Integrated: 8318599: HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809
Michael McMahon
michaelm at openjdk.org
Mon Nov 27 22:47:15 UTC 2023
On Tue, 24 Oct 2023 15:33:34 GMT, Michael McMahon <michaelm at openjdk.org> wrote:
> Hi,
>
> This fix resolves a VM crash issue caused by a memory use after free in JGSS native code. The cause is the `java.net.HttpURLConnection` implementation which is incorrectly caching GSS context objects which end up being used and reused by multiple threads in parallel, and in fact should only be used once, with separate instances for separate requests (requiring authentication). The fix is very simple and is just that the NegotiateAuthentication class needs to be marked as non-cacheable. A test is not included here as it requires testing against real servers that aren't publicly accessible.
>
> Thanks,
> Michael
This pull request has now been integrated.
Changeset: f1a24f6d
Author: Michael McMahon <michaelm at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/f1a24f6d4827f9b8648dd2afe6d606dab67d51fe
Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
8318599: HttpURLConnection cache issues leading to crashes in JGSS w/ native GSS introduced by 8303809
Reviewed-by: dfuchs
-------------
PR: https://git.openjdk.org/jdk/pull/16347
More information about the net-dev
mailing list