RFR: 8318599: HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809
Daniel Fuchs
dfuchs at openjdk.org
Fri Nov 24 16:09:04 UTC 2023
On Tue, 24 Oct 2023 15:33:34 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
> Hi,
>
> This fix resolves a VM crash issue caused by a memory use after free in JGSS native code. The cause is the `java.net.HttpURLConnection` implementation which is incorrectly caching GSS context objects which end up being used and reused by multiple threads in parallel, and in fact should only be used once, with separate instances for separate requests (requiring authentication). The fix is very simple and is just that the NegotiateAuthentication class needs to be marked as non-cacheable. A test is not included here as it requires testing against real servers that aren't publicly accessible.
>
> Thanks,
> Michael
LGTM
-------------
Marked as reviewed by dfuchs (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/16347#pullrequestreview-1748175929
More information about the net-dev
mailing list