[
https://issues.apache.org/jira/browse/HTTPCLIENT-1938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oleg Kalnichevski updated HTTPCLIENT-1938:
------------------------------------------
Labels: Authentication leak negotiate stuck volunteers-wanted (was:
Authentication leak negotiate)
> OS resources leak in HttpAuthenticator/WindowsNegotiateScheme
> -------------------------------------------------------------
>
> Key: HTTPCLIENT-1938
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1938
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient (Windows)
> Affects Versions: 4.5.3
> Reporter: Marcin Krystianc
> Priority: Major
> Labels: Authentication, leak, negotiate, stuck, volunteers-wanted
>
> I've discovered a resource leak in Http authentication process on Windows,
> when Negotiate method is used. It manifests itself as a slow memory leak in
> {{lsass.exe}} process. Every time a Negotiate authentication is performed a
> handle to client credentials and a handle to security context are leaked.
> The direct reason for it is that {{dispose()}} method from
> {{WindowsNegotiateScheme}} class is never called.
> As far I understand the interaction between {{HttpAuthenticator}} and
> {{WindowsNegotiateScheme}}, it is caused by {{HttpAuthenticator}} not
> processing final authentication header, as it goes directly to the
> {{SUCCESS}} state. Without processing final authentication header,
> {{WindowsNegotiateScheme}} class doesn't have a chance to complete security
> context initialisation. which is the cause for not releasing OS resources.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
