P3
Customer hits the problem when using System.getProperty() in one thread if they set the security manager in another thread. Problem happens when the initial security manager is null, customer installs their own security manager and then later reset to original value (which is null).
If customer gets unlucky and sets SecurityManager back to null on one thread during System.getProperty() execution on another thread, it is possible that the following block in System.getProperty() results in NPE:
line 1: if (security != null) {
line 2: security.checkPropertyAccess(key);
line 3: }
If setting security manager back to null (described above) happens between lines 1 and 2, then we get the following NullPointerException:
java.lang.NullPointerException
at java.lang.System.getProperty(System.java:573)
at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.Socket.checkSocks(Socket.java:1396)
at java.net.Socket.setImpl(Socket.java:360)
at java.net.ServerSocket.implAccept(ServerSocket.java:443)
at java.net.ServerSocket.accept(ServerSocket.java:419)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:107)
at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java :377)/
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:550)/
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)/
at java.lang.Thread.run(Thread.java:534)/
This is a real world problem reported by concrete customer.
If customer gets unlucky and sets SecurityManager back to null on one thread during System.getProperty() execution on another thread, it is possible that the following block in System.getProperty() results in NPE:
line 1: if (security != null) {
line 2: security.checkPropertyAccess(key);
line 3: }
If setting security manager back to null (described above) happens between lines 1 and 2, then we get the following NullPointerException:
java.lang.NullPointerException
at java.lang.System.getProperty(System.java:573)
at sun.security.action.GetPropertyAction.run(GetPropertyAction.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.Socket.checkSocks(Socket.java:1396)
at java.net.Socket.setImpl(Socket.java:360)
at java.net.ServerSocket.implAccept(ServerSocket.java:443)
at java.net.ServerSocket.accept(ServerSocket.java:419)
at org.apache.tomcat.util.net.DefaultServerSocketFactory.acceptSocket(DefaultServerSocketFactory.java:107)
at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java :377)/
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:550)/
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)/
at java.lang.Thread.run(Thread.java:534)/
This is a real world problem reported by concrete customer.