RFR: 8255559: Leak File Descriptors Because of ResolverLocalFilesystem#engineResolveURI()

Prajwal Kumaraswamy github.com+70745465+pkumaraswamy at openjdk.java.net
Tue Nov 10 16:10:10 UTC 2020


On Tue, 10 Nov 2020 13:26:01 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> …ineResolveURI().
>> 
>> Actual fix looks like this, due to git diff there are lot  of changes( mostly because of the spaces) being displayed.
>> 
>> --- a/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
>> +++ b/src/share/classes/org/jcp/xml/dsig/internal/dom/DOMReference.java
>> @@ -500,6 +500,7 @@
>>                  }
>>  
>>                  boolean secVal = Utils.secureValidation(context);
>> +                try {
>>                  xi.setSecureValidation(secVal);
>>                  if (context instanceof XMLSignContext && c14n11
>>                      && !xi.isOctetStream() && !xi.isOutputStreamSet()) {
>> @@ -533,6 +534,11 @@
>>                  } else {
>>                      xi.updateOutputStream(os);
>>                  }
>> +                } finally {
>> +                    if(xi.getOctetStreamReal() != null) {
>> +                        xi.getOctetStreamReal().close();
>> +                    }
>> +                }
>>              }
>
> FYI: https://github.com/apache/santuario-xml-security-java/pull/9/files

Thanks Max, I guess there are additional changes in Apache code and will sync our code base with same changes.
I'll make appropriate changes and push it again.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1142



More information about the security-dev mailing list