RFR: 8303809: Dispose context in SPNEGO NegotiatorImpl
Weijun Wang
weijun at openjdk.org
Wed Mar 8 22:51:16 UTC 2023
On Wed, 8 Mar 2023 09:05:19 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:
> This patch fixes a possible native memory leak in case of a custom native GSS provider.
> The actual leak was reported in production.
>
> sun/security/jgss, sun/security/krb5, sun/net/www/protocol/http jtreg tests are passed
My 2 cents: I think the change to `HttpURLConnection` and `AuthenticationInfo` is unnecessarily big. If you only care about the releasing of the `GSSContext`, how about add a check inside `NegotiatorImpl` after `initSecContext` is called? Once the `isEstablished` flag returns true the `GSSContext` is no more useful and we can dispose it.
This might not be perfect, for example, if the context is not established yet but for some reason the `nextToken` method is not called. In that case, I hope the cleaner can take care of the cleanup, sooner or later.
-------------
PR: https://git.openjdk.org/jdk/pull/12920
More information about the security-dev
mailing list