RFR: 8303809: Dispose context in SPNEGO NegotiatorImpl

Alexey Bakhtin abakhtin at openjdk.org
Thu Mar 9 16:06:03 UTC 2023


On Wed, 8 Mar 2023 09:05:19 GMT, Alexey Bakhtin <abakhtin at openjdk.org> wrote:

> This patch fixes a possible native memory leak in case of a custom native GSS provider.
> The actual leak was reported in production.
> 
> sun/security/jgss, sun/security/krb5, sun/net/www/protocol/http jtreg tests are passed

Unfortunately, there is no guarantee `NegotiatorImpl::nextToken` will be called. 
At least in both `sun/security/krb5/auto/HttpNegotiateServer.java` and `sun/security/krb5/auto/HttpsCB.java` tests context is not established after the first `initSecContext` and `NegotiatorImpl::nextToken` is not called at all.

-------------

PR: https://git.openjdk.org/jdk/pull/12920


More information about the security-dev mailing list