low level resources that must be explicitly released so subsequent callers will have access to previously used sockets. In the file RMIServerSocketFactoryImpl.java on lines 15-16 a socket is acquired and eventually returned to the caller on line 18.

      If an exception is thrown by the code on line 17 the socket acquired on lines 15-16 will not be released for subsequent reuse.

      RMIServerSocketFactoryImpl.java, lines 13-19:

      13 public ServerSocket createServerSocket(final int pPort) throws IOException
      14 {
      15     ServerSocket socket = ServerSocketFactory.getDefault()
      16                                              .createServerSocket(pPort, 0, InetAddress.getLoopbackAddress());
      17     socket.setReuseAddress(true);
      18     return socket;
      19 }
      

        Attachments

        1. 12331-3.0.txt
          2 kB
          Arunkumar M

          Activity

            People

            • Assignee:
              arunkumar Arunkumar M
              Reporter:
              EdAInWestOC Eduardo Aguinaga
              Authors:
              Arunkumar M
              Reviewers:
              Yuki Morishita
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: