[security-dev 00230]: Re: NullPointerException at sun.security.ssl.OutputRecord.writeBuffer
Kanatoko
anvil at jumperz.net
Wed Jul 9 15:13:47 UTC 2008
Hi Andrew,
> I need more time to check why sockOutput comes to null. It is OK to
> break if the sockOutput is null just as your patch. However, it is never
> expected to be null, so I wanna take more time to dig it further.
OK, I agree with you.
I have my own patched openjdk build and can use this as a workaround.
> Could I ask you help if I need more information?
Yes, of course. I'll keep watching this list.
Thank you very much.
--
Kanatoko<anvil at jumperz.net>
Open Source WebAppFirewall
http://guardian.jumperz.net/
> Hi Kanatoko,
>
> I need more time to check why sockOutput comes to null. It is OK to
> break if the sockOutput is null just as your patch. However, it is never
> expected to be null, so I wanna take more time to dig it further. Could
> I ask you help if I need more information?
>
> Thanks,
> Andrew
>
> Kanatoko wrote:
> > Hi Andrew,
> > Thank you very much for your reply.
> >
> >
> >> why the updates is
> >> necessary?
> >>
> >
> > This causes file descriptor leak, and denial of service as a result, on
> > long running servers ( As I wrote in [security-dev 00204] ).
> >
> > Now I am developing some kind of SSL proxy server. But because of this
> > issue, it can't keep running for long time.
> >
> >
> >
> >> And what's the use case that the OutputStream 's' would be null?
> >>
> >
> > I'm sorry I don't know.
> > 's' seems to be 'sockOutput' in SSLSocketImpl class. But I don't know
> > why sometimes it would be null.
> >
> > Thanks.
> >
> >
>
More information about the security-dev
mailing list