RFR: 8362268 : NPE thrown from SASL GSSAPI impl when TLS is used with QOP auth-int against Active Directory [v4]
Daniel Fuchs
dfuchs at openjdk.org
Mon Oct 13 14:48:06 UTC 2025
On Mon, 13 Oct 2025 14:00:19 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
>> Weibing Xiao has updated the pull request incrementally with one additional commit since the last revision:
>>
>> update the code
>
> src/java.naming/share/classes/com/sun/jndi/ldap/LdapClient.java line 497:
>
>> 495: } catch (IOException ioEx) {
>> 496: //ignore the error;
>> 497: }
>
> [OK - I missed that the cleanup method had been modified to no longer close the socket]
>
> But another issue is that this method attempts to modify the state of the connection without holding the connection lock. This is not good.
One possibility could be to move this code to the connection so that it can participate in the locking.
However - I'm concerned that this proposed fix will reintroduced https://bugs.openjdk.org/browse/JDK-8313657
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/26566#discussion_r2426563973
More information about the security-dev
mailing list