RFR: 8318599: HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809
Michael McMahon
michaelm at openjdk.org
Fri Nov 24 15:20:14 UTC 2023
Hi,
This fix resolves a VM crash issue caused by a memory use after free in JGSS native code. The cause is the `java.net.HttpURLConnection` implementation which is incorrectly caching GSS context objects which end up being used and reused by multiple threads in parallel, and in fact should only be used once, with separate instances for separate requests (requiring authentication). The fix is very simple and is just that the NegotiateAuthentication class needs to be marked as non-cacheable. A test is not included here as it requires testing against real servers that aren't publicly accessible.
Thanks,
Michael
-------------
Commit messages:
- Merge branch 'master' into NEGO
- Merge branch 'master' into NEGO
- removed comment
- Fix. Test case to come
Changes: https://git.openjdk.org/jdk/pull/16347/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=16347&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8318599
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/16347.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/16347/head:pull/16347
PR: https://git.openjdk.org/jdk/pull/16347
More information about the net-dev
mailing list