On Fri, 10 Mar 2023 15:05:16 GMT, Weijun Wang <[email protected]> wrote:
>> This patch fixes a possible native memory leak in case of a custom native
>> GSS provider.
>> The actual leak was reported in production.
>>
>> sun/security/jgss, sun/security/krb5, sun/net/www/protocol/http jtreg tests
>> are passed
>
> src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiatorImpl.java
> line 134:
>
>> 132: } catch(Exception ex) {
>> 133: //dispose context silently
>> 134: }
>
> Why is this cleanup necessary here but not in `nextToken()`? If we don't do
> any cleanup here, will `disposeContext()` be called inside
> `HttpURLConnection`?
GSSContext could be allocated in init() line 97 but fails with Exception in
context.initSecContext(). In this case null Negotiator is returned
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/net/www/protocol/http/Negotiator.java#L71
to NegotiatorAuthenticator:
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java#L224.
So nobody can clean context from HttpURLConnection
-------------
PR: https://git.openjdk.org/jdk/pull/12920
