HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809
Wei-Jun Wang
weijun.wang at oracle.com
Fri Oct 20 13:42:44 UTC 2023
Hi Nico,
I've filed a bug at https://bugs.openjdk.org/browse/JDK-8318599. Will look into it.
Thanks,
Max
> On Oct 19, 2023, at 10:39 PM, Nico Williams <Nico.Williams at twosigma.com> wrote:
>
> Also, a colleague informs me that 17.0.5 (as packaged by Debian) w/o `-Djdk.spnego.cache=false` doesn't exhibit the double-free/use-after-free crashes (as expected), but:
>
>> I do see some "Authentication failure" / and "java.lang.NullPointerException: Cannot invoke "sun.net.www.protocol.http.Negotiator.nextToken(byte[])" because "this.negotiator" is null".
>
> That seems to support the idea that the `AuthCache` is harmful.
>
> Nico
> --
>
>
>
More information about the core-libs-dev
mailing list