[security-dev 00227]: Re: NullPointerException at sun.security.ssl.OutputRecord.writeBuffer

Kanatoko anvil at jumperz.net
Wed Jul 9 07:37:09 PDT 2008


Hi Andrew,
Thank you very much for your reply.

> why the updates is 
> necessary?

This causes file descriptor leak, and denial of service as a result,  on
long running servers ( As I wrote in  [security-dev 00204]  ).

Now I am developing some kind of SSL proxy server. But because of this
issue, it can't keep running for long time. 


> And what's the use case that the OutputStream 's' would be null?

I'm sorry I don't know.
's' seems to be 'sockOutput' in SSLSocketImpl class. But I don't know
why sometimes it would be null.

Thanks.

-- 
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/


> Hi Kanatoko,
> 
> Would you please help on a short description why the updates is 
> necessary? And what's the use case that the OutputStream 's' would be null?
> 
> Thanks & Regards,
> Andrew
> 
> Kanatoko wrote:
> > Here is a patch.
> > This issue is really important to me. Please merge this.
> >
> > *** src/share/classes/sun/security/ssl/OutputRecord_orig.java   2008-07-09 01:54:02.000000000 +0900
> > --- src/share/classes/sun/security/ssl/OutputRecord.java        2008-07-09 01:53:50.000000000 +0900
> > ***************
> > *** 311,316 ****
> > --- 311,317 ----
> >        */
> >       void writeBuffer(OutputStream s, byte [] buf, int off, int len)
> >               throws IOException {
> > +       if(s == null) return;
> >           s.write(buf, off, len);
> >           s.flush();
> >
> >
> >
> >   
> 




More information about the security-dev mailing list