[security-dev 00227]: Re: NullPointerException at sun.security.ssl.OutputRecord.writeBuffer
Kanatoko
anvil at jumperz.net
Wed Jul 9 14:37:09 UTC 2008
Hi Andrew,
Thank you very much for your reply.
> why the updates is
> necessary?
This causes file descriptor leak, and denial of service as a result, on
long running servers ( As I wrote in [security-dev 00204] ).
Now I am developing some kind of SSL proxy server. But because of this
issue, it can't keep running for long time.
> And what's the use case that the OutputStream 's' would be null?
I'm sorry I don't know.
's' seems to be 'sockOutput' in SSLSocketImpl class. But I don't know
why sometimes it would be null.
Thanks.
--
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
> Hi Kanatoko,
>
> Would you please help on a short description why the updates is
> necessary? And what's the use case that the OutputStream 's' would be null?
>
> Thanks & Regards,
> Andrew
>
> Kanatoko wrote:
> > Here is a patch.
> > This issue is really important to me. Please merge this.
> >
> > *** src/share/classes/sun/security/ssl/OutputRecord_orig.java 2008-07-09 01:54:02.000000000 +0900
> > --- src/share/classes/sun/security/ssl/OutputRecord.java 2008-07-09 01:53:50.000000000 +0900
> > ***************
> > *** 311,316 ****
> > --- 311,317 ----
> > */
> > void writeBuffer(OutputStream s, byte [] buf, int off, int len)
> > throws IOException {
> > + if(s == null) return;
> > s.write(buf, off, len);
> > s.flush();
> >
> >
> >
> >
>
More information about the security-dev
mailing list