Hi Andrew, > I need more time to check why sockOutput comes to null. It is OK to > break if the sockOutput is null just as your patch. However, it is never > expected to be null, so I wanna take more time to dig it further.
OK, I agree with you. I have my own patched openjdk build and can use this as a workaround. > Could I ask you help if I need more information? Yes, of course. I'll keep watching this list. Thank you very much. -- Kanatoko<[EMAIL PROTECTED]> Open Source WebAppFirewall http://guardian.jumperz.net/ > Hi Kanatoko, > > I need more time to check why sockOutput comes to null. It is OK to > break if the sockOutput is null just as your patch. However, it is never > expected to be null, so I wanna take more time to dig it further. Could > I ask you help if I need more information? > > Thanks, > Andrew > > Kanatoko wrote: > > Hi Andrew, > > Thank you very much for your reply. > > > > > >> why the updates is > >> necessary? > >> > > > > This causes file descriptor leak, and denial of service as a result, on > > long running servers ( As I wrote in [security-dev 00204] ). > > > > Now I am developing some kind of SSL proxy server. But because of this > > issue, it can't keep running for long time. > > > > > > > >> And what's the use case that the OutputStream 's' would be null? > >> > > > > I'm sorry I don't know. > > 's' seems to be 'sockOutput' in SSLSocketImpl class. But I don't know > > why sometimes it would be null. > > > > Thanks. > > > > >
