RFR: 8303809: Dispose context in SPNEGO NegotiatorImpl
Alexey Bakhtin
abakhtin at openjdk.org
Fri Mar 10 16:14:15 UTC 2023
On Fri, 10 Mar 2023 15:05:16 GMT, Weijun Wang <weijun at openjdk.org> wrote:
>> This patch fixes a possible native memory leak in case of a custom native GSS provider.
>> The actual leak was reported in production.
>>
>> sun/security/jgss, sun/security/krb5, sun/net/www/protocol/http jtreg tests are passed
>
> src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java line 134:
>
>> 132: } catch(Exception ex) {
>> 133: //dispose context silently
>> 134: }
>
> Why is this cleanup necessary here but not in `nextToken()`? If we don't do any cleanup here, will `disposeContext()` be called inside `HttpURLConnection`?
GSSContext could be allocated in init() line 97 but fails with Exception in context.initSecContext(). In this case null Negotiator is returned https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/net/www/protocol/http/Negotiator.java#L71 to NegotiatorAuthenticator: https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java#L224. So nobody can clean context from HttpURLConnection
-------------
PR: https://git.openjdk.org/jdk/pull/12920
More information about the security-dev
mailing list