Hi Kanatoko,
I need more time to check why sockOutput comes to null. It is OK to
break if the sockOutput is null just as your patch. However, it is never
expected to be null, so I wanna take more time to dig it further. Could
I ask you help if I need more information?
Thanks,
Andrew
Kanatoko wrote:
Hi Andrew,
Thank you very much for your reply.
why the updates is
necessary?
This causes file descriptor leak, and denial of service as a result, on
long running servers ( As I wrote in [security-dev 00204] ).
Now I am developing some kind of SSL proxy server. But because of this
issue, it can't keep running for long time.
And what's the use case that the OutputStream 's' would be null?
I'm sorry I don't know.
's' seems to be 'sockOutput' in SSLSocketImpl class. But I don't know
why sometimes it would be null.
Thanks.
