RFR: 8362268 : NPE thrown from SASL GSSAPI impl when TLS is used with QOP auth-int against Active Directory [v3]
Weibing Xiao
wxiao at openjdk.org
Mon Sep 29 15:13:50 UTC 2025
On Tue, 2 Sep 2025 15:28:00 GMT, Weibing Xiao <wxiao at openjdk.org> wrote:
>> [webrev.zip](https://github.com/user-attachments/files/21517501/webrev.zip)
>> NPE thrown from SASL GSSAPI impl on Java 11+ when TLS is used with QOP auth-int against Active Directory.
>>
>> When the exception is triggered, LDAP Connection will do "clean-up" operation and output stream get flushed and closed the context while GssKrb5Client is still wrapping the message and SaslOuput Stream is writing the content of the buffer; and at the time GSSContext is disposed and it is null. That's the reason to throw NPE.
>>
>> 1) Check if the context is null or not; then wrap the NPE. The change is done in GssKrb5Base.java
>>
>> No test file is attached for this MR since it needs Sasl LDAP server with security setup. Attached webrev for the reference.
>
> Weibing Xiao has updated the pull request incrementally with two additional commits since the last revision:
>
> - remove unused code
> - removed the commented out code
Not quite sure what you like me to check. I confirmed the context was disposed. With my testing code, I got same error as what you got. Certainly there is no more NPE.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26566#issuecomment-3347560177
More information about the security-dev
mailing list