RFR: 8263743: redundant lock in SSLSocketImpl

Jamil Nimeh jnimeh at openjdk.java.net
Thu Mar 25 04:58:37 UTC 2021

On Wed, 17 Mar 2021 17:23:03 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:

> Remove redundant lock in SSLSocketImpl.
> In the SSLSocketImpl, there is a socket level lock while reading application data (see readApplicationRecord). 
>                 socketLock.lock(); 
>                 try { 
>                     plainText = decode(buffer); 
>                 } finally { 
>                     socketLock.unlock(); 
>                 } 
> If an application data read is in progress, other calling to SSLSocket APIs (for example getUseClientMode() in a handshake complete listener) could be blocked if socket level locks are used. 
> No new regression test.  Simple fix, hard to trigger the deadlock.

After reading over the description in the bug I think this looks fine.


Marked as reviewed by jnimeh (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/3053

More information about the security-dev mailing list