RFR: 8275811 Incorrect instance to dispose
Xue-Lei Andrew Fan
xuelei at openjdk.java.net
Sun Oct 24 05:03:06 UTC 2021
On Fri, 22 Oct 2021 18:45:31 GMT, Xue-Lei Andrew Fan <xuelei at openjdk.org> wrote:
>> The current code that changes cipher suites disposes the new suite instead of the old one, which usually silently fails. This patch fixes the code to dispose the old instance instead.
>>
>> DTLS appears to be unaffected: DTLSOutputRecord keeps 2 ciphers and correctly [disposes the old one](https://github.com/openjdk/jdk/blob/739769c8fc4b496f08a92225a12d07414537b6c0/src/java.base/share/classes/sun/security/ssl/DTLSOutputRecord.java#L106), and DTLSInputRecord [doesn't dispose anything](https://github.com/openjdk/jdk/blob/4b9303b77b43d890ebacbec38b4ac5db7e171886/src/java.base/share/classes/sun/security/ssl/DTLSInputRecord.java#L57)
>
> Did you want to cover the update for line 222 at OutputRecord.java as well?
> After reviewing the scope of changes to fix writeCipher disposal I decided to remove it entirely. It would probably be a nice follow-up enhancement, but I'm not confident I'd implement it correctly on the first try, so I'd rather not introduce it in a bugfix PR. @XueleiFan is that acceptable to you?
>
I'm not sure of the removal. Please hold on the integration, and I will have a further look if I have cycles.
-------------
PR: https://git.openjdk.java.net/jdk/pull/6084
More information about the security-dev
mailing list