Thread leak by LdapLoginModule

Seán Coffey sean.coffey at oracle.com
Thu Jun 11 14:47:13 UTC 2020 

If 8217606 is your issue, then it's fixed in JDK 11.0.8 which is due for 
release in mid July.

regards,
Sean.

On 09/06/2020 22:15, Mkrtchyan, Tigran wrote:
> Hi all,
>
> with Java-11 we have notice a thread leak with ldap module.
> We use LDAP to authenticate users with username+pasword by
> directly calling LdapLoginModule. This was ok with java 7 and
> java 8. With java 11 we see threads getting accumulated. here is a
> test case that demonstrates it:
>
> ```
>
>      private static final String USERNAME_KEY = "javax.security.auth.login.name";
>      private static final String PASSWORD_KEY = "javax.security.auth.login.password";
>
>      String ldapUrl = "ldap://....";
>      String peopleOU = "ou= ... o= ... c=...");
>
>     String user = ...;
>     String pass = ...;
>
>
>      @Test
>      public void threadLeakTest() throws AuthenticationException, NoSuchPrincipalException, LoginException {
>
>          Map<Thread, StackTraceElement[]> threadsBefore = Thread.getAllStackTraces();
>
>          Map<String, Object>  globalLoginOptions = Map.of(
>                  "userProvider", ldapUrl + "/" + peopleOU,
>                  "useSSL", "false",
>                  "userFilter", "(uid={USERNAME})",
>                  "useFirstPass", "true"
>          );
>
>          for (int i = 0; i < 10; i++) {
>
>              Map<String, Object> loginOptions = Map.of(
>                      USERNAME_KEY, user,
>                      PASSWORD_KEY, pass.toCharArray());
>
>              Subject subject = new Subject();
>
>              LdapLoginModule loginModule = new LdapLoginModule();
>              loginModule.initialize(subject, null, loginOptions, globalLoginOptions);
>              loginModule.login();
>              loginModule.commit();
>              loginModule.logout();
>          }
>
>          Map<Thread, StackTraceElement[]> threadsAfter = Thread.getAllStackTraces();
>
>          assertEquals("Thread leak detected",  threadsBefore.size() + 1, threadsAfter.size());
>      }
>
> ```
>
> The thread count difference is always equals to the number of iterations in the loop, e.g. on each call a
> thread is created and stays around. Eventually our server crashes with:
>
> [19497.011s][warning][os,thread] Attempt to protect stack guard pages failed (0x00007fcc4c65c000-0x00007fcc4c660000).
> OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00007fcc4c55b000, 16384, 0) failed; error='Not enough space' (errno=12)
>
> The issue is not observed with java-14, thus I assume that the fix is related to commit
>
> http://hg.openjdk.java.net/jdk/jdk/rev/6717d7e59db4
>
> As java-11 is LTS, what is the procedure to get it fix back-ported?
>
> Regards,
>     Tigran.

More information about the security-dev mailing list